Thanks, Tom. Improving server security is precisely my highest priority, and you have helped. SP On 08-Mar-2013 5:59, Tom Evans wrote: > On Fri, Mar 8, 2013 at 1:02 PM, Steve Penner <stevepenner1960@xxxxxxxxx> wrote: >> BRIEF BACKGROUND >> From the Internet, users can access my web server using EITHER name >> website1.dynalias.org OR website2.dyndns.blog.com (provided by DynDNS.com >> dynamic DNS). The VHOSTS file sends them to different document routes >> depending on the name they chose. In addition, I can enter >> "http://localhost"; and be taken to a different document root (should not be >> accessible to those outside); this too defined in VHOSTS file (see below). > I have no clue on your rotatelogs issue, but your assumption that the > 'localhost' vhost is not accessible from 'outside' is incorrect. This > vhost would be accessible to anyone connecting remotely and sending a > Host header with the value 'localhost'. > > If you want it to truly be only accessible locally, you should define > multiple NameVirtualHost sockets, and restrict that vhost to solely > requests from the same machine. > > Eg: > > NameVirtualHost *:80 > NameVirtualHost 127.0.0.1:80 > > <VirtualHost *:80> > # externally accessible > </VirtualHost> > > <VirtualHost 127.0.0.1:80> > # internal only > </VirtualHost> > > Cheers > > Tom > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|