Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I want to set up a reverse proxy in my home network. The idea is to route traffic to correct port number based on subdomain in the request URL.
Example: I'm setting two subdomain A records on my domain: nas.mydomain.tld and wiki.mydomain.tld. Both A records point to my dedicated IP address at home. I want a reverse proxy that routes:
nas.mydomain.tld => 192.168.2.2:5001
wiki.mydomain.tld => 192.168.2.2:8090
Can this be done in e.g. my ASUS RT-AC55U router, or can I route all traffic to my file server and have a reverse proxy there route the traffic to correct IP addresses and ports?
From what I found out, the problem lies in that the functionality I want (multiple types of content retrieved from the same IP and port) cannot be done without some kind of middle-man; a reverse proxy server that fetches the content based on the URL and relays it.
Asus router: My ASUS RT-AC55U router doesn't have a reverse proxy server, at least not with standard firmware. I haven't researched if some unofficial kind of firmware contains a reverse proxy server for doing this. So the only option is to use a NAT record to route port 80 to a specific port. The downside is that it only supports one web service on the IP address.
Web hotel: Creating a rewrite in a .htaccess file on the web hotel of a registrar, but it will only redirect and not rewrite/mask URL. Otherwise, the registrar would need a reverse-proxy server to fetch the content from the web services to relay it. I don't think my current registrar supports this, and I can understand if they don't want to do it from a security standpoint.
Apache reverse proxy server: Apache supports this using the mod_proxy module and an entry in the conf file. More info on it here: https://httpd.apache.org/docs/2.4/vhosts/examples.html#proxy
CCProxy: CCProxy is definitely the easiest solution that I've found so far. It's a simple GUI application where you can add URL's, host names/IP addresses and ports, and the application takes care of the rest. Also has a very nice graphical representation of usage/bandwidth, and a graphical log of ongoing sessions. More info here: http://www.youngzsoft.net/ccproxy/
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
My server IP is : 103.11.xx.xxx
I followed setting up my VPS from here
and, I had to copy and edit etc/bind/db.local to etc/bind/db.mywebsite:
; BIND data file for mywebsite.com
;
$ORIGIN mywebsite.com.
$TTL 604800
# IN SOA ns1.mywebsite.com. myemail.mywebsite.com. (
2009120101 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns1.mywebsite.com.
IN NS ns2.mywebsite.com.
IN MX 10 mail.mywebsite.com.
localhost IN A 127.0.0.1
mywebsite.com. IN A 123.45.67.91
ns1 IN A 123.45.67.89
ns2 IN A 123.45.67.90
www IN A 123.45.67.91
ftp IN A 123.45.67.91
mail IN A 123.45.67.92
boards IN CNAME www
my questions is:
how do i get IP 123.45.67.89, 123.45.67.90, 123.45.67.91 and 123.45.67.92. Which is part of the IP of my server IP (103.11.xx.xxx).
how about another IPs, do i have to generate a new ip on the server? and what are the benefits of many ip like this?
how about 1.168.192.in-addr.arpa if I used IP 103.11.xx.xxx?
what is the meaning 'myemail' in ns1.mywebsite.com. myemail.mywebsite.com. whether the user like 'root' etc?
As a beginner, I very confused and many..many.. thank you in advance for your help..
If i got it right and you don't have another IPs except 103.11.xx.xxx, you have to request your hosting-provider in order to get new IPs. It's good to have more than just one IP in case of DDOS on your server (especially, when second IP routed through network with anti-DDOS configuration) or blacklisting of your IP. That's not the only reasons to have more than one IP, but for me they are the must important.
1.168.192.in-addr.arpa - this is a reverse DNS zone, which is responsible for answers to reverse DNS requests, for example, when some SMTP server receiving mail from your MTA, it checking out if your IP matches your domain name, and if it doesn't, it could reject your mail. In other words, regular DNS request trying to match a pair domain name:IP and reverse - IP:domain name.
myemail.mywebsite.com. - this is an email address of a person, who's responsible for that particular DNS-server or DNS-zone. In our case, that's you, my friend. )
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I was to check this URL:
http://geotool.servehttp.com
Is this some sort of suspicious behavior? I can't understand.
My local hosts file (I am using Windows 7 - 64 bit) shows nothing about this domain.
I also made an online whois query on it and there I found 127.0.0.1 as its IP address!!!
What's the magic behind this?
Edited
When I point to this URL, using my browser, the localhost (WAMP server) homepage loads.
Whoever configured the DNS records for geotool.servehttp.com pointed that subdomain name to 127.0.0.1.
It is not usual to point a public hostname to a private IP address, but it is possible.
Here are the results from dig +trace geotool.servehttp.com A:
geotool.servehttp.com. 60 IN A 127.0.0.1
servehttp.com. 86400 IN NS nf3.no-ip.com.
servehttp.com. 86400 IN NS nf4.no-ip.com.
servehttp.com. 86400 IN NS nf2.no-ip.com.
servehttp.com. 86400 IN NS nf5.no-ip.com.
servehttp.com. 86400 IN NS nf1.no-ip.com.
