HTTP forwarding, based upon host header

Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

I've got a Watchguard X50 Edge hardware firewall connected to the internet
via T1.

Inside the firewall, I've got 2 web servers, Windows 2000 Server.

The X50 has the capability to be associated to ONLY ONE external IP address
(argh...).

I can easily forward all incoming PORT 80 traffic to either one of the web
servers.

However, I need to be able to forward SOME incoming traffic to Web Server
#1, and SOME incoming traffic to Web Server #2. Of course, this would be
determined by the host header information.

So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on Server
#2.

Can anyone suggest a free or cheap software solution to this problem?

Thank you.

John
9 answers Last reply
More about http forwarding based host header
  1. Archived from groups: comp.security.firewalls (More info?)

    "john lemon" <john@lemon.com> wrote in message
    news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
    > I've got a Watchguard X50 Edge hardware firewall connected to the internet
    > via T1.
    >
    > Inside the firewall, I've got 2 web servers, Windows 2000 Server.
    >
    > The X50 has the capability to be associated to ONLY ONE external IP
    address
    > (argh...).
    >
    > I can easily forward all incoming PORT 80 traffic to either one of the web
    > servers.
    >
    > However, I need to be able to forward SOME incoming traffic to Web Server
    > #1, and SOME incoming traffic to Web Server #2. Of course, this would be
    > determined by the host header information.
    >
    > So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
    Server
    > #2.
    >
    > Can anyone suggest a free or cheap software solution to this problem?
    >
    > Thank you.
    >
    > John

    Your firewall should support port mapping. This is where you set up port 81
    to be forwarded inside to server #2 after mapping it to port 80. Rather
    than the usual one-to-one incoming mapping.

    Then outside users have to use http://www.url.com:81 to access it.

    -Russ.
  2. Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

    Routine stuff. Done all the time. No prob. With host headers you can use one
    IP for multiple sites on the same port. See MS link below. Works fine on
    IIS5 and W2K even though it's written for IIS6.

    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx

    -Frank

    "john lemon" <john@lemon.com> wrote in message
    news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
    > I've got a Watchguard X50 Edge hardware firewall connected to the internet
    > via T1.
    >
    > Inside the firewall, I've got 2 web servers, Windows 2000 Server.
    >
    > The X50 has the capability to be associated to ONLY ONE external IP
    > address
    > (argh...).
    >
    > I can easily forward all incoming PORT 80 traffic to either one of the web
    > servers.
    >
    > However, I need to be able to forward SOME incoming traffic to Web Server
    > #1, and SOME incoming traffic to Web Server #2. Of course, this would be
    > determined by the host header information.
    >
    > So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
    > Server
    > #2.
    >
    > Can anyone suggest a free or cheap software solution to this problem?
    >
    > Thank you.
    >
    > John
    >
    >
    >
    >
    >
  3. Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

    Oh... don't forget to make sure you configure your external DNS for the new
    site. Each host header needs a record.

    -Frank

    "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
    > Routine stuff. Done all the time. No prob. With host headers you can use
    > one IP for multiple sites on the same port. See MS link below. Works fine
    > on IIS5 and W2K even though it's written for IIS6.
    >
    > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
    >
    > -Frank
    >
    > "john lemon" <john@lemon.com> wrote in message
    > news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
    >> I've got a Watchguard X50 Edge hardware firewall connected to the
    >> internet
    >> via T1.
    >>
    >> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
    >>
    >> The X50 has the capability to be associated to ONLY ONE external IP
    >> address
    >> (argh...).
    >>
    >> I can easily forward all incoming PORT 80 traffic to either one of the
    >> web
    >> servers.
    >>
    >> However, I need to be able to forward SOME incoming traffic to Web Server
    >> #1, and SOME incoming traffic to Web Server #2. Of course, this would be
    >> determined by the host header information.
    >>
    >> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
    >> Server
    >> #2.
    >>
    >> Can anyone suggest a free or cheap software solution to this problem?
    >>
    >> Thank you.
    >>
    >> John
    >>
    >>
    >>
    >>
    >>
    >
    >
  4. Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

    I am familiar with hosting multiple web sites on a single server using a
    single IP address.

    However this situation is a little different.

    I have two web servers on the same 192.168.111.x network.

    Server #1: 192.168.111.1 - xyz.com and abc.com
    Server #2: 192.168.111.2 - def.com and ghi.com

    External DNS is configured so that the WWW hosts for these 4 domains point
    to 207.56.34.12 (for example).

    207.56.34.12 is the hardware firewall.

    The firewall port forwarding is set up to forward all PORT 80 requests to
    192.168.111.1.

    xyz.com and abc.com are fully accessible from the outside world.

    But back to my original question, how can I access www.def.com and
    www.ghi.com from the outside world ?


