TavoxPeru 0 Report post Posted September 26, 2006 Hi, i develop a web application that runs perfectly on my development machine -Win 2kPro- where i have Apache, Php and MySql installed. A few days ago i went to my client to install it in a Win XP machine that will act as the webserver, so i proceed to install the Apache 2.0.59 webserver, Php 5.1.x and MySql 5.x and my web application and everything installs and works fine without a problem. Then, i proceed to run my web application to test it and also to know if something gone bad, happily everything is fine and works perfectly As you thought this web application will run in a network environment so then i proceed to install in every machine -remote machines- that will access this machine -the webserver- a simple direct access, but as usual nothing is perfect and problems starts to show. When i access my web application via this direct access nothing happens, these remotes machines don't connect to the webserver and only shows a 404 error page, first i try with the URL LOCALHOST/my_web_application_name/ because this works at the webserver, and.... logically it doesn't gonna work at the remote machines because localhost refers only to the webserver so then i change the URL to name and it shows up my web application login screen so i proceed to login but nothing happens and everytime i try to login it always show me again the login page. does someone knows how to configure this direct access to get connected to the webserver or knows an URL that shows how to do this????? Best regards, Share this post Link to post Share on other sites
yordan 10 Report post Posted September 26, 2006 It should work as localhost, because localhost is the system which will look inside the database in order to perform the login. However, don't you have something designing too precisely the original system, for instance the cookie domain and the cookie path ? Of course, these are the problem I usually have with phpbb, probably yours are quite different.Yordan Share this post Link to post Share on other sites
TavoxPeru 0 Report post Posted September 28, 2006 It should work as localhost, because localhost is the system which will look inside the database in order to perform the login. However, don't you have something designing too precisely the original system, for instance the cookie domain and the cookie path ? Of course, these are the problem I usually have with phpbb, probably yours are quite different. Yordan Hi, thanks for your interest, well, i dont touch them in any manner, neither in my development systmen or at my client machine that acts as the webserver. Today i go to my clients office and i found the solution, i simply change the direct access properties by modifiying its URL, instead of /name i only put /machine and now everything works fine. Never wonder that the solution of this topic was so easy and simple. Best regards, Share this post Link to post Share on other sites
yordan 10 Report post Posted September 28, 2006 found the solutionGreat ! Congratitulations !You guess that probably your client network has a small problem, ne sytem names are nok know from all the workstations.I must confess that I have the same problem at home, one of my PC's don't recognize automatically my server's name and I have to type the IP address istead of server name. So, this problem you wil probably have often.Maye a workaround for your future clients could be to add the server's IP in the local hosts file on the PC's which cannot resolve automatically the server's name. Maybe you could just try this for your next client installation, and tell us the results. Share this post Link to post Share on other sites
TavoxPeru 0 Report post Posted September 28, 2006 Great ! Congratitulations !......Maye a workaround for your future clients could be to add the server's IP in the local hosts file on the PC's which cannot resolve automatically the server's name. Maybe you could just try this for your next client installation, and tell us the results.Thanks, and what you say is something that i think after i solve this problem, so tomorrow when i visit my client i will try this solution to see what happens.Tell me something, the file that you mention is this one???SYSTEMDRIVE:\SYSTEMROOT\System32\Drivers\etc\hostsand if i'm right, in this file i only need to put the ip number and the name of the machine, something like this???xxx.xxx.xxx.xxx name_of_the_pc_that_acts_as_webserverBest regards, Share this post Link to post Share on other sites
yordan 10 Report post Posted September 28, 2006 SYSTEMDRIVE:\SYSTEMROOT\System32\Drivers\etc\hostsand if i'm right, in this file i only need to put the ip number and the name of the machine, something like this???xxx.xxx.xxx.xxx name_of_the_pc_that_acts_as_webserverExactly like that.Yordan Share this post Link to post Share on other sites
TavoxPeru 0 Report post Posted October 6, 2006 Exactly like that.YordanThanks, yesterday i went into my clients office and test it to see what happens and happilly it works without any problem, but know comes other questions all related with the security, because this company access internet through its network and this machine acts as a webserver does i need something else to check and configure to avoid any kind of trouble like a hacker, virus, dos attacks, etc?????BTW, i know that XP comes with a firewall but i read in another forum that is better to disable it to work with apache, so when i install the apache i disabled it -the firewall- do you know if i need to reconfigure it to work with my application because of the security as i say before.Best regards, Share this post Link to post Share on other sites
