[off topic] Configuring an IP blind Apache server
Dan Mahoney, System Admin
danm at prime.gushi.org
Mon May 1 20:32:23 UTC 2006
On Mon, 1 May 2006, Michael Holstein wrote:
>> The idea is a system wide solution that allows any user group to
>> install any semi-random PHP/MySQL frob without having to hack around
>> trying to find and disable its IP logging.
> Then do as Dan just suggested and forward it using your firewall .. advantage
> there is you can still "ban" a user if you see the need by inserting the
> appropriate DENY rule above your forward one.
> Note that other "things" in your network may still log the traffic though ..
> (most hardware firewalls, for example) .. so be sure you know what the
> end-to-end security is at least as far as your perimeter router.(*)
although, be forewarned, at least with the kernel answer above, if the
address is on the same machine, you *will* see the source side of the TCP
connection. This is a "feature" of BSD's forwarding mechanism -- so
rinetd may be better suited for this. I had thought that you simply
wanted a web server to not know which address it itself was listening on
(which also works for this).
> (*): well .. unless you use AT&T as an ISP, since we know they forward
> everything to the ($3_letter_agency) anyway.
"It would be bad."
-Egon Spengler, "Ghostbusters"
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
More information about the tor-talk