[ale] Iptables rule for Apache Rewrite
Jeff Hubbs
hbbs at comcast.net
Tue Apr 10 12:46:48 EDT 2007
I've got a server that runs Zope and has Apache doing a rewrite from
inbound port 80 to port 8080 (this is recommended so that it's Apache
that's taking the Internet abuse and not Zope's built-in daemon). Here
is the rewrite rule for Apache:
<VirtualHost 192.168.0.211:80>
RewriteEngine on
RewriteRule ^($|/.*) \
http://127.0.0.1:8080/VirtualHostBase/\
http/%{SERVER_NAME}:80/VirtualHostRoot$1 [L,P]
</VirtualHost>
The problem is that this rewriting appears to be being affected by
iptables rules; nmap shows the machine's port 80 as open, but it won't
respond, as port 8080 is one that's specifically blocked in the script.
What would be a good iptables rule to open a hole back up so that *just*
the same machine can get through to port 8080?
I'm a bit leery of a situation of someone being able to access port 8080
from over the wire by forcing an IP address collision, i.e., set an
interface to the same as that of the server.
More information about the Ale
mailing list