Display web content from a secured device on an Intranet site?
October 20, 2006 9:20 AM   Subscribe

Display web content from a secured device on an Intranet site?

My company uses a Barracuda Spam Firewall to control our spam. For those who don't know, it's basically a small linux box that is configured and managed through a web browser. After you log into the web interface you are taken to the main screen listing spam statistics with colorful graphs. My boss would like to make those statistics and graphs available on our Intranet (because bosses love statistics and colorful graphs). Not daily or weekly updates but with the Intranet page pulling live content from Barracuda. I've seen similar things done with content from public sites like Weather Bug (so I know it's technically possible), but is this possible if the content requires a password?
posted by bda1972 to Computers & Internet (6 answers total)
 
It's certainly possible, since your Web browser is pulling the content from the firewall appliance using standard protocols, to write a script that pretends to be a Web browser and requests the same content after "logging in" to the firewall's Web server. The trick will be figuring out how the firewall's Web server is handling authentication so your script can emulate either cookies or HTTP Basic Auth; this gets pretty technical. If your intranet can run Perl CGI scripts, look at the Perl module WWW::Mechanize.
posted by nicwolff at 9:43 AM on October 20, 2006


Depending on the authentication used, you may be able get away with something simple like
<iframe src="http://username:password@barracude.ip.address" />

and tweak from there.

This opens gigantic security holes, but it's QnD
*
posted by unixrat at 10:13 AM on October 20, 2006


Unless there's something unusually awkward about the firewall or your intranet server, any competent server-side developer will be able to pull the content across with a little scripting. Just bear in mind that having a copy of your firewall password sat somewhere in the intranet isn't going to improve your network security.
posted by malevolent at 10:14 AM on October 20, 2006


Response by poster: any competent server-side developer will be able to pull the content across with a little scripting

I'm afraid we're fresh out of those. I'm no programmer by any stretch of the imagination. To clearify, this falls into the category of "wouldn't it be neat if we could...", not "go out and hire somebody". And I agree about the security concerns. Having the Barracuda admin password in plain text anywhere is not an option. I would prefer not to even have a hash of the password available.

After giving it some more thought, I suppose another option would be to just grab the stats a several times a day and move them to an Intranet page. If it makes this task easier, it would be better than nothing.
posted by bda1972 at 10:46 AM on October 20, 2006


Best answer: Another approach to investigate: can the Barracuda save its log files to the network? If so, you could use a log analysis tool to then process and display the stats (this one seems to support Barracuda Spam Firewall log files).
posted by malevolent at 11:11 AM on October 20, 2006


Response by poster: Thanks malevolent, that's a great idea! I never even considered that option. This would probably even give me some more options of how to display the data (and what data to display) instead of just copying Barracuda's graphs.
posted by bda1972 at 5:55 PM on October 20, 2006


« Older What would you give someone who just got a banjo?   |   Chicago pub quiz Newer »
This thread is closed to new comments.


Tags

Share