How to configure lighttpd to only allow current subnet to access? - configuration-files

I'm new to lighttpd. Here is the goal I want to achieve. I want only the client in my current can access my lighttpd server. For example, current ip address of lighttpd server is '192.168.10.100', only the client with ip address '192.168.10.0/24' can aceess the lighttpd server. The server ip address may change. How to configure lighttpd to only allow current subnet to access?
Here is what I tried. I don't know how to fill the remoteip value. Can anyone help me out? Thanks in advance.
$HTTP["remoteip"] == "192.168.10.0/24" {
}

See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess
server.modules += ( "mod_access" )
$HTTP["remoteip"] != "192.168.10.0/24" {
url.access-deny = ("")
}

Related

Haxe: connecting to a remote host

I did the creating a client/server tutorial given here,
http://old.haxe.org/doc/neko/client_server,
but this example only really applies to the case of a local host which is of pretty limited utility. I was hoping that someone could explain how to extend this to the case of connecting to a remote host. Specifically, if someone knows how to modify this example such that I could run the server code from a laptop at home and have a friend (who knows my home ip) run the client.
Client code:
// file Client.hx
class Client {
static function main() {
var s = new sys.net.Socket();
s.connect(new sys.net.Host("localhost"),5000);
while( true ) {
var l = s.input.readLine();
trace(l);
if( l == "exit" ) {
s.close();
break;
}
}
}
}
Server code:
// file Server.hx
class Server {
static function main() {
var s = new sys.net.Socket();
s.bind(new sys.net.Host("localhost"),5000);
s.listen(1);
trace("Starting server...");
while( true ) {
var c : sys.net.Socket = s.accept();
trace("Client connected...");
c.write("hello\n");
c.write("your IP is "+c.peer().host.toString()+"\n");
c.write("exit");
c.close();
}
}
}
As a disclaimer, I know very little about communication protocols, so I apologize if the question is silly.
Edit:
If I replace "local host" with my local ip address "192.168.1.254" this still works, but if I replace "localhost" with my public ip address "206.XXX.XXX.XXX," the client does not connect (this was the first thing I tried).
I have disabled my firewall for both incoming and outgoing traffic on that port, but it doesn't seem to make a difference. Why is it that my client instance can only connect to the server instance locally? I would have though that changing the client code to use the public ip address of the computer route the request through the router.
Edit:
Turns out that it was actually working all along with the public ip address, but for whatever reason it could not connect to the router's public ip from within my local network (I still don't understand why this was a problem - maybe some weird router specific NAT problem). Using this utility:
http://www.yougetsignal.com/tools/open-ports/
I was able to verify that the relevant ports were open and connect to my server program.
In clients code in below string replace "localhost" with your IP-address:
s.connect(new sys.net.Host("localhost"),5000);
http://api.haxe.org/sys/net/Host.html
Creates a new Host : the name can be an IP in the form "127.0.0.1" or an host name such as "google.com", in which case the corresponding IP address is resolved using DNS. An exception occur if the host name could not be found.
This really depends on your home setup. Generally its a security risk to just open something on your home ip, so do this at your own risk.
Most likely you will have a dynamic ip address from your isp. This means that every time you connect to your isp your public ip may be different. Its common to use a third party service to get around this kind of thing. Many routers have a feature built in do to integrate with these providers but there are also native apps you can install. There are many services out there some free, some paid depending on what you want and who you trust eg http://www.noip.com/, http://dyn.com/dns/. These services will have getting started guides.
When its working you can change your client code from localhost to the public ip address and port you setup the dynamic dns service to expose.

can the different hosts (not ip) forwarding to the same port externally?