;; Received 151 bytes from 83.222.240.75#53(83.222.240.75) in 153 ms
Four Years ago, I asked this question and now, I am posting an answer to it for any further reference.
DNS Information
TXT Record:
AUTHORITY
servehttp.com. IN SOA nf1.no-ip.com. hostmaster.no-ip.com.
This text record tells us that the domain geotool.servehttp.com probably belongs to no-ip.com.
Visiting internet website for http://no-ip.com (which currently redirects to https://noip.com), a simple slogan tells us everything:
Create an easy to remember hostname and never lose your connection again.
Our Dynamic DNS solution makes it easy to remote access any internet connected device.
That is, a Dynamic DNS service. It helps you reach your local hosted application or network through internet by assigning a dns name to your dynamic always changing ip address.
That's it.
The question asks 'why', so I would like to share my reason.
I wrote a proxy software called vproxy, so I bought domain vproxy.cc.
In the software it runs dns health check periodically to see if the dns server is still available (otherwise it will stop sending dns requests to that server).
The health check is enabled by default, so I have to choose a domain which simply does nothing but returning a constant A record (ipv4 address).
So here comes 127.0.0.1.special.vproxy.cc, which resolves to 127.0.0.1. The domain and address are hardcoded into the software as the default dns health check settings.
Using 127.0.0.1 is simply because it's a loopback address and if someone accidently send traffic to this domain/address, he/she would be sending to local and would not cause any trouble for other people.
And the reason I'm not choosing other 127.x.y.z ips is because they are not so well known as 127.0.0.1 do. Most people don't know that 127/8 are all loopback addresses, but people do know 127.0.0.1.
And for geotool.servehttp.com, maybe the maintainer simply want the same thing as I do? Just some const address which is choosen to be 127.0.0.1.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Can I specify DNS servers for multiple domains.
For example there are 3 domains for which I know the DNS server which would resolve the domain name, so can I specify something like
b.com (domain)
u1.x1.y1.z1 (DNS server IP address which would resolve b.com)
l.m.n.o (default DNS server used if above DNS server unavailable)
c.com (domain)
u2.x2.y2.z2 (DNS server IP address which would resolve c.com)
l.m.n.o (default DNS server used if above DNS server unavailable)
d.com (domain)
u3.x3.y3.z3 (DNS server IP address which would resolve d.com)
l.m.n.o (default DNS server used if above DNS server unavailable)
please refer https://github.com/whitekid/dnspost
this provide max osx's resolver functionality.
Will following help. In /etc/resolv.conf I will specify,
search b.com
nameserver u1.x1.y1.z1
search c.com
nameserver u2.x2.y2.z2
search d.com
nameserver u3.x3.y3.z3
For d.com, NS u3.x3.y3.z3 will be used (other NS's i.e. u1.x1.y1.z1 and u2.x2.y2.z2 will not be tried for d.com)?
If input domain does not match any of the above given domains then local nameserver will be used?
Also local nameserver will be used if above nameservers are not available or respond with NO?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I currently need to have 2 subdomains under the same domain under SSL.
Both subdomains (www and affiliate) are on the same IIS server, under the same IP, and each one has specified a host header value (www.mydomain.com and affiliate.mydomain.com)
The first subdomain (www), which is the default, works great, with and without SSL.
The second subdomain works perfect under HTTP.
The problem is that I just purchased and installed the SSL certificate for the affiliate subdomain, and when you go to https://affiliate.mydomain.com, you get redirected to http://www.mydomain.com
I'm guessing the problem lies in the fact that I can't specify a host header value for SSL? (the dialog where I normally set the host header value doesn't have that option in the bottom part, dedicated to SSL).
What can I do about this?
Should I have each subdomain in a separate IP?
Is this not doable at all?
Thanks!
Daniel
"I'm guessing the problem lies in the
fact that I can't specify a host
header value for SSL"
You guessed right. You will need two IP addresses.
The problem is fundamental to the way HTTPS works.
Virtual hosting relies on the "Host" header introduced in HTTP/1.1. That's part of the HTTP protocol, but from the standpoint of the SSL protocol, the HTTP layer is "application data", and can't be transmitted until the SSL handshake has been completed.
However, the server certificate is presented during the handshake. The HTTP server hasn't seen the "Host" header yet, so it wouldn't know which certificate to send. Using a distinct IP address works, because that's visible at the IP layer below SSL.
Update: There's a new TLS extension that allows clients to indicate the server they intend to use during the handshake. See dlongley's answer for more information.
I am not sure what web server you are running, but in IIS 6 on windows server 2003, you can use host headers for SSL sites, thus allowing them to be on the same IP Address.
http:// www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596b9108-b1a7-494d-885d-f8941b07554c.mspx?mfr=true
EDIT: This will only work if the certificate is a wildcard certificate. Otherwise, subdomain "affiliate" will try to use the same certificate as subdomain "www", and visitors will get a warning.
