So, some idjits running IIS got whacked by the CodeRed virus and started broadcasting all over ATT's MediaOne cable network. Instead of going after the offenders, they block ALL incoming traffic on port 80. Say goodbye to my webserver.

Here's what I did:

I hooked up with an ISP who was willing to make a custom Apache configuration for me.

Load these modules:
mod_proxy_add_forward
mod_proxy
mod_rewrite

Set up a virtual host:

<VirtualHost x.x.x.x>
ServerName http://www.guerette.net
ServerAlias *.guerette.net
RewriteEngine on
RewriteRule ^/(.+) http://%{HTTP_HOST}:1080/$1 [P]
</VirtualHost>

Set up DNS:
http://www.guerette.net = ISP vhost addr x.x.x.x

Set up hosts file:
http://www.guerette.net = cable modem addr x.x.x.x

When a request comes in to http://www.guerette.net or whatever.guerette.net, it is re-written as a proxy request to my server on port 1080. Since the webserver will use the hosts file before going to DNS, it uses my real server address, and connects on a high open port. It is completely transparent to the user.

I realize I could have set up a redirect to server:port, but I didn't like that.

You have to use "%{X-Forwarded-For}i" for the remote IP in your logging, otherwise you just get the IP address of the proxying webserver.

Redirects are broken too, so you have to set your site up carefully to avoid them.

To avoid detection, you can set up your firewall to only allow the ISP/proxy to connect to your webserver.

Screw 'em.


<font size=-1>[ This Message was edited by: JayGuerette on 2001-08-15 05:57 ]</font>