You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "ExpoShare.com" <ex...@gmail.com> on 2004/08/31 19:21:08 UTC

[users@httpd] Apache Newbie question: Securing proxied ports

Howdy,

I'm using Apache 1.3.29 and I am using it to host named virtual hosts
on port 80 as well as proxy content under a separate server name from
port 2500...I've set up authentication to the proxy gateway URL:

http://subdomain.domain.com/

But I can't seem to figure out a way of using Apache to restrict
access if a user simply uses URLs to port 2500 like this:

http://domain.com:2500/
http://www.domain.com:2500/

The server running on port 2500 is not Apache (it is Webrick...a ruby
httpd server)...Is it
even possible to use Apache to completely restrict direct access to
port 2500, or should
I be securing the port in some other way (like iptables???).

Thanks,

Ryan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache Newbie question: Securing proxied ports

Posted by Joshua Slive <js...@gmail.com>.

On Tue, 31 Aug 2004 10:21:08 -0700, ExpoShare.com <ex...@gmail.com> wrote:
> Howdy,
> 
> I'm using Apache 1.3.29 and I am using it to host named virtual hosts
> on port 80 as well as proxy content under a separate server name from
> port 2500...I've set up authentication to the proxy gateway URL:
> 
> http://subdomain.domain.com/
> 
> But I can't seem to figure out a way of using Apache to restrict
> access if a user simply uses URLs to port 2500 like this:
> 
> http://domain.com:2500/
> http://www.domain.com:2500/
> 
> The server running on port 2500 is not Apache (it is Webrick...a ruby
> httpd server)...Is it
> even possible to use Apache to completely restrict direct access to
> port 2500, or should
> I be securing the port in some other way (like iptables???).

[Interesting, gmail throught this was spam even though it comes from gmail.]

No, apache can't do this restriction.  In your scenario, apache has no
control whatsoever over port 2500.  It is only controlling port 80.

You should control port 2500 either through Webrick, or by using your
OS firewall.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org