This probably won't help you, but hopefully it's informative.
There's an extension to the TLS protocol that some TLS clients use called Server Name Indication (SNI). This extension allows TLS clients to specify the hostname of the server they are trying to contact. So when the client connects and sends a ClientHello message within the TLS protocol, the server can decide which certificate to respond with. This makes virtual SSL/TLS servers possible on a single IP.
OpenSSL provides callback functions to allow you to read what hostname the client sent and handle fetching the appropriate certificate, but unfortunately I have no idea if this is possible with IIS.
In the particular situation you are where you need 2 subdomains of the same domain a WildCard certificate has to work... I use a wildcard cert since 3 years for dozens of sites, and no customer has reported errors
If you have something telling the cert is for "www", then your cert is not a true wildcard cert, or you are experiencing some kind of browser caching issues or you are using 2 copies of the cert and you updatet only one of them, or you forgot restarting the server, or .. I donno :)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am wanting to access a website from a different port than 80 or 8080. Is this possible? I just want to view the website but through a different port. I do not have a router. I know this can be done because I have a browser that accessing websites through different ports, Called XB Browser by Xero Bank.
Thanks for the answers. So, if I setup a proxy on one computer, I could have it go from my computer, to another computer that then returns the website to me. Would this bypass logging software?
A simple way is to got to http://websitename.com:174, and you will be entering through a different port.
If your question is about IIS(or other server) configuration - yes, it's possible. All you need is to create ports mapping under your Default Site or Virtual Directory and assign specific ports to the site you need. For example it is sometimes very useful for web services, when default port is assigned to some UI front-end and you want to assign service to the same address but with different port.
You can use ssh to forward ports onto somewhere else.
If you have two computers, one you browse from, and one which is free to access websites, and is not logged (ie. you own it and it's sitting at home), then you can set up a tunnel between them to forward http traffic over.
For example, I connect to my home computer from work using ssh, with port forwarding, like this:
ssh -L 22222:<target_website>:80 <home_computer>
Then I can point my browser to
http://localhost:22222/
And this request will be forwarded over ssh. Since the work computer is first contacting the home computer, and then contacting the target website, it will be hard to log.
However, this is all getting into 'how to bypass web proxies' and the like, and I suggest you create a new question asking what exactly you want to do.
Ie. "How do I bypass web proxies to avoid my traffic being logged?"
No, as the server decides what port it is run on. Perhaps you could install a proxy, which would redirect the port, but in the end the connection would be made on port 80 from your machine.
You can run the web server on any port. 80 is just convention as are 8080 (web server on unprivileged port) and 443 (web server + ssl). However if you're looking to see some web site by pointing your browser to a different port you're probably out of luck. Unless the web server is being run on that port explicitly you'll just get an error message.
It depends.
The web server on the other end will be set to a certain port, usually 80 and will only accept requests on that specific port. Something along the chain will need to be talking to port 80 to the website.
If you control the website, then you can change the port, or get it to accept requests on multiple ports.
If the website is already talking on a different port, you can just use the colon syntax to reference another port (eg: http://server.com:1234 for port 1234).
If you want to use a different port on your client end, but you want to talk to port 80 at the web server end, you'll need to route traffic from port x to port 80. A common way to get this up and running is to use Port Fowarding. ssh can do this for you, see here for a Unix/technical overview or here if you're on Windows.
Hope that helps.
when viewing a website it gets assigned a random port, it will always come from port 80 (usually always, unless the server admin has changed the port) there's no way for someone to change that port unless you have control of the server.
If website server is listening to a different port, then yes, simply use http://address:port/
If server is not listening to a different port, then obviously you cannot.
Unless you're browsing through a proxy, the web servers hosting the sites you want to access must be configured to listen to a port other than 80 or 8080.
Perhaps this is obvious, but FWIW this will only work if the web server is serving requests for that website on the alternate port. It's not at all uncommon for a webserver to only serve a site on port 80.
You can only access a website throught the port that is bind with the http server.
Example: i hava a web server and it is listening for connections on port 123, the you only can get my pages connecting to my 123 port.
To clarify earlier answers, the HTTP protocol is 'registered' with port 80, and HTTP over SSL (aka HTTPS) is registered with port 443.
Well known port numbers are documented by IANA.
If you mean "bypass logging software" on the web server, no. It will see the traffic coming from you through the proxy system's IP address, at least. If you're trying to circumvent controls put into place by your IT department, then you need to rethink this. If your IT department blocks traffic to port 80, 8080 or 443 anywhere outbound, there is a reason. Ask your IT director. If you need access to these ports outbound from your local workstation to do your job, make your case with them.
Installing a proxy server, or using a free proxy service, may be a violation of company policies and could put your employment at risk.