LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : giulio@cs.adelaide.edu.au
  Date: Sat, 20 Nov 1999 03:15:23 +1030

Re: Apache question/problem

Giulio,

The conventional way of setting up a virtual host
as you described is to make two IP addresses resolve to
the same IP host interface.

The way that I do virtual hosts might be a bit different,
but I think it's better.

I use IP redirection. E.g.

ipfwadm -I -a accept -W ppp0 -P tcp -D x10.topology.org 80 -r 8010 

The -r redirects all TCP port 80 packets to a non-existent
host go to the local machine instead. It could be made
to go to port 80 instead of 8010 as shown here.

The result of this is that you avoid all the boring
port scans picking up anything but this port 80.
This improves security also, apart from minimizing the
size of the message log file (because I log all
forbidden port scans).

You can also then put a different httpd process serving
at port 8010 as opposed to port 80.
So this gives a bit more flexibility etc. etc.

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject