Re: [PHP] Standalone WebServer for PHP
On 12/09/10 18:33, tedd wrote: At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash Ash: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Cheers, tedd If the network is set up (as most business and home networks are these days) to use Network Address Translation (NAT) at the connection point to the world, then you shold be able to achieve this. NAT is where you have an internal network using private addresses (often in the 192.168.xxx.xxx range) but all outgoing traffic appears on the internet to come from one public address. So you configure your web server to accept requests from only the internal addresses. With Apache you could do this on a per-directory basis, even, so the web server could have public content (visible to all client addresses) and then have private content in subdirectories which only accept clients on the internal network addresses. There is a possible loophole due to IP address spoofing, but I suspect that your gateway device (firewall, ADSL or cable router that connects you to the world) will block those sort of clients. -- Peter Ford, Developer phone: 01580 89 fax: 01580 893399 Justcroft International Ltd. www.justcroft.com Justcroft House, High Street, Staplehurst, Kent TN12 0AH United Kingdom Registered in England and Wales: 2297906 Registered office: Stag Gates House, 63/64 The Avenue, Southampton SO17 1XS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, Sep 12, 2010 at 18:55, tedd tedd.sperl...@gmail.com wrote: A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Filter on IP address. Not foolproof, but mostly there. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, Sep 12, 2010 at 20:07, tedd tedd.sperl...@gmail.com wrote: Forget modems or other such outside access -- everything would be done internally with computers and users being physically located within the office's physical location. So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? Just connect them to a router and don't connect the router to the WAN. Each machine will get it's own IP address (assuming that the router is running a DHCP server). -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
Wow... this thread SURE went WAY off my original topic... All I was looking for, was a webserver that would serve PHP pages, that was not installed on the machine. Now, if the machine was *nix or Windose, it didn't matter. I know in Python, you just have to install python, and then you can use Cherrypy (but i dont know python, nor do i want to create the app i am creating with a language i dont full know/understand). Anyway, I spent a bit of time on the interwebs this weekend, and after trying just about every one i could find, I am just going to go with XAMPP, and remove all the stuff i dont need, and trim some fat, and remove all the hard links to the /opt/lampp directory in linux, and figure out what it is in windose later... anyway, thanks for all the ideas. Steve. On Sun, 2010-09-12 at 22:37 -0400, Paul M Foster wrote: On Sun, Sep 12, 2010 at 02:07:12PM -0400, tedd wrote: At 1:47 PM -0400 9/12/10, Jason Pruim wrote: On Sep 12, 2010, at 1:33 PM, tedd wrote: So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? I may not know all the possibilities but the only way I can think of to accomplish that would be to have a server setup in their office with a bank of modems and have everyone call into the server. Basically like an old school internet provider. If the main server can be secured to your clients liking there are ways that it can be on the net and still as safe as possible... But obviously not as safe as hard lines being dialed in... You'ld also have to take into account possibly long distance charges if everyone wasn't local... Forget modems or other such outside access -- everything would be done internally with computers and users being physically located within the office's physical location. So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? I just think I couldn't possibly be fully understanding what you're asking. But in case I *do* understand it, it would be like this: Set up a switch in the server room and connect everyone to it. Connect the switch to the internal webserver. Give the webserver an internal (non-routable) IP and hostname. Anyone can access it via http://internal_hostname/my_script.php No one outside the LAN can access it, something you can enforce with Apache or with iptables (Linux). I have one of these set up in my house/office. Hope this helps. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
