I am building an internal whitelist browsing filter server for a business.
It is 95% operational.
PowerDNS intercepts the DNS request and the LUA script correctly determines if the URL is whitelisted.
The problem lies in the blacklist block page ... all I get is PAGE CANNOT BE DISPLAYED.
The LUA script is getting to this line but the actual redirect never occurs:
return 0, {{qtype=pdns.A, content="1.2.3.4"}}
The 1.2.3.4 is where I put the actual IP of the PowerDNS server itself.
Apache is not detecting that anything is getting to the server over port 80.
If I navigate to 1.2.3.4 I do get the block page so I know apache is configured correctly and I have ServerAlias set to * to accept all domains.
Thanks in advance.
First of all, you should be sure that domain resolved correctly using something like:
nslookup example.com
Secondary, DNS-cache on the client computer may prevent correct resolving;
You should use 443 port additionaly to 80 for https browser connections;
I have the simular schema with powerdns+lua+nginx and everything work fine.
If you have no connection to the apache, that's mean your browser does not resolve domain correctly.
Related
I am trying to get my head around Windows, Networks and Domains.
I currently have a server - svr. This is on my domain companyname.co.uk
I can connect to server and ping both svr and svr.companyname.co.uk.
On this server I have a number of applications with web access; TeamCity, Octopus etc. We currently connect to them by browsing to svr:xxxx where xxxx is the port of the web app host (http://svr:9090/ for TC)
I want to create friendly alias' - for example teamcity.companyname.co.uk would point at svr:9090, octopus.companyname.co.uk would point to svr:8090.
However, not being experienced in this area I can't seem to find relevant documents or sites that fully explain what I am looking for.
First, to make one thing clear: when you visit a web page like http://example.com, your web browser is actually making a request to example.com:80. This is done transparently because port 80 is the standard port for the HTTP protocol. As you know, you can request a non-standard port by appending it to the domain name in the URL: http://example.com:888/.
Unfortunately, you cannot have a domain name "alias" that somehow includes a non-standard port - your browser will always try to use port 80 if you don't specify a port.
One solution would be to use a proxy - nginx, apache, lighttpd, and others can all do this.
The idea is that you set up a proxy server that is listening on port 80 on your host. It waits for connections, then forwards those connections to a different server (on the same host, or on a different one) based on some rule. So, for example, you might have rules that look something like this:
IF host = teamcity.companyname.co.uk THEN forward to teamcity:9090
IF host = octopus.companyname.co.uk THEN forward to octopus:8090
The syntax for these rules vary widely between different proxy configurations, so this is just an example.
Note that this is not a redirect - the user's browser connects to teamcity.companyname.co.uk for all requests. It's the proxy that sends the request on to a different service and forwards any responses back to the client "behind the scenes".
These proxy configurations can get quite complex. For example, what if your teamcity application serves a page with a link on it that points to http://teamcity:9090/path/to/page? The user's browser is going to fail if they click on that link. Fortunately, proxies can be configured to rewrite URLs like this on the fly. You'll need to do some research to tailor this solution to your situation.
I have a server that runs different websites on different ports. All of them (but one) are Apache servers and thanks to webmin, I managed to have, for instance, example.com point to 123.123.123.123:80 and example.fr to 123.123.123.123:8000, somehow automatically
I am now running a nodejs server on the same machine, so the 80, 8000, and many other ports are already taken. My nodejs listens on 8008. I have another domain name, say example.org, and I want it to point to my nodejs website, but I simply don't know how to do that! I have updated the DNS and everything is pointing to 123.123.123.123 (my server's IP). I want to avoid using an ugly example.org:8008/ for everything on this node server. How can I make it point implicitly to the 8008 port?? I must add that I cannot afford to take down the apache servers ;)
DNS only provides name to ip address mapping. It cannot handle ports. What you can do instead is to set up a proxy server listening on port 80. The proxy server can then return data based on the host header.
Your best option is to just redirect the request from Apache. Otherwise you can use a reverse proxy like Nginx. Also, you can write a lightweight proxy in node... check out this page
I've got IIS set up on 127.0.0.l and I'm tinkering with adware blockers that use 127.0.0.1 as the address to route malicious sites to (127.0.0.1 www.badsite.com)
Will this make all calls to those sites hit my IIS and make it load a default page?
Is there a way to still block these sites via HOSTS without hitting IIS?
On Win 7 pro.
Yes, all calls to those sites will hit your IIS instance. IIS might return a default page, or a "file not found" page, or if it has an actual page it might return that.
