On 02/22/2013 12:25 PM, Dan Ritter wrote:
On Fri, Feb 22, 2013 at 12:17:33PM -0500, Bill Horne wrote:
On 2/22/2013 11:04 AM, Rich Pieri wrote:
On Fri, 22 Feb 2013 11:00:13 -0500
Bill Horne<b...@horne.net> wrote:
Speaking of ssh tunnels, can someone figure out how to tunnel through
ssh to a virtual domain?
Clarify what you mean by "virtual domain".
Many web servers, mine included, are set up so that they deliver
different pages, based on which domain name is included in the http
headers sent with the request.
For example:
67.190.84.154 - - [17/Feb/2013:15:42:25 -0800] "GET / HTTP/1.1" 200
4816 "http://billhorne.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:18.0) Gecko/20100101 Firefox/18.0"
Since the "200" line includes the domain name, Apache knows that it
needs to deliver a "splash" page from the "billhorne.com" tree. If
the request were for the "william-warren.com" domain, Apache would
deliver a "splash" page appropriate for a different domain. The
point is that Apache needs to see the domain name in the "200"
request, in order to know which page to deliver. That's why it's
called a "virtual domain": it doesn't depend on the IP address per
se.
Of course, it's also possible to set up the server so that it
delivers the same page no matter which domain name is included in
the headers. There is usually a default "splash" page to handle
requests that are for an invalid domain, or which were sent with
only an IP address. Since ssh tunnels require that the browser
access the tunneled site via a localhost port, Apache doesn't get
the desired domain name in the header, and it delivers the default
page instead of the one that the user wanted.
You need a proxy. SSH can provide a SOCKS proxy for you, and you
can either route requests through that directly, or you can
write a tiny bit of JavaScript (proxy access control) to
determine which requests go to the proxy and which go direct.
A generally inferior but sometimes still useful alternative to using the
proxy is to edit your local /etc/hosts (or equiv on windows) to point
billhorne.com and william-warren.com both to 127.0.0.1, and have your
ssh port forward to 80.
As mentioned elsewhere in the thread, ssh doesn't touch the header, it
merely routes bits around for you, and the /etc/hosts tweak together
with port forwarding tricks it to send the packets to the right place.
This is painful if you need to switch back and forth between "tunneled"
mode and non-tunneled mode. However, it can be useful in situations
where you never want to access the service when you're not tunneled
(since without the tunnel, no traffic will ever leave your box, not even
DNS queries for the domains involved).
HTH,
Matt
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss