[Linux] Apache and security questions
Julio Arruda
linux@flux.org
Wed, 09 Jan 2008 22:09:01 -0500
Steven Benmosh wrote:
> 1. No, the ServerAlias was not it - I removed the second one and nothing
> happened differently. Besides, I think in such a case Apache would use the
> first one that matches the criteria, and even if it used them at random (not
> a good thing, I agree), it should not have given an error message.
>
> I fixed the problem by going to my dns provider and including another record
> for gps.words2u.net pointing to my IP address. After that, I get the right
> path and no error message. I guess I need to point every subdomain to my
> server's IP address, and then it is ok.
>
> 2. Regarding security, I use a linksys wrt45g (not gl). I looked up the
> wrt45gl, it seemed very similar, but with better specs - I am not sure how
> it could have 3 nics on it. On my wrt45g it recommends to use port
> forwarding and not DMZ, because DMZ open all ports to the server, which is
> still on the same network as the rest of the computers, while port
> forwarding limits the open ports.
Just a note regarding the WRT boxes..
In theory, the WRT54G (you need to check the hw revision) running
openwrt could do several VLANs, and you could have these VLANs
configured in distinct ports of the switch (example, you could have
ports 1 and 2 in one vlan, 3 and 4 in another, and the WAN port in a 3rd
VLAN)
The only gotcha in this case, is that traffic from one VLAN to another
would be forwarded by the CPU.
this is a quick example of a nvram show in a old whiterussian openwrt box.
vlan0ports=1 2 3 4 5*
lan_ifnames=vlan0 eth1 eth2 eth3
The www.openwrt.org site should give enough information on installing
and using it.
(you may want to see if newer linksys software for this hw also doesn't
offer this feature, but I don't think so..)
>
> Z.
>
> message is: Server not found
>
> Firefox can't find the server at dust.words2u.net.
> * Check the address for typing errors such as
> ww.example.com instead of
> www.example.com
>
>
>
> On Jan 9, 2008 6:44 AM, Lawrence Kagan <me@larrykagan.com > wrote:
>
>> Could be that you have the same ServerAlias for both Virtual Hosts.
>>
>> On Jan 8, 2008, at 11:16 PM, Steven Benmosh wrote:
>>
>> Ok, by now you know I am trying to set up a new web site. I have two
>> questions.
>>
>> 1. Here is my sites-available default file:
>> ...
>> default file that comes with the server
>> ...
>>
>> <VirtualHost *>
>> ServerAdmin admin@words2u.net
>> ServerName www.words2u.net
>> ServerAlias words2u.net
>> DocumentRoot /home/words2u
>> </VirtualHost>
>>
>> <VirtualHost *>
>> ServerAdmin admin@words2u.net
>> ServerName gpx.words2u.net
>> ServerAlias words2u.net
>> DocumentRoot /home/words2u/gpxwiki
>> </VirtualHost>
>>
>> When I use www.words2u.net or words2u.net , I get the correct page. When I
>> use the IP address, I get /var/www default page, as expected. But when I run
>> gpx.words2u.net, I get an error message.
>>
>> Where am I going wrong? Do I have to run my own dns server to enable urls
>> other than www.words2u.net and words2u.net?
>>
>> 2.Security
>>
>> What is the best way to isolate my net server from the other computers in
>> my network, so if/when someone breaks in, the rest of the network is safe?
>> Use firewall on each computer to block access to the web server? Any other
>> idea?
>>
>> Thanks.
>>
>> Z.
>>
>> --
>> Check out my web site - www.words2u.net
>>
>>
>>
>
>