nanog mailing list archives
Re: Ipv6 for the content provider
From: Owen DeLong <owen () delong com>
Date: Wed, 26 Jan 2011 16:49:33 -0800
On Jan 26, 2011, at 3:13 PM, Valdis.Kletnieks () vt edu wrote:
On Wed, 26 Jan 2011 12:56:01 -1000, Antonio Querubin said:On Wed, 26 Jan 2011, Owen DeLong wrote:Listen a.b.c.d:80 -> Listen 80 <Virtualhost a.b.c.d:80> -> <Virtualhost *:80>That only works if you have only one address on the machine and.Actually it works fine on machines with multiple IP addresses for both FreeBSD and CentOS. And IPv6 enabled servers can easily have multiple IPv6 addresses.What Owen meant was that if you expect it to answer *only* for a.b.c.d:80, and *not* to answer for other addresses/interfaces, you may be in for a surprise (consider a DMZ host where you have: outside world - 128.257.12.2 inside facing - 192.168.149.149 VirtualHost 198.168.149.149:80 # super-sekrit corporate internal site Changing that VirtualHost to *:80 will probably cause some grief. ;)
Exactly... That is one of MANY examples of the kind of potential for abuse I was attempting to describe. Admittedly, if you put your Super-sekrit corporate internal site on a DMZ host, you arguably deserve what happens, but... Owen
Current thread:
- RE: Ipv6 for the content provider, (continued)
- RE: Ipv6 for the content provider George Bonser (Jan 26)
- Re: Ipv6 for the content provider Owen DeLong (Jan 26)
- Multiple WAN setup for Bridge customers on Ericsson SmartEdge Platform Tony Esparza (Jan 26)
- RE: Ipv6 for the content provider George Bonser (Jan 26)
- RE: Ipv6 for the content provider George Bonser (Jan 26)
- Re: Ipv6 for the content provider Dale W. Carder (Jan 26)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 26)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 26)
- Re: Ipv6 for the content provider Owen DeLong (Jan 26)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 26)
- Re: Ipv6 for the content provider Valdis . Kletnieks (Jan 26)
- Re: Ipv6 for the content provider Owen DeLong (Jan 26)
- Re: Ipv6 for the content provider Owen DeLong (Jan 26)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 26)
- Re: Ipv6 for the content provider Owen DeLong (Jan 26)
- Re: Ipv6 for the content provider Antonio Querubin (Jan 26)
- Re: Ipv6 for the content provider Jared Mauch (Jan 27)
- Re: Ipv6 for the content provider Dale W. Carder (Jan 26)
- Re: Ipv6 for the content provider Charles N Wyble (Jan 26)
- Re: Ipv6 for the content provider Randy McAnally (Jan 26)