 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 02/22/2013 12:25 PM, Dan Ritter wrote: > On Fri, Feb 22, 2013 at 12:17:33PM -0500, Bill Horne wrote: >> On 2/22/2013 11:04 AM, Rich Pieri wrote: >>> On Fri, 22 Feb 2013 11:00:13 -0500 >>> Bill Horne<bill at horne.net> wrote: >>> >>>> Speaking of ssh tunnels, can someone figure out how to tunnel through >>>> ssh to a virtual domain? >>> Clarify what you mean by "virtual domain". >> >> Many web servers, mine included, are set up so that they deliver >> different pages, based on which domain name is included in the http >> headers sent with the request. >> >> For example: >> >> 67.190.84.154 - - [17/Feb/2013:15:42:25 -0800] "GET / HTTP/1.1" 200 >> 4816 "http://billhorne.com/"; "Mozilla/5.0 (Windows NT 6.1; WOW64; >> rv:18.0) Gecko/20100101 Firefox/18.0" >> >> Since the "200" line includes the domain name, Apache knows that it >> needs to deliver a "splash" page from the "billhorne.com" tree. If >> the request were for the "william-warren.com" domain, Apache would >> deliver a "splash" page appropriate for a different domain. The >> point is that Apache needs to see the domain name in the "200" >> request, in order to know which page to deliver. That's why it's >> called a "virtual domain": it doesn't depend on the IP address per >> se. >> >> Of course, it's also possible to set up the server so that it >> delivers the same page no matter which domain name is included in >> the headers. There is usually a default "splash" page to handle >> requests that are for an invalid domain, or which were sent with >> only an IP address. Since ssh tunnels require that the browser >> access the tunneled site via a localhost port, Apache doesn't get >> the desired domain name in the header, and it delivers the default >> page instead of the one that the user wanted. >> > > You need a proxy. SSH can provide a SOCKS proxy for you, and you > can either route requests through that directly, or you can > write a tiny bit of JavaScript (proxy access control) to > determine which requests go to the proxy and which go direct. A generally inferior but sometimes still useful alternative to using the proxy is to edit your local /etc/hosts (or equiv on windows) to point billhorne.com and william-warren.com both to 127.0.0.1, and have your ssh port forward to 80. As mentioned elsewhere in the thread, ssh doesn't touch the header, it merely routes bits around for you, and the /etc/hosts tweak together with port forwarding tricks it to send the packets to the right place. This is painful if you need to switch back and forth between "tunneled" mode and non-tunneled mode. However, it can be useful in situations where you never want to access the service when you're not tunneled (since without the tunnel, no traffic will ever leave your box, not even DNS queries for the domains involved). HTH, Matt
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