Im just wondering, can 2 or more different external hostname/DNS redirect to multiple local servers but same port?
Let's see, I have 2 DNS internet domain for an example, myserver1.com and myserver2.com, and both I have same A record to my forwarded server IP (e.g: 102.123.123.123). Under my server which only has 102.123.123.123 IP address has 2 application servers but instead of trying to make they work, I use different port for each server applications for an example, serverApp1 listening to 0.0.0.0:2010, serverApp2 listening to 0.0.0.0:2020
My point is, is there any way or how to forward my myserver1.com:2000 to serverApp1 (port 2010), and myserver2.com:2000 to serverApp2 (port 2020) but both myserver1.com and myserver2.com has a same A record?
Im quite sure either it is in iptables or /etc/hosts or BIND issues, but guide me if I missed something. And by the way, the servers and DNS records are accessible from the internet which is the firewalls are configured properly. Thanks.
I don't have much experience in that, but I think you will need a third server/firewall/proxy listening for the incoming host and route it accordingly.
Again, I don't have much experience in that, so I'm not sure if the firewall is able to do that.
I think you can use redirection servers like apache.
In my application we want to access lot of intranet servers from internet. So what we did, we configured a apache with all the mappings in httpd.
So when ever a request to apache comes, it will be redirected appropriately.
For example - I have two servers or hostname in intranet : 1) abc.com:7300/context1
2) xyz.com:8900/context2
We configured a apache with host name abcxyz.com:9000. When a request like
abcxyz.com:9000/context1 comes it will be redirected to abc.com:7300/context1 and when a request like abcxyz.com:9000/context2 comes it will be redirected to xyz.com:8900/context2.
In your case since the requests are going through the single server (102.123.123.123), you can use redirection.
Hope it helps.

Connect Local Host from Web Service

I have a Laptop, with msSql sever 2005, and it is connected to my Wifi router which gets the internet. So My laptop get connected to internet. But I need to access my msSql Sever from internet to connect my webpage which I made using ASP.Net.
Please Help me... And please give a solution for this...
You'll need your IP adress to connect, then open the SQL-Port in your router. (default is 3306)
When you connect to the server just use your current ip adress.
Maybe you want a static ip or something like http://dyndns.org
you want to write web service and host that service in sql machine
First setup a static IP address on your laptop and after that you need to set up port forwarding in your router. This process differs slightly depending on your routers manufacturer and model.
After this is set up properly make sure that SQL Servers port is open on your laptops firewall.
By using Dynamic DNS you can point to your possibly changing IP address with static name so you don't have to change this constantly in your connection string.

get IP Address in Lua

i try to get the local IP from my device ( programming in Corona Lua )
till now I do with:
local myip = socket.dns.toip(socket.dns.gethostname())
but this only works on simulator
local client = socket.connect( "www.google.com", 80 )
local ip, port = client:getsockname()
but this only works when I have a Internet Connection
How could i get my local IP just in my Wifi without Internet
thx
chris
The ip of the interface you are looking for can change based on what IP address you are trying to talk to. The code below uses google's IP to select an interface and return the IP address.
It works me for me using LUA/luasocket but I haven't tried it in corona.
require "socket"
local s = socket.udp()
s:setpeername("74.125.115.104",80)
local ip, _ = s:getsockname()
print(ip)
EDIT:
You shouldn't need internet in this case because you're not actually connecting to anything or otherwise sending any packets. You will however need the interface in question to actually have an IP.

How can I tell whether a controller action was requested by DNS or IP?

On my WebDev server, I'm trying to test whether a controller's action was requested through its raw IP, or by its DNS. I've tried looking at the controller's HttpRequest.Url.HostNameType, but it seems to resolve to a DNS even if I enter my local IP in the browser. Any ideas? Thanks in advance.
That information is passed in the Host header of an HTTP request, so you should be able to access it like this:
var requestedHost = Request.Headers["Host"];
If the request was for an IP address, that IP address string should be returned. Otherwise, it will be whatever hostname they used.
HttpContext.Current.Request.Url.Authority
Gets the Domain Name System (DNS) host name or IP address and the port number for a server.
Uri baseUri = new Uri("http://www.contoso.com:8080/");
Uri myUri = new Uri(baseUri,"shownew.htm?date=today");
Console.WriteLine(myUri.Authority);
Output: www.contoso.com:8080