Forum

binding hosts securely

Mina
23 March 2015, 14:53
Hiawatha version: current
Operating System:

By the way, I realise something potentially dangerous in my vhosts.

I have a wan-ip/site and lan-ip(orhostname)/intrasite

curl --header intrasite/ wan-ip owned.

So, how can I bind a vhost so it doesn't only bind to hostname but also say LAN segment.

I have seen some configs with set VAR=blabla
can I do something like
set LAN=10.x.x.x/28 
set WAN=10.x.x.y # rev proxy

vhost {
#allow LAN, deny WAN
requiredBinding = LAN
}

?
Hugo Leisink
23 March 2015, 15:36
You can use the BindingID and RequiredBinding options for that. It was made specially for this use case.
Binding {
Interface = <external IP address>
}

Binding {
Interface = <LAN IP address>
BindingID = lan
}

VirtualHost {
...
RequiredBinding = lan
}

External users requesting the LAN website will end up with the default host, because when searching for a matching hostname, Hiawatha will skip the hosts with a non-matching binding (only if set).


You can also use the AccessList for this.
VirtualHost {
...
AccessList = allow 10.0.0.0/8, 192.168.0.0/24, deny all
}
Mina
23 March 2015, 16:01
Brillant. Thanks.
This topic has been closed.