You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by bruce <be...@earthlink.net> on 2008/07/10 20:47:44 UTC

[users@httpd] redirecting when behind a firewall

Hi..

Got a bit of an issue here, that I can't seem to resolve.

I have a test domain on a dynamic service (dyndns.org). the test domain is
foo.gotdns.com, which i have pointing to my external cable/dsl address.
Here's my issue, I would really like to be able to have the external user be
able to see multiple websites which might be sitting on different physical
machines/apache servers within my network.

Behind the modem, I have a firewall which is set up to port-forward the
traffic to a machine with my network. So, for my example, the machine is dog
(192.168.1.52), and the "foo.gotdns.com" would point to the app on the
machine, based on the vhost setup in the dog httpd.conf file.

However, I would also like to have multiple external test sites/domains,
each of which might point back to sites on different internal servers. The
forwarding capability of the router only allows for all wan * (addresses) to
be forwarded to a given internal machine. At the same time, the
external/internal ports have to match.

So i don't have the ability to do something like "forward foo.gotdns.com to
machine1, and forward foo2.gotdns.com to machine2" which is exactly what i'm
trying to accomplish!!

I've been looking into using vhosts, and the redirect functionaility, but I
can't seem to get it to work, using the external domain name.

So. i'm trying to:
 -be able to access multiple test sites, on multiple servers
  from a browser external to my network
 -be able to access the same sites, from inside my network, using
  the local/internal namespace
 -be able to access the same sites, from inside my network, using
  the external namespace (testing purposes)

I've looked high/low for how to accomplish this with no real luck.

thanks

ps. I've seen others who've been looking for similar solutions, so this
would definitely help.

ps. I'm able to do a redirect from one server to another, if I restrict to
using internal addresses. Just can't get the external stuff to work..





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting when behind a firewall

Posted by Krist van Besien <kr...@gmail.com>.

On Thu, Jul 10, 2008 at 20:47, bruce <be...@earthlink.net> wrote:

> So i don't have the ability to do something like "forward foo.gotdns.com to
> machine1, and forward foo2.gotdns.com to machine2" which is exactly what i'm
> trying to accomplish!!
>
> I've been looking into using vhosts, and the redirect functionaility, but I
> can't seem to get it to work, using the external domain name.

You can't do this with redirect. Redirect basically tells a browser
"what you are looking here isn't here, but there on this other host",
and then the browser will start a new request to the host. So you can
only do redirects to hosts the client can see. As the client can see
only one host behind your firewall this doesn't work.

However, you can achieve what you want in a different way, through
"reverse proxying".

You configure your firewall to redirect all port 80 traffic to one
machine, and on that machine you have two virtual hosts:

NameVirtualHost *:80
<VirtualHost *:80>
Servername foo.gotdns.com
ProxyPass / http://machine1/
ProxyPassReverse / http://machine1/
</VirtualHost>

<VirtualHost *:80>
Servername foo2.gotdns.com
ProxyPass / http://machine2/
ProxyPassReverse / http://machine2/
</VirtualHost>

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org