listening on INADDR_ANY?

> After some tracing around, and finally staring at code in .c files, I see that
> my only choices for WAKom are "port number" but not "interface", and that the
> chosen interface is 255.255.255.255!
>
> What if I wanted to proxy my Seaside behind Apache, and want to make sure
> that only Apache connects to it?  The logical thing would be to have
> Seaside listen only on 127.0.0.1.  But there's no option for this.
>
> What are other people doing?  How do you restrict access to your Seaside
> instance when you have an inward proxy?
>

> After some tracing around, and finally staring at code in .c files, I see that
> my only choices for WAKom are "port number" but not "interface", and that the
> chosen interface is 255.255.255.255!
>
> What if I wanted to proxy my Seaside behind Apache, and want to make sure
> that only Apache connects to it?  The logical thing would be to have
> Seaside listen only on 127.0.0.1.  But there's no option for this.
>
> What are other people doing?  How do you restrict access to your Seaside
> instance when you have an inward proxy?
>

> -----Mensaje original-----
> De: [hidden email]
> [mailto:[hidden email]] En nombre
> de Randal L. Schwartz
> Enviado el: Martes, 18 de Diciembre de 2007 06:43
> Para: [hidden email]
> Asunto: [Seaside] listening on INADDR_ANY?
>
>
> After some tracing around, and finally staring at code in .c
> files, I see that my only choices for WAKom are "port number"
> but not "interface", and that the chosen interface is 255.255.255.255!
>
> What if I wanted to proxy my Seaside behind Apache, and want
> to make sure that only Apache connects to it?  The logical
> thing would be to have Seaside listen only on 127.0.0.1.  But
> there's no option for this.
>
> What are other people doing?  How do you restrict access to
> your Seaside instance when you have an inward proxy?
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. -
> +1 503 777 0095 <[hidden email]>
> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and
> open-enrollment Perl training!
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

> Randal L. Schwartz wrote:
>>>>>>> "Sebastian" == Sebastian Sastre <[hidden email]> writes:
>> Sebastian> Firewalling that port for others than localhost. Cheers,
>> The trouble is that I'm using the same host for 8 different IPs,
>> and if it listens on all of them, then I have to be careful what the
>> other IPs are doing.
>
> As part of the work for OLPC there is a new version of the Socket  
> Plugin that works with IPv6 and also supports multiple interfaces  
> and protocols and such.
> AFAIK none of this has been ported to other platforms yet. I think  
> the code is checked into the VM svn, but not sure.

> >>>>> "Sebastian" == Sebastian Sastre <[hidden email]> writes:
>
> Sebastian> Firewalling that port for others than localhost. Cheers,
>
> The trouble is that I'm using the same host for 8 different IPs,
> and if it listens on all of them, then I have to be careful what the
> other IPs are doing.
>
> And this affects a lot more than Seaside... because I might also want an RFB
> in there.
>
> I see that there *is* a call to specify the interface in Socket class, but
> there's no support for it at any level higher (such as WAKom).  Would it be
> useful to anyone besides me to allow interface to be specified along with
> Port, patching all the packages from top to bottom to make that work?

> On Dec 18, 2007 7:35 AM, Randal L. Schwartz <[hidden email]> wrote:
>>>>>>> "Sebastian" == Sebastian Sastre <[hidden email]> writes:
>> Sebastian> Firewalling that port for others than localhost. Cheers,
>>
>> The trouble is that I'm using the same host for 8 different IPs,
>> and if it listens on all of them, then I have to be careful what the
>> other IPs are doing.
>>
>> And this affects a lot more than Seaside... because I might also want an RFB
>> in there.
>>
>> I see that there *is* a call to specify the interface in Socket class, but
>> there's no support for it at any level higher (such as WAKom).  Would it be
>> useful to anyone besides me to allow interface to be specified along with
>> Port, patching all the packages from top to bottom to make that work?
>
> It'd be useful to me. I've got a KomHttp server which is highly
> private to the running image. I'm going to want that patching sooner
> or later.