SLUG Mailing List Archives - Re: [SLUG] allowing controlled access from dynamic IP

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] allowing controlled access from dynamic IP
From: Mary Gardiner <mary@xxxxxxxxxxxx>
Date: Thu, 12 Jun 2008 08:14:07 +1000
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

On Thu, Jun 12, 2008, Voytek Eymont wrote:
> but, 'http://localhost:8888' opens the 'real' host's default 'this is
> apache' page, (and, '/cacti/' won't work from there); howe can I get to
> vhost page where '/cacti/' is setup ?
> 
> I've tried using real.host:8888 and v.host:8888 so far with no siccess

The web server wants the browser to send a request for the correct host
name. One way to get it to do this is to alter your steps:

 1. set up an SSH tunnel with the -D flag instead of -L, in order to set
    up a SOCKS proxy

 2. instead of connecting directly to localhost:port, you set your
    browser to find a SOCKS proxy there (Firefox has settings for this
    among the standard proxy settings)

 3. connect to the normal URL of the website

This is starting to get to be quite an annoying set of steps though and
you need to remember to turn the proxy back off unless you want all your
web traffic going that way.

Info from
http://ubuntu.wordpress.com/2006/12/08/ssh-tunnel-socks-proxy-forwarding-secure-browsing/

With regard to the original problem with Apache, you may be falling foul
of Allow wanting forward and reverse lookups on your IP address to
match: http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow (that
is, doing a lookup on your IP address does not return your dyndns.org
address, nor is there any way to configure it to via most ISPs,
especially those assigning dynamic addresses).

A couple of alternative solutions to think about:

 1. depending on the security of the relevant site, allow a partial
    match which will match every client of your ISP, eg
    .(nsw.)bigpond.net.au will match BigPond customers and .exetel.com.au
    will match Exetel customers. Do a reverse lookup on your IP to find
    out what this string is likely to be.

 2. switch to opening the site to the world but restricting access with
    HTTP Auth: http://httpd.apache.org/docs/2.0/mod/mod_auth.html

    SSL may then be a good idea too.

-Mary

-Mary

Follow-Ups:
- Re: [SLUG] allowing controlled access from dynamic IP
  - From: Dave Kempe

References:
- [SLUG] allowing controlled access from dynamic IP
  - From: Voytek Eymont
- Re: [SLUG] allowing controlled access from dynamic IP
  - From: Michael Chesterton
- Re: [SLUG] allowing controlled access from dynamic IP
  - From: Voytek Eymont
- Re: [SLUG] allowing controlled access from dynamic IP
  - From: Michael Chesterton
- Re: [SLUG] allowing controlled access from dynamic IP
  - From: Voytek Eymont

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] allowing controlled access from dynamic IP
Next by Date: [SLUG] Re: Digital Music and video editing
Previous by thread: Re: [SLUG] allowing controlled access from dynamic IP
Next by thread: Re: [SLUG] allowing controlled access from dynamic IP