[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Iptables rule for Apache Rewrite



I've got a server that runs Zope and has Apache doing a rewrite from
inbound port 80 to port 8080 (this is recommended so that it's Apache
that's taking the Internet abuse and not Zope's built-in daemon).  Here
is the rewrite rule for Apache:

    <VirtualHost 192.168.0.211:80>
    RewriteEngine on
    RewriteRule ^($|/.*) \
    http://127.0.0.1:8080/VirtualHostBase/\
    http/%{SERVER_NAME}:80/VirtualHostRoot$1 [L,P]
    </VirtualHost>


The problem is that this rewriting appears to be being affected by
iptables rules; nmap shows the machine's port 80 as open, but it won't
respond, as port 8080 is one that's specifically blocked in the script. 
What would be a good iptables rule to open a hole back up so that *just*
the same machine can get through to port 8080? 

I'm a bit leery of a situation of someone being able to access port 8080
from over the wire by forcing an IP address collision, i.e., set an
interface to the same as that of the server.