127.0.0.1 is used because it always points to the local machine, which prevents your computer from wasting bandwidth (and possibly DDOSing some poor victim) by trying to send these packets externally. You could try 127.0.0.2 or 127.254.254.254, which would work IIS is listening on 127.0.0.1 specifically or 127.0.0.0/24 rather than on every address on the loopback interface.
There isn't any other address guaranteed to not reach the public Internet, although you may be able to set one up yourself by locally blocking outgoing packets to 192.0.2.1 or the like in your firewall.
Other options for ad blocking include using a local proxy which would return HTTP 404 or the like for blocked URLs or a local DNS relay that would return NXDOMAIN for blocked domains.
Yes, as Anomie points out, they will hit your IIS and then will serve the default page or an error status or an actual page if it finds one (unlikely however).
To avoid that, I use 0.0.0.0 as the address. I've been using it with MVPS Hosts file without any issues for years now.
Also, as this post suggests, you can use 0 too (any invalid ip will do I guess)
Both of these will be a bit faster as they will avoid the wait for timeout on 127.0.0.1.
Another option would be to run IIS another port. If you are running behind a firewall or something like a home router, you could set it to port forward port 80 for incoming requests to your alternate port. (If you're using IIS inside, you'd need to go to http://[your ip address]:[alt port])
I'm runnning IIS 7 on my local dev machine. My website is up and running. To access the website, I need to enter the url with the port number in the browser's address bar (www.ScoobyDoo.dev:91). What do I need to change so I only need to enter the www.ScoobyDoo.dev portion of the url? I've done this before but I'm drawing a blank. Port 80 is hosting a different website so I can't just move this one to the default http port.
Thanks!
If you want multiple sites to reside on the same IP address then you need to use HTTP Host Headers.
Provided that your existing website doesn't use SSL then you can use host headers. To configure host headers in IIS7 you modify the "Bindings" (there's a menu item for this in the right hand side Actions pane for the site):
You want to add/edit your bindings for each site that resides on the same IP address, for example for your scoobydoo.dev site:
The caveat here is that if you have users already browsing your first site by IP address then they will need to be redirected to the site using its domain name.
You can do this by adding a site bound to the raw IP address and creating a HTTP Redirect.
I'm not sure what you're expecting to do here. If something else is binding to port 80, and your web server is binding to port 91, then you'll need to specify port 91 in the web browser when making a request to the server. By default, without being explicitly given a port in the address, a web browser will make the request on port 80 (or 443 for SSL).
You might be able to add an entry to your hosts file (c:\windows\system32\drivers\etc\hosts) where you map the non-specified port version to the specified port version, but I don't think it'll work. That file is for DNS resolution, not port mapping. Worth a try though, I suppose.
Can you clarify a bit on what exactly you're expecting? Or what you think you may have done before? I wonder if you're not giving us the whole picture here.
When using host headers to host multiple websites on the same IP address in IIS, is there any way of accessing that website from a browser running on the local machine?
This is normally required when a given web component only allows configuration from the local machine. It's also useful when things like ASP.Net's built in error handling isn't working and you can only view the error in the browser but don't want to allow remote users to see it.
This has baffled me for a while and everytime I come across it I end up giving up in frustration and reconfigure stuff so I can accomplish such tasks remotely.
Added: #Ishmaeel - modifying hosts doesn't seem to help - you either get a 400 error (if all websites have host headers) or whichever site is configured without a host header.
Just an idea: Mapping the hostname to 127.0.0.1 in the hosts ($WINDOWS$\system32\drivers\etc) file may help. This way you should be able to pull up the local IIS site by typing the hostname as if it's a remote server
Maybe I am not understanding the question, but what's wrong with just typing in the URL for the website? If it's the matter of domain name resolution, you can point to the right DNS or put it in hosts file.
eed3si9n -- if you are trying to access a url locally and you use host headers you cant just type in the url: for example you have 2 websites (website1.com website2.com) on 1 server using host headers. the local ip of the web server is 192.168.1.50 --> if you type in 192.168.1.50 you will get a 'page cannot found'. if you put in the url website1.com or website2.com you will be accessing the sites from the outside (not locally).
so the problem is how to access the sites locally not from the outside -- for example i need this ability so that i can access locally as the test sites are only available locally. not from the outside...
You can try telnetting to the server.
$ telnet localhost 80
(type these lines manually)
GET / HTTP/1.1
Host: www.example.com
(exchange www.example.com for the host name your server is mapped to)
I would assume the only way you can do this is assigning a custom port to the specific website you want to monitor and just access it as "localhost:CustomPort".