yordan 10 Report post Posted October 9, 2006 OK, you did a webserver install, this was the job your customer asked you to do.Now, your customer needs a security audit.Security people are really strang people, which are rather paranoid, and spend their time thinking how a hacker could enter their customer site.So, you should really ask a security skilled guy to look at this network. The only thing you can tell your customer is "ask a specialist". And this specialist cannot be yourself.This is really a matter of philosophy.Because Apache is in the open world, everybody will be happy when everybody will be able to access everything everywhere in the word.Security people are very closed people. Their main dream is closing everything, so no intruder can come in.For instance, you disabled Microsoft Windows Firewall. This is OK for testing purposes : if you shutdown the firewall and your applican works, then you startup your wirerall and your application does not work any more, this means that your application is blocked by the firewall.Nice, great, for testing purposes you did the right thing, now you know that the firewall blocked your application. But you cannot leave the things like that, because if you leave the firewall down you leave your site without any protection.Of course, everybody know that Microsoft Windows firewall is a very weak protection ; however, it's a kind of protection, and if you remove it you have no protection at all.No, the correct way is : now you know that the firewall blocks the port 80 on your apache server, the next step is to turn the firewal on again, and ask the firewall to let you access the port 80 on the apache server. Even better thought, if your customer has very few computers (let's say ten computers with fixed IP address), you should ask the firewall to open the apache 80 port for only the computers which are supposed to access apache, and block all the other ones.The next step is to ask your customer to buy a "real" professionnal firewall. You will be really surprized if you read the firewall logs, how many computers from all around the world (japan, Canada, Fidji, etc...) try intering your computer.So, for you own knowledge, you could start reading the Xisto forum network security pages, and install on your own PC a firewall like the free part of ZoneAlarm firewall.And, for your customer, give the only professional advice you could imagine : "please rent a network security specialist".If you try by yourself and somebody hacks your customer site, the customer will say that you did a bad job.If you tell the customer to rent a real network specialist, and the customer refuses, then an accident is the responsability of the customer, not yours.RegardsYordan Share this post Link to post Share on other sites
TavoxPeru 0 Report post Posted October 10, 2006 OK, you did a webserver install, this was the job your customer asked you to do.Now, your customer needs a security audit.Security people are really strang people, which are rather paranoid, and spend their time thinking how a hacker could enter their customer site.So, you should really ask a security skilled guy to look at this network. The only thing you can tell your customer is "ask a specialist". And this specialist cannot be yourself.This is really a matter of philosophy.Because Apache is in the open world, everybody will be happy when everybody will be able to access everything everywhere in the word.Security people are very closed people. Their main dream is closing everything, so no intruder can come in.i agree with you absolutely.For instance, you disabled Microsoft Windows Firewall. This is OK for testing purposes : if you shutdown the firewall and your applican works, then you startup your wirerall and your application does not work any more, this means that your application is blocked by the firewall.Nice, great, for testing purposes you did the right thing, now you know that the firewall blocked your application. But you cannot leave the things like that, because if you leave the firewall down you leave your site without any protection.Of course, everybody know that Microsoft Windows firewall is a very weak protection ; however, it's a kind of protection, and if you remove it you have no protection at all.No, the correct way is : now you know that the firewall blocks the port 80 on your apache server, the next step is to turn the firewal on again, and ask the firewall to let you access the port 80 on the apache server. Even better thought, if your customer has very few computers (let's say ten computers with fixed IP address), you should ask the firewall to open the apache 80 port for only the computers which are supposed to access apache, and block all the other ones.The next step is to ask your customer to buy a "real" professionnal firewall. You will be really surprized if you read the firewall logs, how many computers from all around the world (japan, Canada, Fidji, etc...) try intering your computer.Yeah, you are right again, is incredible how many computers try to access a computer, i know it very well, what i dont really know is how to configure the microsoft firewall that comes with XP because i dont work with XP but i dont think it would be complicated, i hope that it compared with zone alarm -i work with sometime ago- will be more easy.So, for you own knowledge, you could start reading the Xisto forum network security pages, and install on your own PC a firewall like the free part of ZoneAlarm firewall.And, for your customer, give the only professional advice you could imagine : "please rent a network security specialist".If you try by yourself and somebody hacks your customer site, the customer will say that you did a bad job.If you tell the customer to rent a real network specialist, and the customer refuses, then an accident is the responsability of the customer, not yours.RegardsYordanThats it, thanks a lot for your advices and i think that for others it will be helpful as well.Best regards, Share this post Link to post Share on other sites
