httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Gormley" <rob...@seabreeze.asn.au>
Subject RE: [users@httpd] Virtual Host / Firewall Configuration
Date Thu, 15 May 2003 01:42:32 GMT
It is with a red face that I must reply.

I had symlinked the conf file, and the editor I used rewrote the symlink
with a new copy of the conf when saving, so I couldn't see any change
and was getting confused.

Now, I have explicitly specified the NameVirtualHosts, not wanting to
use * (Well, not wanting a default site)... and all is working well..

Thank you Jeff, for your assistance, and my apologies for wasting your
time!

Robert

-----Original Message-----
From: Jeff Cohen [mailto:support@gej-it.com] 
Sent: Thursday, 15 May 2003 10:56 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Virtual Host / Firewall Configuration

Well, the problem is not in the external IP address not being
recognized,
the problem by what you are saying is that the PIX does not forward the
host
headers information.
Check the PIX for such configuration, I'm running Vhosts on IIS behind
PIX
and it's working, I am planning to move all the Vhosts and the servers
to
Apache on Linux though.
I see no other reason that this should not work.
Have you tried doing:
NameVirtualHost *

<VirtualHost *>
ServerName www.domain.com
DocumentRoot /usr/path
...
</VirtualHost>


All the best,
Jeff Cohen
Jeff@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!

> -----Original Message-----
> From: Robert Gormley [mailto:robert@seabreeze.asn.au]
> Sent: Wednesday, May 14, 2003 8:35 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Virtual Host / Firewall Configuration
> 
> There's just one external IP, and there's a 1-to-1 correlation (I
can't
> possibly imagine why it's NATted, other than someone's uninformed
> attempt to make the system multihomed.
> 
> To clarify, one external IP, a.b.c.d, one internal IP, 192.168.1.1,
it's
> just that the system has no knowledge or concept of its external IP
> address.
> 
> Thanks,
> 
> Robert
> 
> -----Original Message-----
> From: Jeff Cohen [mailto:support@gej-it.com]
> Sent: Thursday, 15 May 2003 10:28 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Virtual Host / Firewall Configuration
> 
> How many external IPs do you have?
> 
> Jeff Cohen
> Jeff@GEJ-IT.com
> Tel. (416) 917-2324
> www.GEJ-IT.com
> GEJ-IT Networks!
> 
> > -----Original Message-----
> > From: Robert Gormley [mailto:robert@seabreeze.asn.au]
> > Sent: Wednesday, May 14, 2003 8:11 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Virtual Host / Firewall Configuration
> >
> > Hi,
> >
> > I have an issue that is causing me no end of headache.
> >
> > An Apache server (192.168.1.1) sitting behind a PIX firewall. The
PIX
> > firewall takes requests for the external IP address of the server
> > (a.b.c.d) and NAT translates them. By this method, the server has no
> > idea of its external IP address (although it is static and used only
> for
> > it). I don't have any able to change this in the firewall (well, not
> > administratively).
> >
> > My issue is that the server gets confused. Any virtual host which is
> > referenced by an internal DNS entry - pointing to 192.168.1.1 works
> > fine, with the appropriate site displayed, however, any external
user
> > gets the first internal site listed, regardless of which external
site
> > was requested. I believe this might be because of the NAT
> translation(?)
> > causing Apache to think it's getting requests for the internal IP.
> >
> > So I tried something else in my httpd.conf:
> >
> > NameVirtualHost 192.168.1.1
> > NameVirtualHost a.b.c.d
> >
> > <VirtualHost 192.168.1.1>
> > 	...
> > 	ServerName internal.site.a
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost 192.168.1.1
> > 	...
> > 	ServerName internal.site.b
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost a.b.c.d>
> > 	...
> > 	ServerName external.site.a
> > 	...
> > </VirtualHost>
> >
> > <VirtualHost a.b.c.d>
> > 	...
> > 	ServerName external.site.b
> > 	...
> > </VirtualHost>
> >
> >
> > And still, the same. Internal Sites A and B work for internal users,
> as
> > expected, but any request for External Site A or B from an external
> user
> > (due to the firewall, internal users cannot request 'external
sites'),
> > is responded to with Internal Site A.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Robert
> >
> >
> >
> >
> >
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message