Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP proxy/redirector to a unique virtual host ....

From: dork () gmx at
Date: Thu, 16 Mar 2006 16:02:46 +0100
hi!

apache mod_proxy (ProxyPass & ProxyPassReverse) should be capable. just use 
apache as your proxy. bind it on the port you need, and use ProxyPass to 
gather the response from the server behind. if you use a hostname, mod_proxy 
should use it so that your backend server even may use name-based vhosts. 
ip-based vhosts should work anyway (but would not be the problem, so i assume 
you have name-based).
just a redirect to an ip (given that the "Host: " header contains the ip then) 
has to fail - the information the backend server would need for managing the 
vhost is missing.
another benefit of using apache as proxy is the easy https termination.

maybe check squid documentation, i didn't have to use it so far, but it should 
be able to handle things like this too.

hth

On Wednesday 15 March 2006 22:45, Alberto Paris wrote:

Hi,

Does anyone on the list knows of any kind of software (for Windows, Linux,
or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive
requests on a specific TCP port, and then redirects them to another IP, AND
to a scpecific Virtual Host ?

Something like what 'stunnel' does, but I also need the capability of
directing the traffic to a specific virtual host on the destination web
server .....

Any help will be greatly appreciated ....

Regards,


Alberto Paris
albertoparis () hotmail com
Colombia

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: