You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by bruce <be...@earthlink.net> on 2005/05/03 00:13:38 UTC
[users@httpd] redirection from within apache....
hi...
i have a situation where i have a few websites that i'm playing around with.
i'd like the sites to be on separate apache servers/boxes. i'd also like the
sites to use port 80. my router allows port forwarding, but i have no way of
aplitting port 80 between multiple boxes/servers.
i thought i could simply allow port 80 to be passed to each server, and that
each server would pull the site information it needs.. umm nope, didn't
work!!
so, is there a way that i can essentially pass all sites to one
webserver/box, and allow it to in turn redirect the sites to the appropriate
box/server...
what's the best approach for this kind of situation?
thoughts/suggestions/ideas/pointers/etc...
thanks
bruce
bedouglas@earthlink.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: redirection from within apache....
Posted by "Eric S. Johansson" <es...@harvee.org>.
Nick Kew wrote:
...
> What documentation did you follow in setting it up?
the docs on apache.org
> I don't think I've seen any documentation that fails to make it clear
> you should turn ProxyRequests Off, for precisely that reason. Are
> you sure you didn't just provide some classic buggy CGI or PHP
> spam-nest?
I no longer have the configuration unfortunately so I would show you
what I had done. But I believe that proxy requests were turned off but
something caused the acl's limiting the inbound proxy to my machines to
fail. As a result it would proxy to anything with any port number
including 25. I even ran two different proxy test against it and they
did not find any problems.
as for the CGI/PHP problems, that machine was only an inbound proxy for
SMTP and http. I had stripped off all unnecessary items including PHP.
this experience highlights one of the really annoying things about
Apache. It fails and either doesn't tell you or gives you error
messages which are mostly useless. I recently spent a fair amount of
time tracking down an extra w in a <directory> definition. One would
think that this would be fairly easy to report accurately and in a way
that makes it easy for the user to comprehend the problem. all I got
was "client denied by server configuration" error message. The lesson
here should be the user interfaces do not stop at the GUI or command
line but continue into the error logs.
bringing it back to the proxy issue, it took me a fair amount of time to
make the Apache proxy work whereas I made pound work in under an hour
and it fails safe. Apache is a good heavyweight server. A proxy is a
dedicated narrow focus task that should be made as easy to do right as
possible so that unfortunate problems won't occur.
this is yet another lesson. The Apache documentation is filled with
admonishments to add extra things to your configuration to enhance
security. Why? Why not failsafe and make the administrator explicitly
enable functionality.
I know I'm being very critical but it's only from scar tissue I've
acquired over the years. I know these problems can be fixed because
they are well-known as are their solutions. It just takes commitment
and funding to make it so.
---eric
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: redirection from within apache....
Posted by Nick Kew <ni...@webthing.com>.
Eric S. Johansson wrote:
> be aware that this form of reverse proxy can fail open extremely easily
> and there is no way to detect it.
Erm, what on Earth are you talking about?
I provided a gateway for spammers for
> a few days because of this tool.
What documentation did you follow in setting it up? I don't think I've
seen any documentation that fails to make it clear you should turn
ProxyRequests Off, for precisely that reason. Are you sure you didn't
just provide some classic buggy CGI or PHP spam-nest?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: redirection from within apache....
Posted by "Eric S. Johansson" <es...@harvee.org>.
Patrick Donker wrote:
> bruce wrote:
>
>> hi...
>>
>> i have a situation where i have a few websites that i'm playing around
>> with.
>> i'd like the sites to be on separate apache servers/boxes. i'd also
>> like the
>> sites to use port 80. my router allows port forwarding, but i have no
>> way of
>> aplitting port 80 between multiple boxes/servers.
>>
>> i thought i could simply allow port 80 to be passed to each server,
>> and that
>> each server would pull the site information it needs.. umm nope, didn't
>> work!!
>>
>> so, is there a way that i can essentially pass all sites to one
>> webserver/box, and allow it to in turn redirect the sites to the
>> appropriate
>> box/server...
>>
>> what's the best approach for this kind of situation?
>>
>> thoughts/suggestions/ideas/pointers/etc...
>>
>>
> What you need is reverse-proxy
> http://httpd.apache.org/docs-2.0/urlmapping.html#proxy
>
> Good luck!
>
be aware that this form of reverse proxy can fail open extremely easily
and there is no way to detect it. I provided a gateway for spammers for
a few days because of this tool. As a result, I now use pound which
failsafe. save yourself some heartache and a significant amount of
work: http://www.apsis.ch/pound/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirection from within apache....
Posted by Patrick Donker <li...@webpagina.nu>.
bruce wrote:
>hi...
>
>i have a situation where i have a few websites that i'm playing around with.
>i'd like the sites to be on separate apache servers/boxes. i'd also like the
>sites to use port 80. my router allows port forwarding, but i have no way of
>aplitting port 80 between multiple boxes/servers.
>
>i thought i could simply allow port 80 to be passed to each server, and that
>each server would pull the site information it needs.. umm nope, didn't
>work!!
>
>so, is there a way that i can essentially pass all sites to one
>webserver/box, and allow it to in turn redirect the sites to the appropriate
>box/server...
>
>what's the best approach for this kind of situation?
>
>thoughts/suggestions/ideas/pointers/etc...
>
>
What you need is reverse-proxy
http://httpd.apache.org/docs-2.0/urlmapping.html#proxy
Good luck!
-Patrick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org