On Mar 30, 2007, at 4:52 PM, Brian N. Smith wrote:
> NOW, what will break it is a shitty firewall that re-writes the
> HTTP header incorrectly. Per HTTP spec, the header should include
> the hostname of the virtual site your wanting to connect to.
>
> That is how it is possible to run 20-200 sites on a single IP, and
> why it is impossible to run SSL the same way.
>
> If the firewall doing the NAT removes the HTTP header, the server
> gets it and has no idea what to do, it will try to use the default
> virtual site instead, which usually results in some crazy content
> and the developer saying WTF.
>
> A proper firewall doesn't change the header, just re-writes IP
> address/port, and forwards in, and then Apache answers the call and
> responds with the content.
I really haven't had time to mess with the BQ install I put on my
Qube 3, but the little messing I have done leads me to believe that
the Linksys WRT54G is an example of one such (bad) firewall for this
use.
I have some Cisco routers around but haven't put one up to do NAT yet.
Thanks!
Brian