I would recommend using nanoserv, it looks more mature. But personally I use my own, which I have developed because I wanted to know how to do it. And because I needed it to do some specific tasks on linux servers which I did not want to mix with apache configuration etc. Here: http://github.com/bostjan/PHP-application-server b. On 13 September 2010 14:47, Steve Staples sstap...@mnsi.net wrote: Wow... this thread SURE went WAY off my original topic... All I was looking for, was a webserver that would serve PHP pages, that was not installed on the machine. Now, if the machine was *nix or Windose, it didn't matter. I know in Python, you just have to install python, and then you can use Cherrypy (but i dont know python, nor do i want to create the app i am creating with a language i dont full know/understand). Anyway, I spent a bit of time on the interwebs this weekend, and after trying just about every one i could find, I am just going to go with XAMPP, and remove all the stuff i dont need, and trim some fat, and remove all the hard links to the /opt/lampp directory in linux, and figure out what it is in windose later... anyway, thanks for all the ideas. Steve. On Sun, 2010-09-12 at 22:37 -0400, Paul M Foster wrote: On Sun, Sep 12, 2010 at 02:07:12PM -0400, tedd wrote: At 1:47 PM -0400 9/12/10, Jason Pruim wrote: On Sep 12, 2010, at 1:33 PM, tedd wrote: So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? I may not know all the possibilities but the only way I can think of to accomplish that would be to have a server setup in their office with a bank of modems and have everyone call into the server. Basically like an old school internet provider. If the main server can be secured to your clients liking there are ways that it can be on the net and still as safe as possible... But obviously not as safe as hard lines being dialed in... You'ld also have to take into account possibly long distance charges if everyone wasn't local... Forget modems or other such outside access -- everything would be done internally with computers and users being physically located within the office's physical location. So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? I just think I couldn't possibly be fully understanding what you're asking. But in case I *do* understand it, it would be like this: Set up a switch in the server room and connect everyone to it. Connect the switch to the internal webserver. Give the webserver an internal (non-routable) IP and hostname. Anyone can access it via http://internal_hostname/my_script.php No one outside the LAN can access it, something you can enforce with Apache or with iptables (Linux). I have one of these set up in my house/office. Hope this helps. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
At 4:42 PM -0400 9/10/10, Daniel Brown wrote: On Fri, Sep 10, 2010 at 16:37, Steve Staples sstap...@mnsi.net wrote: Ok, here it goes... I am building an app, that requires a web interface. -snip- i want to be able to run it on like port 8880 or something... just looking out there fro something... I had written one about two years ago for a project, but the code belongs to the client company, so it won't make it to open source. However, not only can it be done, but there's even some in existence. Check this one out: http://nanoweb.si.kz/ I've never used it myself, but it may be worth a shot for you. -- /Daniel P. Brown A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: At 4:42 PM -0400 9/10/10, Daniel Brown wrote: On Fri, Sep 10, 2010 at 16:37, Steve Staples sstap...@mnsi.net wrote: Ok, here it goes... I am building an app, that requires a web interface. -snip- i want to be able to run it on like port 8880 or something... just looking out there fro something... I had written one about two years ago for a project, but the code belongs to the client company, so it won't make it to open source. However, not only can it be done, but there's even some in existence. Check this one out: http://nanoweb.si.kz/ I've never used it myself, but it may be worth a shot for you. -- /Daniel P. Brown A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Cheers, tedd -- --- http://sperling.com/ Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Standalone WebServer for PHP
A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Cheers, tedd Hey, one I can answer! The short answer is Yes. It can be done in a firewall: for instance, take the following network setups. 1) Internal machines on a single range (10.10.0.1-10.10.0-254), gateway machine at 10.10.0.1, web server at 10.10.0.2. In this situation, the gateway passes traffic web traffic from outside to 10.10.0.2/80 (destination NATing, in linux's iptables), and traffic from inside to 10.10.0.2/8880. There's no reasonable way for outside traffic to reach the web server, but the web server can still reach the outside world. If you don't want to have ANYONE outside the private network reach the web server, you can eliminate the dnat rule so port 80 traffic isn't forwarded. If the employees need access from outside, a VPN would work best, as Ash suggested, but there are other options. The catch is that you need to either use virtual hosts, which brings one set of problems, or two pieces of web-server software (two instances of apache, for instance), which brings a different set of problems. 2) All systems on publicly reachable addresses (230.54.8.0-230.54.8.254, to pick at random). The web server is at 230.54.8.2, there is no gateway. The firewall here needs to be on the web server, since there is no gateway, and it only allows port 8880 traffic in if it's from the range 230.54.8.0/24. Again, if no external access is necessary, it can be simplified somewhat. In either instance, employees with permanent IP addresses at home can be allowed in via the firewall. -Alex 3) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash Ash: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sep 12, 2010, at 1:33 PM, tedd wrote: At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash Ash: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Tedd- What do you mean without ever being connected to the internet? That statement throws me a bit because if it isn't connected to the public net the only alternative would be to run hard lines between hosts. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
