Solved

I have two named websites that I want to serve from the same machine using apache (www.firstsite.com and www.secondsite.com).  One site is to be externally accessible, in other words, you could get t

Posted on 2008-10-05
13
347 Views
Last Modified: 2013-11-30
I have two named websites that I want to serve from the same machine using Apache on Windows XP (www.firstsite.com and www.secondsite.com).  One site is to be externally accessible, in other words, viewable from anywhere on the Internet.  The other site is to be accessible only on the local machine.  

It sounds simple, but I've tried a million ways from sunday and can't get it to work right.  What's the best way to do this?

Thanks
0
Comment
Question by:jacobs4020
  • 7
  • 5
13 Comments
 
LVL 5

Expert Comment

by:libin_v
ID: 22646153
You add an entery in the hosts file

Linux ( /etc/hosts )
127.0.0.1                  localhost              www.secondwebsite.com

Windows ( c:\windows\system32\drivers\etc\hosts )
127.0.0.1                   www.secondwebsite.com

The use virtual host configuration. Refer http://httpd.apache.org/docs/1.3/vhosts/name-based.html
 NameVirtualHost *

    <VirtualHost *>
    ServerName www.firstwebsite.com
    DocumentRoot /www/first
    </VirtualHost>

    <VirtualHost *>
    ServerName www.secondwebsite.com
    DocumentRoot /www/second
    </VirtualHost>
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22650760
To make sure I'm covering all the bases, can you provide which version of Apache you are using ? I'm going to suppose it's version 2.0 for the rest of this email.

The snippet provided by libin_v aboive will configure the two virtualhosts you want using the servername as discriminent. This means that DNS (or any other naming scheme) must be correctly setup for this to work, as web clients will specify which hostname they want to contact in the "Host: " header, which apache will match against the ServerName and ServerAlias directives.

What the snippet does not is to take care of access control. Since the second  site is to be accessible only from the local machine, you need to prevent access from other places. In addition to the /etc/hosts modification presented above, you  need an "Allow" statement. Should you need to access it from other places, you can allow additional subnets.

Please refer to Apache's documentation for the meaning of those statements.


Hope this helps,
Christophe
NameVirtualHost *
 

<VirtualHost *>

   ServerName www.firstwebsite.com

   ServerAlias firstwebsite.com

   DocumentRoot /www/first

</VirtualHost>
 

<VirtualHost *>

   ServerName www.secondwebsite.com

   ServerAlias secondwebsite.com

   DocumentRoot /www/second

   Order allow,deny

   allow from 127.0.0.1

</VirtualHost>

Open in new window

0
 

Author Comment

by:jacobs4020
ID: 22651635
I get an error from Apache saying that Order isn't allowed in that spot.
0
 

Author Comment

by:jacobs4020
ID: 22651643
I got an error saying that "Order" is not allowed at that spot.
0
 
LVL 4

Accepted Solution

by:
urgoll earned 125 total points
ID: 22651674
MY bad. Let's try this :
<VirtualHost *>

   ServerName www.firstwebsite.com

   ServerAlias firstwebsite.com

   DocumentRoot /www/first

   <Directory /www/first>

      Order allow,deny

      allow from all

   </Directory></VirtualHost>

 

<VirtualHost *>

   ServerName www.secondwebsite.com

   ServerAlias secondwebsite.com

   DocumentRoot /www/second

   <Directory /www/second>

      Order allow,deny

      allow from 127.0.0.1

   </Directory>

</VirtualHost>

Open in new window

0
 

Author Comment

by:jacobs4020
ID: 22654247
OK.  I've made the suggested changes.  My local-view-only site (www.secondsite.com) works fine.  It's accessible on my machine and not accessible from the outside.  My external view site i(www.firstsite.com) is accessible from other machines within my lan.  BUT....when accessed from outside the lan,  the index page appears to load, but it's blank.  There are no error messages or timeouts, just white space.  I tried changing the index page to something really simple (just test text), but the problem persists.  What's that about?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 4

Expert Comment

by:urgoll
ID: 22655690
Can you look at the access_log and error_log files and see if there are entries related to your accessing the first site from outside of your LAN ? Off the top of my head, I can't see anything different between accessign from within and without your LAN.

If you are able to do a snoop/tcpdump on the server port 80 while accessing your firstsite from outside your LAN, it would help to look at the HTTP conversation.

Regards,
Christophe
0
 

Author Comment

by:jacobs4020
ID: 22656105
I've been using an anonymous proxy (www.hidemyass.com) to see how my site looks from the outside.  Thinking the blank page might be a problem with the proxy, I've used 2 or 3 others, but with the same result, so I don't think it's the proxy.  The access log shows the IP of the proxy, time/date, and then "GET / HTTP/1.0" 200 1174.  There is no corresponding entry in the error log.  

When I access the site from inside my lan, the access log shows the localhost IP, time/date, and then "GET /favicon.ico HTTP/1/1" 404 209.  In this case, there is a corresponding entry in the error log indicating that favicon.ico couldn't be found.  Until a couple of minutes ago, I didn't know what favicon.ico was, but now that I know, I can't see that would be a problem.  And, in this case (inside the lan) I can see the page just fine.

I'll be happy to do the snoop/tcpdump if you can tell me how to do it.

Thanks for your help.
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22656136
Sure: as root:
# iptrace -a -i en1 -b  -p 80 trace.out

this assumes that your network interface is en1 - replace as necessary. Once it runs, do your network access, then CTRL-C when done. This will create a file named trace.out that you can post. I hope this works, I don't have access to an AIX server to confirm, this is from reading the man page on the 'net.
0
 

Author Comment

by:jacobs4020
ID: 22656231
Sorry.  I should have mentioned that I'm running XP Pro, not Linux.  Iptrace is a unix command right?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22656506
Yes, it is a Unix command. I have no expertise with Windows, but apparently this KB can point you in the right direction to generate a packet trace:

http://support.microsoft.com/kb/148942

Hopefuly this will work for you and you can post the resulting file.
0
 

Author Comment

by:jacobs4020
ID: 22661359
It turns out that it was a firewall problem.  I have Zonealarm free running and have the XP firewall disabled via the Security Center.  Apparently some vestiges of the XP firewall remain operational even when it is supposedly turned off.  I found a registry tweak to it off for good, and now the site is accessible externally.

Thank you for your help.
0
 

Author Closing Comment

by:jacobs4020
ID: 31503250
Many thanks for your competent help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now