Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] ssh tunnels



Bill Horne <bill at horne.net> writes:

> On 2/22/2013 11:04 AM, Rich Pieri wrote:
>> On Fri, 22 Feb 2013 11:00:13 -0500
>> Bill Horne<bill at horne.net>  wrote:
>>
>>> Speaking of ssh tunnels, can someone figure out how to tunnel through
>>> ssh to a virtual domain?
>> Clarify what you mean by "virtual domain".
>
> Many web servers, mine included, are set up so that they deliver
> different pages, based on which domain name is included in the http
> headers sent with the request.

This is a requirement of HTTP/1.1 -- you need to send the Host: header
in the HTTP headers to tell the server the target hostname.

> For example:
>
> 67.190.84.154 - - [17/Feb/2013:15:42:25 -0800] "GET / HTTP/1.1" 200
> 4816 "http://billhorne.com/"; "Mozilla/5.0 (Windows NT 6.1; WOW64;
> rv:18.0) Gecko/20100101 Firefox/18.0"

Well, this isn't *quite* what's going on.  You're seeing a log message,
but it's not necessarily showing you what's in the HTTP request.  The
'200' is the response code from the server which means "Success".  The
request looks like:

GET / HTTP/1.1
Host: billhorne.com

[snip]
> Of course, it's also possible to set up the server so that it delivers
> the same page no matter which domain name is included in the
> headers. There is usually a default "splash" page to handle requests
> that are for an invalid domain, or which were sent with only an IP
> address. Since ssh tunnels require that the browser access the
> tunneled site via a localhost port, Apache doesn't get the desired
> domain name in the header, and it delivers the default page instead of
> the one that the user wanted.

SSH has nothing to do with this.  SSH just performs TCP connection
proxying, either directly via a -L or -R port-forwarding line, or via a
-D SOCKS proxy.  In neither case does it affect the HTTP headers being
sent, it only (potentially) changes the target IP that gets contacted.

For example, I use FoxyProxy in firefox along with an ssh Socks Proxy to
allow myself to connect to a bunch of 'behind the firewall' web
services.  Firefox sets the Host header to the target based on the URL,
foxyproxy routes it over ssh, ssh sends it to the "correct" server.

> Bill

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org