At 1:40 PM -0400 9/12/10, Joshua Kehn wrote: On Sep 12, 2010, at 1:33 PM, tedd wrote: So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Tedd- What do you mean without ever being connected to the internet? That statement throws me a bit because if it isn't connected to the public net the only alternative would be to run hard lines between hosts. Regards, -Josh -Josh: Yes, to connect the physically local computers together via hard lines (Ethernet) or via a router. But in my above context closed to the Internet would mean no outside connection. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sep 12, 2010, at 1:33 PM, tedd wrote: At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: On Sun, 2010-09-12 at 12:55 -0400, tedd wrote: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN? Thanks, Ash Ash: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Hi tedd, I may not know all the possibilities but the only way I can think of to accomplish that would be to have a server setup in their office with a bank of modems and have everyone call into the server. Basically like an old school internet provider. If the main server can be secured to your clients liking there are ways that it can be on the net and still as safe as possible... But obviously not as safe as hard lines being dialed in... You'ld also have to take into account possibly long distance charges if everyone wasn't local... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
At 1:18 PM -0400 9/12/10, Andy McKenzie wrote: A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Cheers, tedd Hey, one I can answer! The short answer is Yes. It can be done in a firewall: for instance, take the following network setups. 1) Internal machines on a single range (10.10.0.1-10.10.0-254), gateway machine at 10.10.0.1, web server at 10.10.0.2. In this situation, the gateway passes traffic web traffic from outside to 10.10.0.2/80 (destination NATing, in linux's iptables), and traffic from inside to 10.10.0.2/8880. There's no reasonable way for outside traffic to reach the web server, but the web server can still reach the outside world. If you don't want to have ANYONE outside the private network reach the web server, you can eliminate the dnat rule so port 80 traffic isn't forwarded. If the employees need access from outside, a VPN would work best, as Ash suggested, but there are other options. The catch is that you need to either use virtual hosts, which brings one set of problems, or two pieces of web-server software (two instances of apache, for instance), which brings a different set of problems. 2) All systems on publicly reachable addresses (230.54.8.0-230.54.8.254, to pick at random). The web server is at 230.54.8.2, there is no gateway. The firewall here needs to be on the web server, since there is no gateway, and it only allows port 8880 traffic in if it's from the range 230.54.8.0/24. Again, if no external access is necessary, it can be simplified somewhat. In either instance, employees with permanent IP addresses at home can be allowed in via the firewall. -Alex 3) -Alex: Many thanks -- now I need to figure what you said and how to implement it. :-) Does this mean that my client will need a physically local server with fire-wall software protection or can this be done in conventional remote hosting environment with htaccess (or whatever) directives? I really need to understand the basics. Thanks for your help. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
At 1:47 PM -0400 9/12/10, Jason Pruim wrote: On Sep 12, 2010, at 1:33 PM, tedd wrote: So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? I may not know all the possibilities but the only way I can think of to accomplish that would be to have a server setup in their office with a bank of modems and have everyone call into the server. Basically like an old school internet provider. If the main server can be secured to your clients liking there are ways that it can be on the net and still as safe as possible... But obviously not as safe as hard lines being dialed in... You'ld also have to take into account possibly long distance charges if everyone wasn't local... Forget modems or other such outside access -- everything would be done internally with computers and users being physically located within the office's physical location. So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, Sep 12, 2010 at 11:03 PM, tedd tedd.sperl...