    "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
    > Routine stuff. Done all the time. No prob. With host headers you can use
    one
    > IP for multiple sites on the same port. See MS link below. Works fine on
    > IIS5 and W2K even though it's written for IIS6.
    >
    >
    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
    >
    > -Frank
    >
    > "john lemon" <john@lemon.com> wrote in message
    > news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
    > > I've got a Watchguard X50 Edge hardware firewall connected to the
    internet
    > > via T1.
    > >
    > > Inside the firewall, I've got 2 web servers, Windows 2000 Server.
    > >
    > > The X50 has the capability to be associated to ONLY ONE external IP
    > > address
    > > (argh...).
    > >
    > > I can easily forward all incoming PORT 80 traffic to either one of the
    web
    > > servers.
    > >
    > > However, I need to be able to forward SOME incoming traffic to Web
    Server
    > > #1, and SOME incoming traffic to Web Server #2. Of course, this would
    be
    > > determined by the host header information.
    > >
    > > So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
    > > Server
    > > #2.
    > >
    > > Can anyone suggest a free or cheap software solution to this problem?
    > >
    > > Thank you.
    > >
    > > John
    > >
    > >
    > >
    > >
    > >
    >
    >
  5. Archived from groups: comp.security.firewalls,microsoft.public.win2000.networking (More info?)

    On Thu, 15 Sep 2005 06:13:07 GMT, john lemon wrote:

    > I am familiar with hosting multiple web sites on a single server using a
    > single IP address.
    >
    > However this situation is a little different.
    >
    > I have two web servers on the same 192.168.111.x network.
    >
    > Server #1: 192.168.111.1 - xyz.com and abc.com
    > Server #2: 192.168.111.2 - def.com and ghi.com
    >
    > External DNS is configured so that the WWW hosts for these 4 domains point
    > to 207.56.34.12 (for example).
    >
    > 207.56.34.12 is the hardware firewall.
    >
    > The firewall port forwarding is set up to forward all PORT 80 requests to
    > 192.168.111.1.
    >
    > xyz.com and abc.com are fully accessible from the outside world.
    >
    > But back to my original question, how can I access www.def.com and
    > www.ghi.com from the outside world ?
    >
    >
    > "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    > news:Uv-dnXERrOnjdbXeRVn-qw@giganews.com...
    >> Routine stuff. Done all the time. No prob. With host headers you can use
    > one
    >> IP for multiple sites on the same port. See MS link below. Works fine on
    >> IIS5 and W2K even though it's written for IIS6.
    >>
    >>
    > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/883a9544-3f70-4d46-a6df-bbadbd1fe7de.mspx
    >>
    >> -Frank
    >>
    >> "john lemon" <john@lemon.com> wrote in message
    >> news:i_4We.73658$3S5.65656@tornado.rdc-kc.rr.com...
    >>> I've got a Watchguard X50 Edge hardware firewall connected to the
    > internet
    >>> via T1.
    >>>
    >>> Inside the firewall, I've got 2 web servers, Windows 2000 Server.
    >>>
    >>> The X50 has the capability to be associated to ONLY ONE external IP
    >>> address
    >>> (argh...).
    >>>
    >>> I can easily forward all incoming PORT 80 traffic to either one of the
    > web
    >>> servers.
    >>>
    >>> However, I need to be able to forward SOME incoming traffic to Web
    > Server
    >>> #1, and SOME incoming traffic to Web Server #2. Of course, this would
    > be
    >>> determined by the host header information.
    >>>
    >>> So, xyz.com and abc.com are on Server #1. def.com and ghi.com are on
    >>> Server
    >>> #2.
    >>>
    >>> Can anyone suggest a free or cheap software solution to this problem?
    >>>
    >>> Thank you.
    >>>
    >>> John
    >>>
    I don't know about IIS but Apache web server allows virtual name-based
    virtual hosts to be on different physical servers. Maybe IIS does also.
  6. Archived from groups: comp.security.firewalls (More info?)

    john lemon <john@lemon.com> wrote:
    > However, I need to be able to forward SOME incoming traffic to Web Server
    > #1, and SOME incoming traffic to Web Server #2. Of course, this would be
    > determined by the host header information.

    Then just use a virtual host concept i.e. like the one from Apache, and
    proxy the right traffic to the second webserver.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  7. Archived from groups: comp.security.firewalls (More info?)

    john lemon <john@lemon.com> wrote:
    > xyz.com and abc.com are fully accessible from the outside world.

    Configure the "wrong" webserver, which is reached by all the traffic,
    as a proxy for those websites.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  8. Archived from groups: comp.security.firewalls (More info?)

    I understand that this is conceptually what I need to do...but how does it
    work in practice? Do you have any suggestions on how to start ?


    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43292b4d@news.uni-ulm.de...
    > john lemon <john@lemon.com> wrote:
    > > However, I need to be able to forward SOME incoming traffic to Web
    Server
    > > #1, and SOME incoming traffic to Web Server #2. Of course, this would
    be
    > > determined by the host header information.
    >
    > Then just use a virtual host concept i.e. like the one from Apache, and
    > proxy the right traffic to the second webserver.
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  9. Archived from groups: comp.security.firewalls (More info?)

    john lemon <john@lemon.com> wrote:
    [IIS virtual hosts and proxiing to a second server]
    > I understand that this is conceptually what I need to do...but how does it
    > work in practice? Do you have any suggestions on how to start ?

    http://support.microsoft.com/default.aspx?scid=kb;en-us;816576
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/acca715c-aa55-405b-89fe-e9f9e4f34391.asp

    A remapping tool is in the IIS resource kit.

    HTH,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
Ask a new question

Read More

Firewalls Servers Networking