[aida] web visibility

Stefan Schmiedl s at xss.de
Fri Jun 29 01:12:36 CEST 2007

Once upon a time in thread far, far away:

On Mon, 11 Jun 2007 13:21:46 +0200
Janko Mivšek <janko.mivsek at eranova.si> wrote:

> 1. with ipconfig (Win) or ifconfig (Linux) find an IP of your PC. It 
> must be public to be visible from internet (not 192.168.x.x or
> 10.x.x.x)

This is one of the disturbing elements of web applications: They tend
to hog IP-adresses and domain names, which makes it hard to add a web
app to an existing (static) site.

So let's go fix that with some apache-fu and (extra credit) ssh-fu!
You need to modify the apache configuration and /etc/hosts on your
webserver, so the procedure is probably not for the faint of heart.

1. Tweak your local hosts file for local name resolution
   /etc/hosts on linux
   %windir%\system32\drivers\etc\hosts on win
   Add the following line: mysite.local

2. ping mysite.local
   should show responses from now.

3. Configure your AIDA site accordingly
    site := AIDASite named: 'mysite.local'.
    site host: 'mysite.local' ip: 'mysite.local' port: 8000

4. http://mysite.local:8000
   should show your AIDA site

Now you have an AIDA site running not only on a non-public subnet, but
on an IP-address that's only reachable from within the box itself.

Walk over to your server for the following steps:

5. Tweak your server's hosts file as above.
   /etc/hosts needs to resolve mysite.local to the same address as above mysite.local

6. Make the public apache a proxy for your AIDA site
   in your public (virtual) host section add the lines
    ProxyRequests Off
    ProxyPreserveHost Off
    ProxyPass / http://mysite.local:8000/
    ProxyPassReverseCookieDomain mysite.local mysite.public
    ProxyHTMLURLMap http://mysite.local:8000/ /
    <Location />
       ProxyPassReverse /
       SetOutputFilter INFLATE;proxy-html;DEFLATE
       ProxyHTMLURLMap / /
   If you want detailed descriptions what these lines do, please go
   visit the documentation at http://httpd.apache.org and especially
   the tutorial at http://www.apachetutor.org/admin/reverseproxies

Now you have the following setup: Incoming requests to
http://mysite.public are forwarded to http://mysite.local:8000,
which resolves to, port 8000 *on the public server*.
On the other hand, you have a perfectly working AIDA site listening
on on your *local machine*.

7. What you now need is a tube between those two.
   linux:  ssh -g -R 8000: user at mysite.public
   win:    plink -ssh -R 8000: user at mysite.public
   (plink is part of the highly recommended putty suite)

This step opens a listening port on mysite.public, whose
other end is aiming to a listening port on your local

If I did not forget anything, you should now be able to call
   which apache forwards to
    which ssh tunnels to your local computer, port 8000
     where AIDA provides a response,
    which tunnels back to the public machine
   where internal links get cleaned up
and get a perfectly working AIDA site.

And what's all that good for? Your web app never leaves the environment
it has grown up in, it is always running on, port 8000. Which
makes for easy deployment. And by adjusting the path parameters in the
apache configuration, you can selectively proxy only certain directories
instead of the whole site. You might even want to read up on
mod_rewrite and use apache to proxy only those requests to your site
which need to be handled dynamically.

If somebody out there is crazy enough to actually try this, let me know
if it worked.


More information about the Aida mailing list