Wednesday, October 29, 2014

apache 2.2 - WAMP different sites on different ports accessible on LAN




I have a small windows server set up on a LAN, with static IP address 192.168.1.100.

I have a few other client machines, say 192.168.1.101 - 104.



Requirements:




  • Host an apache server (wampserver) on the main server, accessible only on the LAN.

  • Set up the default wampserver tools (such as phpmyadmin) on port 8080, accessible only from the server machine

  • Use port 8081 for a special internal site, accessible by all machines on the LAN




My current setup as follows:



httpd.conf:



ServerRoot "c:/wamp/bin/apache/apache2.2.22"

Listen 8080
Listen 8081

ServerAdmin admin@localhost

ServerName localhost:8080
DocumentRoot "c:/wamp/www/"


Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all




Options Indexes FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 192.168.1



Options Indexes FollowSymLinks

AllowOverride None
Order deny,allow
Deny from all
Allow from 192.168.1



AllowOverride None
Options None
Order deny,allow

Deny from all
Allow from 192.168.1



httpd-vhosts.conf:



Listen 8080
Listen 8081


NameVirtualHost *:8080
NameVirtualHost *:8081


ServerName localhost
DocumentRoot c:/wamp/www



ServerName site1

DocumentRoot c:/site1




  • I have opened up port 8081 on the windows server

  • I have added "site1" to point to 192.168.1.100 on the hosts files of the client machines

  • I have added an alias on the server



    Alias /site1/ "c:/site1/"





    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    Allow from all




The problem now is that the behaviour is not quite what I need.




Current behaviour on the server:




  • 192.168.1.100:8080 serves me c:/wamp/www as expected

  • 192.168.1.100:8081 also serves me c:/wamp/www instead of c:/site1 that I expect

  • instead, 192.168.1.100:8081/site1 serves me c:/site1



Current behaviour on client machines:





  • site1:8081 (or 192.168.1.100:8081) serves me the c:/wamp/www on the server, instead of c:/site1 that I expect. I don't want c:/wamp/www accessible from clients.

  • instead, site1:8081/site1 (or 192.168.1.100:8081/site1) serves me the c:/site1 on the server.



What am I doing wrong?


Answer



Maybe an explanation on how name base virtual hosts work is helpfull here.




When a browser sends a request for 192.168.1.100:8081 what it does is connecting to 192.168.1.100. port 8081 and subsequently it will send a http request. This looks (simplified) a bit like this:



host: 192.168.1.100

GET /


Apache now needs to find out from which virtual host it will service the response. It does this by looking at the IP:Port pair, and if a NamevirtualHost statement exists for the IP:Port pair it also looks at the host: header. The important thing to be aware of here is that if you call up a site by IP, the host:header will contain the IP address, not the name of the host. You need to use names (and they need to correctly resolve to the correct ip).



If Apache can't find a virtualhost that matches the IP:Port:Host combination it defaults to the first VirtualHost section. And this is what is happening here. Just swap your two sections around and see what happens...




What you need to stop doing here is confusing apache by mixing named based virtualhosts and port based virtualhosts. In other words, you need to remove the NameVirtualHostdirectives. You don't need them.



One last remark: If the aim is to block everyone but the server itself on the wamp directory you need to change something else on your config too:




Options Indexes FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all

Allow from 192.168.1.100



This way only the server gets to see this dir...


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...