[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Security Help
- Subject: Re: [cobalt-users] Security Help
- From: "storage@xxxxxxxxxxxxx" <storage@xxxxxxxxxx>
- Date: Sun Feb 25 17:45:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
By the way, if you don't have access to another IP address (LIR's are still
somewhat picky about distributing IP's, even with IPv6 starting to kick in),
you can work around the problem by binding different HTTPS hosts to different
ports. So, if you had two clients who needed SSL for their site, but only one
IP address, you'd set the first one up as normal (port 443, which is the
default port for SSL and so transparent in the browser); and have the second
one bind to another port.
There are several disadvantages of this however:
1) You'd need to hack your Apache configuration files manually. (Can you
say "invalidate the warranty"?)
2) A port other than 443 will _not_ be transparent in the browser, so you'll
have to link to a URL like http://www.domain.com:10000. Or you can link to a
regular page and redirect (or send a header from PHP or Perl, or use the
Apache Redirect directive, or mod_rewrite, etc).
3) If you have security measures installed on your machine, like portsentry,
it may block access to that port, in which case you'll need to enable it.
Again, have a look at the mod_ssl and Apache-SSL docs and mailing lists for
more. And the Apache docs for the Port directive.
<RANT>
And tell your host to borrow some IP addresses from IBM, Sun, Microsoft and
the rest of the scumbags who took huge greedy blocks of them years ago, and
have them withering away in storage, probably never to be used.
</RANT>
HTH,
adam