On Mon, 28 Aug 2023 12:13:35 +0930
Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> On Sun, 2023-08-27 at 17:39 +0200, Franta Hanzlík via users wrote:
> > There is also the question of security and resistance to attacks from
> > the Internet. And since the attacks will most likely go to the IP address
> > (not the ServerName), it might be a good idea to make one more (fake)
> > Virtualhost as the default ("first listed") VirtualHost - and on it have
> > minimal configuration, secure DocumentRoot and so on). Or am I mistaken?
>
> Correct that attacks will go to the IP address, and you're probably
> more likely to get IP scanning finding you than someone targeting a
> particular domain. Though the reverse may be true if you publish
> anything that triggers the dingbats on the internet.
>
> Also correct that you may want to ensure a particular virtual host is
> your default one. You may want that to be your main website, you may
> want that to be some kind of defensive configuration. There's another
> advantage in the default virtual host being the wrong website, it may
> aid you in checking you've configured things right for your real
> website.
>
> The conf.d/*.conf files are processed in alphabetical order, so name
> your default virtual host's configuration file to be picked first (e.g.
> 000-default.conf). Filenames don't have to be the same as the domain
> name, by the way.
> --
IMO this alphabetical order processing (assuming that provided
the conf.d/*.conf files are either vhost-only, or no-vhost-only (ie the
definition for the "main" server)) is only relevant for determining what
the "default" virtual server (serving to other vhost unassigned requests)
will be. Because according to
https://httpd.apache.org/docs/2.4/vhosts/details.html:
"Essentially, the main server is treated as "defaults" or a "base" on which to build each vhost.
But the positioning of these main server definitions in the config file is largely irrelevant -- the entire config of the main server has been parsed when this final merging occurs.
So even if a main server definition appears after a vhost definition it might affect the vhost definition."
So the process of building the configuration of individual vhosts looks
like this (IMO):
- After loading all .conf files, the "main" server configuration is created - which
serves as default parameters for all vhosts.
- Then the configuration of individual vhosts is built, where the definition
from the alphabetically first file (matching the IP:port request) determines
the "default" server.
- So when all vhosts listen on all interfaces and all their IPs and using only
standard ports 80/http and 443/https there will be one "default" server
for http and one "default" for https.
---
Franta Hanzlik
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
