Linking www server to ftp server question. . .

Linking www server to ftp server question. . .

Post by Jm Smt » Fri, 09 Mar 2001 07:49:54



The ftp server saga continues.

What we are trying to do, is to make our Material Safety Data Sheets
[MSDS's] available to our customers via our web site.  We do not host
the web site.  We are going to host the ftp server.  All MSDS's will be
burned onto a CD in .pdf format.  We would like our customers to be able
to click on an icon on the web page that will link directly to the file
on the ftp server.

The ftp server is set up, it operates properly, we've set the firewalls
on the router and on the ftp machine according to the latest thinking to
keep out the script morons and it seems to work [we get scanned alot,
but no one gets in].

Here's the question/problem.  From what I can determine, when someone
hits the www page, and then clicks on the link for the file on the ftp
server, the IP address of the user's machine [rather than the IP address
of the www server] is what is seen by the ftp machine.  This creates an
obvious security headache [we have to allow almost everybody].

So, is there a way to hard link the www server to the ftp machine so
that we can just allow the www server's IP address in the "hosts.allow"
file [and deny everybody else]?

TIA
--
J'm

To Reply Direct, Remove Clothes.
...-.-

 
 
 

Linking www server to ftp server question. . .

Post by Michael A. Dickerso » Fri, 09 Mar 2001 09:40:55



Quote:> Here's the question/problem.  From what I can determine, when someone
> hits the www page, and then clicks on the link for the file on the ftp
> server, the IP address of the user's machine [rather than the IP address
> of the www server] is what is seen by the ftp machine.  This creates an
> obvious security headache [we have to allow almost everybody].

Of course the connection comes from the client's IP; it's the client that
wants the document, not the web server.

Quote:> So, is there a way to hard link the www server to the ftp machine so
> that we can just allow the www server's IP address in the "hosts.allow"
> file [and deny everybody else]?

Well, you're asking the www server to proxy for ftp requests, which can be
done, but not without installing software for it on the web server.  There
is no such capability in the HTTP protocol, which is designed for simple
client-server transactions.  (And I think Apache will only proxy HTTP, by
itself.)  If you don't admin the web server, you'll probably just have to
suck it up and allow anonymous ftp.

Of course, if I'm wrong, I'd be interested to know how this could be done..

M.D.

 
 
 

Linking www server to ftp server question. . .

Post by mic.. » Fri, 09 Mar 2001 17:53:56



> The ftp server saga continues.
> What we are trying to do, is to make our Material Safety Data Sheets
> [MSDS's] available to our customers via our web site.  We do not host
> the web site.  We are going to host the ftp server.  All MSDS's will be
> burned onto a CD in .pdf format.  We would like our customers to be able
> to click on an icon on the web page that will link directly to the file
> on the ftp server.
> The ftp server is set up, it operates properly, we've set the firewalls
> on the router and on the ftp machine according to the latest thinking to
> keep out the script morons and it seems to work [we get scanned alot,
> but no one gets in].
> Here's the question/problem.  From what I can determine, when someone
> hits the www page, and then clicks on the link for the file on the ftp
> server, the IP address of the user's machine [rather than the IP address
> of the www server] is what is seen by the ftp machine.  This creates an
> obvious security headache [we have to allow almost everybody].
> So, is there a way to hard link the www server to the ftp machine so
> that we can just allow the www server's IP address in the "hosts.allow"
> file [and deny everybody else]?

There is at least the resource to run squid on the www box. It will
contact itself the ftp server and service the query. This works like a
charm and is not difficult to configure. Highly recommended.

Quote:> TIA
> --
> J'm
> To Reply Direct, Remove Clothes.
> ...-.-

--
Michel Talon
 
 
 

Linking www server to ftp server question. . .

Post by Mitterwald, Holge » Fri, 09 Mar 2001 21:55:09


Hello Michael,



> > Here's the question/problem.  From what I can determine, when someone
> > hits the www page, and then clicks on the link for the file on the ftp
> > server, the IP address of the user's machine [rather than the IP address
> > of the www server] is what is seen by the ftp machine.  This creates an
> > obvious security headache [we have to allow almost everybody].

> Of course the connection comes from the client's IP; it's the client that
> wants the document, not the web server.

> > So, is there a way to hard link the www server to the ftp machine so
> > that we can just allow the www server's IP address in the "hosts.allow"
> > file [and deny everybody else]?

> Well, you're asking the www server to proxy for ftp requests, which can be
> done, but not without installing software for it on the web server.  There
> is no such capability in the HTTP protocol, which is designed for simple
> client-server transactions.  (And I think Apache will only proxy HTTP, by
> itself.)  If you don't admin the web server, you'll probably just have to
> suck it up and allow anonymous ftp.

> Of course, if I'm wrong, I'd be interested to know how this could be done..

See the Apache-Documentation concerning proxy. You can configure Apache
so
that it will work as Proxy. Worked fine - and Files are always
transfered
over the (well known" Web-Server.

Best regards,
   Holger

 
 
 

1. Novell Netware WWW Servers versus Linux WWW Servers

Hi,
  could you please consider this posting on behalf of a colleague :

        Does any one have experience with Novell Netware  WEB servers, e.g.
        Sitebuilder ?
        Are they stable, do they properly support modern WWW facilities, such as
        CGI, SSI?
        Unless I provide my college with strong reasons in favour of a Linux
        based WWW server, they will switch to a Novell Netware based one, due to
        the lack of Unix expertise within the college.
        I will be most grateful for any advise on this matter.


        Persephoni

        Dr Persephoni Karaolani, Senior Lecturer, I.T. Department,
        Liverpool Hope University College, Woolton Road,

Thanks in advance.

                        Paul

-----------------------------------------------------------------------------
Paul Hazlewood
Research Assisstant
I.T. Department,
Liverpool Hope University College, Woolton Road,
Liverpool L16 8ND

-----------------------------------------------------------------------------

2. HSP modems???

3. FreeBSD Web servers (was Re: NT server vs workstation for WWW server)

4. Will a DLink 530 Tx run on linux

5. WWW SERVER: New, small, fast and FREE web server

6. Bash vs. Korn shell Problem

7. apache www server with frontpage server extensions

8. Solaris x86 10/1 install entering boot debugger c000:2dd7

9. Possible to config DNS to go to 2nd WWW server when primary server down?

10. How to build WWW server and EMAIL server?

11. How to build WWW server and Email servers?

12. WWW server to SQL Server

13. WWW Server and mail Server