08-08-2006 02:09 PM - edited 02-21-2020 01:05 AM
Hello all,
we have a small block of class C ip addresses (less than 10), and need to host approximately 100 web sites, and each IP will represent about 20 sites.
This is normally possible using "host header information" and we would like to be able to use the same thing after we install a Pix 525e firewall to protect the web server. I am assuming this is possible? what we would do is map static outside IP addressess to inside IP addresses such as "static (inside, outside) 205.55.35.133 192.168.10.133".
Will there be a problem with multiple Web sites being mapped to a single IP i.e. will the PIX firewall pass that information to IIS and not discard it?
Much obliged for your answers!
John
Solved! Go to Solution.
08-08-2006 03:12 PM
Hi,
I was referring to HTTP inspect/fixup, but I dont believe this covers the HOST header.
Glen
08-08-2006 02:22 PM
Hi John,
A PIX by default, with just a static, wont strip/change the HOST header in HTTP requests, so any translation will still retain this information, I believe.
Anyone please correct me if i'm wrong.
Good luck,
Glen
08-08-2006 03:09 PM
Yes should work. PIX won't look at the http header. It will look at layer 4 and layer 3 part of the packet, apply the access list and then matches the Static NAT.
Hope this answers your questions,
Regards,
08-08-2006 03:12 PM
Hi,
I was referring to HTTP inspect/fixup, but I dont believe this covers the HOST header.
Glen
08-08-2006 09:21 PM
Nope also the fixup won't look at the host header. However, it inspects any milicious command within the HTTP request.
Hope this helps,
Regards,
08-09-2006 05:07 AM
Thanks everyone for your replies...!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide