[Discuss] ssh tunnels
Derek Atkins
warlord at MIT.EDU
Mon Feb 25 11:00:32 EST 2013
Bill Horne <bill at horne.net> writes:
> On 2/22/2013 11:04 AM, Rich Pieri wrote:
>> On Fri, 22 Feb 2013 11:00:13 -0500
>> Bill Horne<bill at horne.net> wrote:
>>
>>> Speaking of ssh tunnels, can someone figure out how to tunnel through
>>> ssh to a virtual domain?
>> Clarify what you mean by "virtual domain".
>
> Many web servers, mine included, are set up so that they deliver
> different pages, based on which domain name is included in the http
> headers sent with the request.
This is a requirement of HTTP/1.1 -- you need to send the Host: header
in the HTTP headers to tell the server the target hostname.
> For example:
>
> 67.190.84.154 - - [17/Feb/2013:15:42:25 -0800] "GET / HTTP/1.1" 200
> 4816 "http://billhorne.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64;
> rv:18.0) Gecko/20100101 Firefox/18.0"
Well, this isn't *quite* what's going on. You're seeing a log message,
but it's not necessarily showing you what's in the HTTP request. The
'200' is the response code from the server which means "Success". The
request looks like:
GET / HTTP/1.1
Host: billhorne.com
[snip]
> Of course, it's also possible to set up the server so that it delivers
> the same page no matter which domain name is included in the
> headers. There is usually a default "splash" page to handle requests
> that are for an invalid domain, or which were sent with only an IP
> address. Since ssh tunnels require that the browser access the
> tunneled site via a localhost port, Apache doesn't get the desired
> domain name in the header, and it delivers the default page instead of
> the one that the user wanted.
SSH has nothing to do with this. SSH just performs TCP connection
proxying, either directly via a -L or -R port-forwarding line, or via a
-D SOCKS proxy. In neither case does it affect the HTTP headers being
sent, it only (potentially) changes the target IP that gets contacted.
For example, I use FoxyProxy in firefox along with an ssh Socks Proxy to
allow myself to connect to a bunch of 'behind the firewall' web
services. Firefox sets the Host header to the target based on the URL,
foxyproxy routes it over ssh, ssh sends it to the "correct" server.
> Bill
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list