David Coulson on 10 Dec 2009 16:46:44 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall & Virtual Web Servers

Most firewalls don't handle L7 naively, so you will need a reverse proxy 
such as Apache w/ mod_rewrite/mod_proxy, or Squid to do that.

On the other hand, I'm not sure I totally understand what you're trying 
to accomplish. Are you wanting to segment sites for security, or just 
for the fun of it? Remember, you're potentially going from one system 
running a web server to perhaps a dozen or more, so that is way more 
systems to maintain and secure. Is it worth it? The overhead in managing 
Apache itself is going to be pretty much the same, since you're still 
going to have to configure each Apache instance anyway.

Virtualization is great, but remember each VM is still a Linux install 
that needs some care and feeding once in a while :-)

On 12/10/09 7:20 PM, Casey Bralla wrote:
> So I'm planning on virtualizing my servers, and I thought I'd also like to
> virtualize my individual web domains.   I'd appreciate advice and comments on
> my (goof-ball) plan.
> I currently host several web domains on a single web server (with a single
> static IP) by utilizing Apache's virtual web server system.  So far this
> system works very well, except that it gets kinda complicated if some of the
> web sites want to do forums, or blogs, etc.  if each web page was running in
> it's own virtual machine, then this would be much easier.
> Unfortunately, if each gets it's own virtual machine, how will I route traffic
> to the correct virtual machine?
> Right now, my firewall forwards all port 80 traffic to a unique machine on my DMZ
> which runs Apache, and then Apache determines which web domain has been
> requested and automagically serves up the correct page(s).
> I'd like to do almost the same thing, but have the firewall determine which web
> domain has been requested, and then forward it to the correct virtual machine.
> Is this even possible?   Anybody have any suggestions how the firewall might
> detect which domain has been requested?
> TIA!
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug