How to rewrite addresses gone through firewall - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

How to rewrite addresses gone through firewall

dentadmin

7:08 am on Jul 16, 2009 (gmt 0)

10+ Year Member

Hi Everybody

We've got an organization with Windows servers, and so Apache's running on Win32 on web server *.*.162.2 called newname and the web address is newname.example.com.
We have our old web server which now serves as network server *.*.162.1 and is called old-name, and the previous web address was old-name.example.com.

The new address is preferred and I have tried rewriting old-name to newname, but it appears that since *.*.162.1 is linking to *.*.162.2 through some firewall, the IP addresses in access log are masked, and I guess so is the request, since the rewrite doesn't work. I tried rewriting all requests in httpd.conf to newname.example.com, but it falls in a loop (internal server error).

Network admin says both old-name and newname are domain controllers, and he can't change old-name to newname, as the whole network of hundred-some computers (seeing old-name) would stop working. I'm not familiar with this domain controller thing, but the problem is old-name.example.com is still active and I want a 301 redirect/rewrite. Apache is so flexible with urls, and I bet there's a workaround for this shortcoming of windows configurations here.

Sina

jdMorgan

3:07 pm on Jul 16, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Ask the admin if you can redirect "all port 80 traffic" from old-name to new-name. This would allow you to redirect the "web site server" but to leave the other services alone that still need to be handled by the old-name server. If the answer is yes, then put the redirect in place on old-name.

This means you'll have a Web server on old-name-server whose only function is to redirect to new-name, and you may have to remind everyone from time to time that it needs to be kept in place until *all* links to old-name are changed to new-name. That usually means the redirect will need to be kept in place forever.

Jim

dentadmin

9:10 pm on Jul 16, 2009 (gmt 0)

10+ Year Member

I've spoken with admin once, and that was when he told me that the name change is a no-can-do. In that conversation, he just laughed at my redirect issue, and since then, I wasn't going to talk to him about this. This windows guy just knows how to press Next on wizards.
I was hoping that you say there's some other variable than http_request that may be left intact by the firewall. Is there any diagnostic tool, or log file I can dig into, so that I can get some detailed info on what is exactly coming in, including requests coming from the old-name-server? In access log, along side IP's of traffic directly to newname, I just can see *.*.127.1 (*.*.162.1 changes to *.*.127.1) coming from old-name traffic's requests.

jdMorgan

9:44 pm on Jul 16, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

If the domain name is still assigned to the old server, and the 'site' is no longer on that old server, then there is no trick you can do other than what I outlined above; Requests for the old domain name will go to that server, and that server must be configured to redirect those requests to the new server using the new domain name. It seems you imagine that there is some 'magic' in the firewall that will prevent requests from being sent to the intended recipient, and that is not the case.

To prevent this from happening again, do not use the company-standard domain name for the new server, since obviously, the system admin and his group feel that they can take it away from you (for their own reasons) and may do so again. Use a unique new name instead, and have the DNS set up to route it. In this way, you can change the DNS to point to a new IP address any time you like. All you'll need is the permission/capability to add and modify the DNS settings. DNS is what maps domain names to IP addresses, so you use your own domain name to avoid having the name taken away, and if the IP address of the server needs to change, you just change the DNS record.

Jim