[Discuss] ssh tunnels

[dsr at randomstring.org (Dan Ritter)]

On Fri, Feb 22, 2013 at 12:17:33PM -0500, Bill Horne wrote:
> On 2/22/2013 11:04 AM, Rich Pieri wrote:
> >On Fri, 22 Feb 2013 11:00:13 -0500
> >Bill Horne<bill at horne.net>  wrote:
> >
> >>Speaking of ssh tunnels, can someone figure out how to tunnel through
> >>ssh to a virtual domain?
> >Clarify what you mean by "virtual domain".
> 
> Many web servers, mine included, are set up so that they deliver
> different pages, based on which domain name is included in the http
> headers sent with the request.
> 
> For example:
> 
> 67.190.84.154 - - [17/Feb/2013:15:42:25 -0800] "GET / HTTP/1.1" 200
> 4816 "http://billhorne.com/"; "Mozilla/5.0 (Windows NT 6.1; WOW64;
> rv:18.0) Gecko/20100101 Firefox/18.0"
> 
> Since the "200" line includes the domain name, Apache knows that it
> needs to deliver a "splash" page from the "billhorne.com" tree. If
> the request were for  the "william-warren.com" domain, Apache would
> deliver a "splash" page appropriate for a different domain. The
> point is that Apache needs to see the domain name in the "200"
> request, in order to know which page to deliver. That's why it's
> called a "virtual domain": it doesn't depend on the IP address per
> se.
> 
> Of course, it's also possible to set up the server so that it
> delivers the same page no matter which domain name is included in
> the headers. There is usually a default "splash" page to handle
> requests that are for an invalid domain, or which were sent with
> only an IP address. Since ssh tunnels require that the browser
> access the tunneled site via a localhost port, Apache doesn't get
> the desired domain name in the header, and it delivers the default
> page instead of the one that the user wanted.
> 

You need a proxy. SSH can provide a SOCKS proxy for you, and you
can either route requests through that directly, or you can
write a tiny bit of JavaScript (proxy access control) to
determine which requests go to the proxy and which go direct.

-dsr-