A working WWW server for CCIE Security


I have been playing around with this for quite some time now, and finally got it working.

It's hardly a complicated requirement, just need a server to host two websites (www.good.com, and www.bad.com). However, I tried loads of different live CDs, tried fresh installs, lots of different qemu images, and all had issues of one sort or another - such not having Apache installed, the NIC not working, and so on and so forth.

I made some good headway yesterday when I found Suse Studio, this allows you to create an image, with as much or as little on it as you need. You can then download it as a qemu image, which works nicely with UNetLab.

So now I have a working setup.

I won't be keeping the Win host there, that was just for testing as I have not sorted out the rest of the topology yet.

The Apache configuration is working and serving the two websites:



If you want to set this up at home then you will need to have apache running two virtual hosts. The conf files need to live under /etc/apache2/vhosts.d/ (for Suse at least). The configurations are below:

good.com.conf:

<VirtualHost *:80>
    ServerAdmin webmaster@www.good.com
    ServerName www.good.com
    DocumentRoot /srv/www/vhosts/www.good.com
    ErrorLog /var/log/apache2/www.good.com-error_log
    CustomLog /var/log/apache2/www.good.com-access_log combined
    HostnameLookups Off
    UseCanonicalName Off
    ServerSignature On
    ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.good.com/cgi-bin/"
    <Directory "/srv/www/vhosts/www.good.com/cgi-bin">
        AllowOverride None
        Options +ExecCGI -Includes
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
    <IfModule mod_userdir.c>
        UserDir public_html
        Include /etc/apache2/mod_userdir.conf
    </IfModule>
    <Directory "/srv/www/vhosts/www.good.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
</VirtualHost>

bad.com.conf:

<VirtualHost *:80>
    ServerAdmin webmaster@www.bad.com
    ServerName www.bad.com
    DocumentRoot /srv/www/vhosts/www.bad.com
    ErrorLog /var/log/apache2/www.bad.com-error_log
    CustomLog /var/log/apache2/www.bad.com-access_log combined
    HostnameLookups Off
    UseCanonicalName Off
    ServerSignature On
    ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.bad.com/cgi-bin/"
    <Directory "/srv/www/vhosts/www.bad.com/cgi-bin">
        AllowOverride None
        Options +ExecCGI -Includes
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
    <IfModule mod_userdir.c>
        UserDir public_html
        Include /etc/apache2/mod_userdir.conf
    </IfModule>
    <Directory "/srv/www/vhosts/www.bad.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
</VirtualHost>
Then all you need is a simple HTML page under /srv/www/vhosts/www.good.com/ and /srv/www/vhosts/www.bad.com/.

Apache can be started using the command "rcapache2 start", but you do need to switch to the root user, using "su -" and type in the root password, which is "linux".

The VM also has:
  • Bind (DNS)
  • NTP
  • FTP (Server)
This makes it a bit useful for future play!

If you want to download the VM, which is pre-IP'd and set up you can click the download link below. All you need to do is set up a hosts entry of DNS entry pointing to the VM's IP address (198.250.99.100). Note that the password for all accounts is "linux".

CCIE #49337, author of CCNA and Beyond, BGP for Cisco Networks, MPLS for Cisco Networks, VPNs and NAT for Cisco Networks.

Related Posts

Previous
Next Post »

7 comments

comments
2 April 2016 at 13:30 delete

download link is not working mate

Reply
avatar
2 April 2016 at 15:50 delete

works for me, what happens when you try?

Reply
avatar
Anonymous
3 April 2016 at 11:59 delete

Hi, I also have a 403 when I try to download the VM. Could you check this?

Thanks!!!

Reply
avatar
4 April 2016 at 12:33 delete

I will move it to a different host

Reply
avatar
bamo
6 April 2016 at 18:44 delete

Hello, it's a good work you're doing on here, am also preparing for my CCIE lab exam, was wondering if we setup the lab topology together using UNETLAB has you're on it already and am also trying to setup the same on my PC

Reply
avatar