[off topic] Configuring an IP blind Apache server

Dan Mahoney, System Admin danm at prime.gushi.org
Mon May 1 20:15:44 UTC 2006

On Mon, 1 May 2006, Jonathan D. Proulx wrote:

Bind your apache instances to an RFC 1918 address, internally.

Use your kernel's ip forwarding functionality, with freebsd this would be 
done by a rule like "ipfw add 400 fwd,80 ip from any to 
realip 80"

Alternatively, stick it behind thomas boutell's excellent rinetd -- either 
approach will "nat" the request and rewrite the tcp connection without 
revealing that it's being rewritten.


> Hi,
> My appologies in advance this is clearly off topic, but couldn't think
> where else to ask...so please reply directly to me.
> I'd like a _reverse_ anonymizing proxy, something that blinds Apache
> to the incoming IP adresses in client HTTP requests.  I run a
> webserver with a couple of virtual servers (in the apache sense not
> the Xen/VMWare sense) run by different people and I'd like to scrub
> the IP info from traffic before Apache gets it so that neither their
> vhost configs nor their CMS can log IPs even if they want to.
> It seesm like there should be a way to plub in privoxy or something,
> but I can quite think how.  Any suggestions or pointers?
> Obviously running them as hidden services would fix this, but I don't
> want the services hidden per se.
> Thanks,
> -Jon



-The Chest of the nameless streaker of the 1998 Grammy Awards' Bob Dylan

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org

More information about the tor-talk mailing list