Fli
11-25-2013, 02:09 PM
Hello,
i want to hide my webserver IP etc. what i want to do is to have my other server serve as a proxy which will send all request to my hidden server and send hidden server responses to clients.
Please can you point me to some tutorial on how to do it?
| Me/or any other internet user type my website address | <---------> | proxy server located in USA | <---------> | my hidden webserver with Kloxo and 5 domains on it located in Europe |
--------
Here is one reply i got:
Reverse proxying is typically used for caching of data. to speed up web request. but can also be used to allow multiple vhosts run on one IP even though the back'end http server does not support vhost in the headers, it can also be used for LoadBalancing.
Eg. you can trigger all inncoming request that has www.linuxforums.com (http://www.linuxforums.com/) in the header to go to a particular host. and if you connect with www.kernel.org (http://www.kernel.org/) in the header you are connected to a different backend host. even though they are located on different servers. (Kinda like NAT only in layer 6/7).
Client
|
Reverse Proxy server
| |
| |
Host1 Host2(optional)
The biggest issue with keeping the actual backend server anonymous is keeping the server from leaking information. e.g: making the origin server call back to the client directly.
Also, make sure that you keep UTC timezone, sync the clock on the server to a generic (non local) NTP server. (otherwise you could leak out location based of that)
Keep the hostname of the backend server to something simple like "localhost" and modify the 404, and other response files in the HTTP server to remove server information. also disable debug information if your using PHP or ASP/.NET.
The best way to make sure you server is anonymous is to look at the actual packet data (Wireshark capture). also, make sure that your server is not vulnerable to injection attacks that may cause the back-end server to contact the client directly.
Now if you are trying to serv very "black" information. you might consider using a darknet to hide the server. E.g inside i2p or as a Tor hidden service.
I dont have any experience with darknets. but i think that irongeek.com has some good guides on darknets and how to hide yourself in them.
You could also combine them. having a reverse proxy server on the public internet, that redirects to a hidden server in a darknet. this way, if the proxy server gets compromised, they will have problems locating the server in the darknet, trying to find the server located in the darknet is typically hard to do(if done correct).
It all depends on how good you want to hide your physical server.
i want to hide my webserver IP etc. what i want to do is to have my other server serve as a proxy which will send all request to my hidden server and send hidden server responses to clients.
Please can you point me to some tutorial on how to do it?
| Me/or any other internet user type my website address | <---------> | proxy server located in USA | <---------> | my hidden webserver with Kloxo and 5 domains on it located in Europe |
--------
Here is one reply i got:
Reverse proxying is typically used for caching of data. to speed up web request. but can also be used to allow multiple vhosts run on one IP even though the back'end http server does not support vhost in the headers, it can also be used for LoadBalancing.
Eg. you can trigger all inncoming request that has www.linuxforums.com (http://www.linuxforums.com/) in the header to go to a particular host. and if you connect with www.kernel.org (http://www.kernel.org/) in the header you are connected to a different backend host. even though they are located on different servers. (Kinda like NAT only in layer 6/7).
Client
|
Reverse Proxy server
| |
| |
Host1 Host2(optional)
The biggest issue with keeping the actual backend server anonymous is keeping the server from leaking information. e.g: making the origin server call back to the client directly.
Also, make sure that you keep UTC timezone, sync the clock on the server to a generic (non local) NTP server. (otherwise you could leak out location based of that)
Keep the hostname of the backend server to something simple like "localhost" and modify the 404, and other response files in the HTTP server to remove server information. also disable debug information if your using PHP or ASP/.NET.
The best way to make sure you server is anonymous is to look at the actual packet data (Wireshark capture). also, make sure that your server is not vulnerable to injection attacks that may cause the back-end server to contact the client directly.
Now if you are trying to serv very "black" information. you might consider using a darknet to hide the server. E.g inside i2p or as a Tor hidden service.
I dont have any experience with darknets. but i think that irongeek.com has some good guides on darknets and how to hide yourself in them.
You could also combine them. having a reverse proxy server on the public internet, that redirects to a hidden server in a darknet. this way, if the proxy server gets compromised, they will have problems locating the server in the darknet, trying to find the server located in the darknet is typically hard to do(if done correct).
It all depends on how good you want to hide your physical server.