@gmail.com wrote: At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote: I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance. I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet? definitely yes. many online web apps we see on internet spend their early age in incubators not connected to internet. in other terms, in 'local area networks' which use almost same set of internet standard protocols. ~viraj Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors. So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? Maybe I should ask my grandson. :-) Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, 2010-09-12 at 14:07 -0400, tedd wrote: At 1:47 PM -0400 9/12/10, Jason Pruim wrote: On Sep 12, 2010, at 1:33 PM, tedd wrote: So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet? I may not know all the possibilities but the only way I can think of to accomplish that would be to have a server setup in their office with a bank of modems and have everyone call into the server. Basically like an old school internet provider. If the main server can be secured to your clients liking there are ways that it can be on the net and still as safe as possible... But obviously not as safe as hard lines being dialed in... You'ld also have to take into account possibly long distance charges if everyone wasn't local... Forget modems or other such outside access -- everything would be done internally with computers and users being physically located within the office's physical location. So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? Cheers, tedd -- --- http://sperling.com/ Set it up like a regular server but without a connection to the outside world and then the computers can connect to it as you need. For ease of use you could pick some subdomain name of the existing domain for the company (intranet.business.com for example) and then change the hosts file on the client computers to recognise this and point to the internal server. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Standalone WebServer for PHP
On Sun, Sep 12, 2010 at 11:37 PM, tedd tedd.sperl...@gmail.com wrote: At 1:47 PM -0400 9/12/10, Jason Pruim wrote: So, could a server be set up in an office that would run web-languages such that users in the office could access their server and run scripts using browsers? yes, it's just few steps. 1. connect all computers through a router and bring the access need machines in to one ip-block range 2. pick a computer to use as the server (which you have to install the web server, database server) firewalls, proxy-servers come later in the story :) this is bit off the topic in a php list. but i'm sure you will get some good hints. ~viraj Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Sun, Sep 12, 2010 at 1:51 PM, tedd tedd.sperl...@gmail.com wrote: At 1:18 PM -0400 9/12/10, Andy McKenzie wrote: A question, to clarify my fuzzy thinking about such things: Can a business have a server connected to the Internet but limit access to just their employees? I don't mean a password protected scheme, but rather the server being totally closed to the outside world other than to their internal employees? Or is this something that can only be provided by a LAN with no Internet connection? Cheers, tedd Hey, one I can answer! The short answer is Yes. It can be done in a firewall: for instance, take the following network setups. 1) Internal machines on a single range (10.10.0.1-10.10.0-254), gateway machine at 10.10.0.1, web server at 10.10.0.2. In this situation, the gateway passes traffic web traffic from outside to 10.10.0.2/80 (destination NATing, in linux's iptables), and traffic from inside to 10.10.0.2/8880. There's no reasonable way for outside traffic to reach the web server, but the web server can still reach the outside world. If you don't want to have ANYONE outside the private network reach the web server, you can eliminate the dnat rule so port 80 traffic isn't forwarded. If the employees need access from outside, a VPN would work best, as Ash suggested, but there are other options. The catch is that you need to either use virtual hosts, which brings one set of problems, or two pieces of web-server software (two instances of apache, for instance), which brings a different set of problems. 2) All systems on publicly reachable addresses (230.54.8.0-230.54.8.254, to pick at random). The web server is at 230.54.8.2, there is no gateway. The firewall here needs to be on the web server, since there is no gateway, and it only allows port 8880 traffic in if it's from the range 230.54.8.0/24. Again, if no external access is necessary, it can be simplified somewhat. In either instance, employees with permanent IP addresses at home can be allowed in via the firewall. -Alex 3) -Alex: Many thanks -- now I need to figure what you said and how to implement it. :-) Does this mean that my client will need a physically local server with fire-wall software protection or can this be done in conventional remote hosting environment with htaccess (or whatever) directives? I really need to understand the basics. Thanks for your help. Cheers, tedd -- --- http://sperling.com/ Tedd, First off, I don't recommend trying to build a secure firewall yourself if you don't know what you're doing, much like I wouldn't recommend building your own web server. There are a lot of potential pitfalls, and ways to make things look like they're secure when they really aren't. That said, here's my take. It sounds from what you said like you have a client with the following setup: - Machines in the office, probably on a private subnet with a single public IP showing (this is Network Address Translation, or NAT). - A remote server rented from a hosting company. Hopefully it's running Linux/Apache, rather than Windows/anything, because it's easier (for me, at least) if it's linux. I'll assume it's running Linux and Apache, since most hosting companies do things that way, in my experience. This is potentially the hardest setup, security-wise. You're looking at all data having to travel over a network connection, which means it's inherently insecure, and you may not have full access to the server. If you've got access to either the firewall or the apache config on the server, though, you can make it work. There are two options. 