1 Reply Latest reply: Jun 14, 2007 2:55 PM by 432524 RSS

    WebCache: How to prevent access to corporate intranet sites

      If one site served by the webcache is available on the internet (port 80) than all websites that are on port 80 are also accessible from the internet.

      Is there any configuration to avoid this?

      Here are the details:

      www.site1.com is on the internet under ip1.
      ALTEON (load balancer ) delivers all HTTP traffic on port 80 of ip1 to the webcache port 7777.
      www.site1.com maps to origin server 1.

      site www.site2.com is not published on the internet, nevertheless, if users map www.site2.com to same ip - ip1 on their hosts file, the following will happen:

      http request for site www.site2.com will arrive to the load balancer, which will route the request to port 7777 of webcache.

      beacause site2.com is also on site definitions of this webcache, the request will succeed.

      From this example, it seems there is no way to use the same webcache for caching public sites and internal sites if they are both on same port (80 in this example).

      Of course allow/deny rules on the origin servers will manage the access based on the ip that originates the request, still this does not seem quite elegant.

      It seems that although webcache can listen on several ips/ports, they all will answer to all requests there is no way to configure webcache to respond to site 1 on ip1 and to site 2 on ip 2.

      Does anyone know about any better approach to use the same webcache to serve public and private sites on different ip/ports?