[Linux] Apache and security questions

Steven Benmosh linux@flux.org
Wed, 9 Jan 2008 20:44:36 -0600 

------=_Part_14191_1166887.1199933076539
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

1. No, the ServerAlias was not it - I removed the second one and nothing
happened differently. Besides, I think in such a case Apache would use the
first one that matches the criteria, and even if it used them at random (not
a good thing, I agree), it should not have given an error message.

I fixed the problem by going to my dns provider and including another record
for gps.words2u.net pointing to my IP address. After that, I get the right
path and no error message. I guess I need to point every subdomain to my
server's IP address, and then it is ok.

2. Regarding security, I use a linksys wrt45g (not gl). I looked up the
wrt45gl, it seemed very similar, but with better specs - I am not sure how
it could have 3 nics on it. On my wrt45g it recommends to use port
forwarding and not DMZ, because DMZ open all ports to the server, which is
still on the same network as the rest of the computers, while port
forwarding limits the open ports.

Z.

message is: Server not found

Firefox can't find the server at dust.words2u.net.
    *   Check the address for typing errors such as
          ww.example.com instead of
          www.example.com



On Jan 9, 2008 6:44 AM, Lawrence Kagan <me@larrykagan.com > wrote:

> Could be that you have the same ServerAlias for both Virtual Hosts.
>
> On Jan 8, 2008, at 11:16 PM, Steven Benmosh wrote:
>
> Ok, by now you know I am trying to set up a new web site. I have two
> questions.
>
> 1. Here is my sites-available default file:
> ...
> default file that comes with the server
> ...
>
> <VirtualHost *>
>         ServerAdmin admin@words2u.net
>         ServerName www.words2u.net
>         ServerAlias words2u.net
>         DocumentRoot /home/words2u
> </VirtualHost>
>
> <VirtualHost *>
>         ServerAdmin admin@words2u.net
>         ServerName gpx.words2u.net
>         ServerAlias words2u.net
>         DocumentRoot /home/words2u/gpxwiki
> </VirtualHost>
>
> When I use www.words2u.net or words2u.net , I get the correct page. When I
> use the IP address, I get /var/www default page, as expected. But when I run
> gpx.words2u.net, I get an error message.
>
> Where am I going wrong? Do I have to run my own dns server to enable urls
> other than www.words2u.net and words2u.net?
>
> 2.Security
>
> What is the best way to isolate my net server from the other computers in
> my network, so if/when someone breaks in, the rest of the network is safe?
> Use firewall on each computer to block access to the web server? Any other
> idea?
>
> Thanks.
>
> Z.
>
> --
> Check out my web site - www.words2u.net
>
>
>


-- 
Check out my web site - www.words2u.net

------=_Part_14191_1166887.1199933076539
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

1. No, the ServerAlias was not it - I removed the second one and nothing happened differently. Besides, I think in such a case Apache would use the first one that matches the criteria, and even if it used them at random (not a good thing, I agree), it should not have given an error message.
<br><br>I fixed the problem by going to my dns provider and including another record for <a href="http://gps.words2u.net">gps.words2u.net</a> pointing to my IP address. After that, I get the right path and no error message. I guess I need to point every subdomain to my server&#39;s IP address, and then it is ok.
<br><br>2. Regarding security, I use a linksys wrt45g (not gl). I looked up the wrt45gl, it seemed very similar, but with better specs - I am not sure how it could have 3 nics on it. On my wrt45g it recommends to use port forwarding and not DMZ, because DMZ open all ports to the server, which is still on the same network as the rest of the computers, while port forwarding limits the open ports.
<br><br>Z.<br><br>message is: Server not found<br><br>Firefox can&#39;t find the server at <a href="http://dust.words2u.net" target="_blank">dust.words2u.net</a>.<br>&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp; Check the address for typing errors such as<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="http://ww.example.com" target="_blank">
ww.example.com</a> instead of<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="http://www.example.com" target="_blank">www.example.com</a><br><br><br><br><div class="gmail_quote">On Jan 9, 2008 6:44 AM, Lawrence Kagan &lt;<a href="mailto:me@larrykagan.com" target="_blank">
me@larrykagan.com
</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Could be that you have the same ServerAlias for both Virtual Hosts.
<div><div></div><div><div><br><div><div>On Jan 8, 2008, at 11:16 PM, Steven Benmosh wrote:</div><br><blockquote type="cite">Ok, by now you know I am trying to set up a new web site. I have two questions.<br>
<br>1. Here is my sites-available default file:<br>...<br>default file that comes with the server<br>...<br><br>&lt;VirtualHost *&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerAdmin <a href="mailto:admin@words2u.net" target="_blank">admin@words2u.net
</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerName <a href="http://www.words2u.net" target="_blank">www.words2u.net</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerAlias <a href="http://words2u.net" target="_blank">words2u.net</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DocumentRoot /home/words2u <br>

&lt;/VirtualHost&gt;<br><br>&lt;VirtualHost *&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerAdmin <a href="mailto:admin@words2u.net" target="_blank">admin@words2u.net</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerName <a href="http://gpx.words2u.net" target="_blank">gpx.words2u.net
</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ServerAlias <a href="http://words2u.net" target="_blank">words2u.net</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DocumentRoot /home/words2u/gpxwiki<br>&lt;/VirtualHost&gt;<br><br>When I use <a href="http://www.words2u.net" target="_blank">

www.words2u.net</a> or <a href="http://words2u.net" target="_blank">words2u.net </a>, I get the correct page. When I use the IP address, I get /var/www default page, as expected. But when I run <a href="http://gpx.words2u.net" target="_blank">

gpx.words2u.net</a>, I get an error message. <br><br>Where am I going wrong? Do I have to run my own dns server to enable urls other than <a href="http://www.words2u.net" target="_blank">www.words2u.net</a> and <a href="http://words2u.net" target="_blank">

words2u.net</a>?<br><br>2.Security<br><br>What is the best way to isolate my net server from the other computers in my network, so if/when someone breaks in, the rest of the network is safe? Use firewall on each computer to block access to the web server? Any other idea? 
<br><br>Thanks.<br><br>Z.<br><br>-- <br>Check out my web site - <a href="http://www.words2u.net" target="_blank">www.words2u.net</a></blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all"><br>

-- <br>Check out my web site - <a href="http://www.words2u.net" target="_blank">www.words2u.net</a>

------=_Part_14191_1166887.1199933076539--