[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [off topic] Configuring an IP blind Apache server

On Mon, 1 May 2006, Jonathan D. Proulx wrote:

Bind your apache instances to an RFC 1918 address, internally.

Use your kernel's ip forwarding functionality, with freebsd this would be done by a rule like "ipfw add 400 fwd,80 ip from any to realip 80"

Alternatively, stick it behind thomas boutell's excellent rinetd -- either approach will "nat" the request and rewrite the tcp connection without revealing that it's being rewritten.



My appologies in advance this is clearly off topic, but couldn't think
where else to ask...so please reply directly to me.

I'd like a _reverse_ anonymizing proxy, something that blinds Apache
to the incoming IP adresses in client HTTP requests.  I run a
webserver with a couple of virtual servers (in the apache sense not
the Xen/VMWare sense) run by different people and I'd like to scrub
the IP info from traffic before Apache gets it so that neither their
vhost configs nor their CMS can log IPs even if they want to.

It seesm like there should be a way to plub in privoxy or something,
but I can quite think how.  Any suggestions or pointers?

Obviously running them as hidden services would fix this, but I don't
want the services hidden per se.




-The Chest of the nameless streaker of the 1998 Grammy Awards' Bob Dylan

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org