Skip to content Skip to site navigation Skip to service navigation

Virtual Host Proxy Details

Automatic virtual hosting

Virtual URLs are automatically assigned for all individual, group, department, and class websites hosted on This means that you do not need to request a virtual host if you have any of the following:

Personal website under the automatic virtual host is set up at
Example: If your SUNet ID is jdoe, you automatically have a virtual host at These are also available for any SUNet aliases you establish in StanfordYou. Other than these automatic virtual hosts, Stanford does not provide virtual URLs for personal websites.

Group website under the automatic virtual host setup is at
Example: maps to automatically.

Department website under the automatic virtual host setup is at
Example: maps to automatically.

Virtual host eligibility criteria

The Virtual Host Proxy service is available only to departments, research groups, and university-recognized student organizations. Virtual URLs cannot be linked to an individual's personal web page.

In addition to knowing if your website is on before requesting a new virtual host, make sure your website meets the following eligibility criteria:

  • The virtual URL must meet the university name and url assignment requirements. Please see Stanford.EDU Name / URL Assignment Policy.
  • Each organization is entitled to one virtual host proxy, which must closely and unambiguously match its recognized title.
  • Your website must be hosted on Virtual URLs for websites must be handled by the system administrator for that server. The following exceptions to this rule apply:
    • You can request that a virtual URL go to a host outside the domain for services. Example: You can request that go to, provided you can give a valid reason for this redirect.
    • You can request virtual URL and content proxying for non-Apache2 servers that require WebAuth. For instance, if you have an IIS server that only Stanford users should have access to, you can request a virtual URL to be WebAuth-protected and all traffic to be proxied by the proxy servers.
  • The virtual URL host proxy must not already be in use or reserved. Example: If you need the URL, first confirm that the host name sushilovers is not already taken. Visit StanfordWhat to check if a machine with that host name already exists. If the host name already exists, contact the owner or administrator of the host and ask them to relinquish the name first by removing the name from NetDB.


The virtual host name (for example, will simply be redirected to the current actual content site (for example,

This most common type of virtual host service displays the real URL of your website in the browser window after your visitors use the virtual URL to get to the page. If you're not sure what you need, this is probably what you are looking for.


Most new virtual hosts are now set up directly through the sites as described above, and only a few uses for proxy servers remain.

If you do use a proxy server, the actual content server sees all the requests from the proxy and the browser only has contact with the proxy. This means that the virtual URL displays in the browser window after people arrive at your page.

The advantage to using direct proxy is that the real URL of your website will never be displayed to the end user. The disadvantage to using direct proxy is that all requests will appear to come from the proxy servers, making log parsing and metrics analysis of your website more difficult.

Website protection

If your group hosts a server outside of Stanford and you need WebAuth protection, you must request a virtual host proxy.

You can specify the type and level of WebAuth protection you would like for your website. The following are the types of WebAuth protection offered:

  • Allow only members of the Stanford community.
  • Allow only members of one or more workgroups.
  • Allow only a list of specified SUNet IDs.

WebAuth protection can be used in conjunction with basic protection as described below. For more information on how to use user authentication and authorization with WebAuth, please visit the WebAuth documentation and reference the Proxy Server IP Addresses page.

Basic protection
You can limit access to a specific domain or subdomain, commonly This means that only registered computers on the Stanford University network will be allowed to access the website. This feature also requires the Proxy feature. Basic protection can be used in conjunctions with WebAuth protection.

More information

If you have any questions, please submit a ticket:
For Virtual Host Redirect
For Virtual Host Proxy

Last modified July 10, 2021