|
09-01-2005, 01:19 PM
|
#1 (permalink) |
|
Crazy
|
[Apache] Virtual Hosting question
Ok.....so here's one for the Apache gurus out there.
The company I work for has a webserver hosting a website at a publicly available IP address, and they also have an intranet that they want to hook up to the same server, but the intranet is only to be accessible by internal employees. Now, the machine itself has one network interface on a 192.168.*.* address. The public IP address is further up the network on our subnet and redirects the http query to the webserver. Now, I was thinking that to set up the intranet properly, I would modify the Apache config to create a virtual host for the internal 192.168.*.* address that pointed to the directory containing the intranet files. That way, employees could access it only if they were on the inside of the network because they wouldn't be able to get to that IP address otherwise. Unfortunately, I do not know how to do this, or if it's even possible. I've gone through the virtual hosting documentation that Apache provides, but can't find any config setup that exactly matches what I'm trying to do. Anybody have any ideas?
__________________
This space not for rent. |
|
|
09-02-2005, 09:27 AM
|
#2 (permalink) |
|
Crazy
Location: Salt Town, UT
|
How virtual hosting works is that the browser, when it sends a request for a page, also sends down a host header, to say what host it is attempting to request from.
This makes it so that when you type in "http://www.tfproject.org/index.html" the request looks like this: GET /index.html HTTP/1.1 Host: www.tfproject.org (lots of other stuff, browser dependant, and cache-dependant) Now, if there is a way to connect to the intranet server from the outside world, there is a way to pass the 192.168.x.x IP address in as the hostname it is looking for. Even though the external IP is mapped to "www.mycompany.com", someone could connect directly to port 80 and issue a custom "Host: 192.168.x.x" header, and get your intranet site. I would say that this would be pretty improbable, but it is possible. Now, if you setup a different IP address for your intranet server, you can make virtual hosts that listen on IP addresses, and that pay no attention to the "Host:" header, but you would have to use a different internal IP address for the intranet site than the IP address that the external IP is mapped to. My suggestion is to make it a password-protected site that is availible to the outside world, then users can connect to the intranet from home if they need to. (but that is just my suggestion, and requires some heavy security to make it work well.) |
|
|
|
09-03-2005, 09:56 AM
|
#3 (permalink) |
|
Crazy
|
Hmm......the login idea certainly is possible.
The current setup is that users connect to the business network's VPN, and from that point on any outgoing network queries look like they originate from the business. After the VPN connect, wouldn't it be possbile to access the 192.168.*.* address?
__________________
This space not for rent. |
|
|
|
09-06-2005, 09:44 AM
|
#6 (permalink) |
|
Crazy
Location: Salt Town, UT
|
The tag should look pretty close to this:
<VirtualHost 192.168.1.1> ServerName intranet.mycompany.com DocumentRoot /home/intranet/ </VirtualHost> It's been a while since I did normal VirtualHosts, and not name based ones, so I believe you also have to put a Listen 192.168.x.x in the main section of your apache config file. |
|
|
| Tags |
| apache, hosting, question, virtual |
|
|
![[Apache] Virtual Hosting question](/tfp/iconimages/tilted-technology/apache-virtual-hosting-question_ltr.gif)