1) Firewall. You can use the firewall (iptables, in my assumed scenario) to restrict who can reach the server. Find someone who knows what they're doing to set this up, or you can lock yourself out of the server really easily -- I've done it several times at work, and it's always embarrassing. 2) Apache config. You can set a particular subdirectory of your Apache install -- or the whole thing! -- to only be accessible to people from certain domains or IPs. The way to do this is to use a Deny all directive, followed by, say Allow .myclient.com or Allow 231.30.8.17 if that's your gateway. See http://articles.techrepublic.com.com/5100-22_11-5076696.html for some basic information -- look at the section with the header Restrict access. This is easier, but I'm not sure whether it's as secure. Best, of course, would be to do both. That way no one unauthorized should be able to reach the server, but if they manage, it should still lock them out. Now: this all works the same for an internal server. The only difference really is that you're in full physical control, and you can drop the whole thing behind a gateway firewall as well as the internal firewall. It is generally a good idea to let a server access the internet, since that's the easiest way to download and install
Re: [PHP] Standalone WebServer for PHP
Steve Staples wrote: Ok, here it goes... I am building an app, that requires a web interface. I am using PHP becuase I am familiar with it. Most of the app's i've been looking at, use Python, Cherry.py and stuff, but what I was wondering, is is there a way to create a php CLI app, that creates it's own web server even if apache is installed. Yep, that's no big deal. A webserver is just some code that listens for requests on port XX, processes the requests and sends back suitably formatted responses. -- Per Jessen, Zürich (12.2°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
OH, i forgot to mention, if it ran on windows or linux, and required no install, just ran as an executable or something. Steve. On Fri, 2010-09-10 at 16:37 -0400, Steve Staples wrote: Ok, here it goes... I am building an app, that requires a web interface. I am using PHP becuase I am familiar with it. Most of the app's i've been looking at, use Python, Cherry.py and stuff, but what I was wondering, is is there a way to create a php CLI app, that creates it's own web server even if apache is installed. i want to be able to run it on like port 8880 or something... just looking out there fro something... TIA! Steve -- Steve Staples Web Application Developer 519.258.2333 x8414 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
On Fri, Sep 10, 2010 at 16:37, Steve Staples sstap...@mnsi.net wrote: Ok, here it goes... I am building an app, that requires a web interface. I am using PHP becuase I am familiar with it. Most of the app's i've been looking at, use Python, Cherry.py and stuff, but what I was wondering, is is there a way to create a php CLI app, that creates it's own web server even if apache is installed. i want to be able to run it on like port 8880 or something... just looking out there fro something... I had written one about two years ago for a project, but the code belongs to the client company, so it won't make it to open source. However, not only can it be done, but there's even some in existence. Check this one out: http://nanoweb.si.kz/ I've never used it myself, but it may be worth a shot for you. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Standalone WebServer for PHP
Daniel Brown wrote: On Fri, Sep 10, 2010 at 16:37, Steve Staples sstap...@mnsi.net wrote: Ok, here it goes... I am building an app, that requires a web interface. I am using PHP becuase I am familiar with it. Most of the app's i've been looking at, use Python, Cherry.py and stuff, but what I was wondering, is is there a way to create a php CLI app, that creates it's own web server even if apache is installed. i want to be able to run it on like port 8880 or something... just looking out there fro something... I had written one about two years ago for a project, but the code belongs to the client company, so it won't make it to open source. However, not only can it be done, but there's even some in existence. Check this one out: http://nanoweb.si.kz/ I've never used it myself, but it may be worth a shot for you. I use this as a mini web server on my XP workstation just for testing little things. I have no idea how well it will perform in real world use nor have I tried it on any *nix setup. Just my experiences... Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
