IP aliases, effect on security?

ME dugan at passwall.com
Wed Feb 12 17:03:15 PST 2003


Andru Luvisi said:
> On Wed, 12 Feb 2003, Andru Luvisi wrote:
> [snip]
>> You can only do SSL for one domain per IP address.
> [snip]
>
> Er... I meant per IP address and port.  You could, for example, do:
>
>   https://www.example.com:443/
>   https://www.example.org:444/
>   https://www.example.net:445/
>   http://www.example.com/
>   http://www.example.org/
>   http://www.example.net/
>
> All on one IP address with one copy of Apache...

Good point. I only effectively run 1 https site on my single IP, and it
uses the default port number. This could play into the original poster's
needs, and force a need for use of IP Aliases on the same NIC.

The original warning I stated in another post still stands though:
Make sure sshd and any other "critical" services for administration are
bound to (at a minimum) the base IP of the interface. This way, if for
some reason, your forget to build a kernel with support for binding
multiple IP to the same NIC, you can at least login to your box to build a
kernel that does, or reboot back to your old kernel.

-ME



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html




More information about the talk mailing list