Re: 2.4 named virtual hosts question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There has to be some configuration Apache will use if it cannot match any virtualhost; or, if no hostname is specified by client. You can make a configuration that denies access in this case, and put it before others. That's what I use: 


<VirtualHost *:80>
    ServerName default

    <Directory />
        AllowOverride none
        Order Allow,Deny
        Require all denied
    </Directory>
</VirtualHost>

SSLStrictSNIVHostCheck on
<VirtualHost *:443>
    ServerName default

    SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    <Directory />
        AllowOverride none
        Order Allow,Deny
        Require all denied
    </Directory>
</VirtualHost>

Works great in pair with fail2ban ;)

--

With Best Regards,
Marat Khalili

On 12/09/16 04:43, Ronald F. Guilmette wrote:

A simple question.  Sorry if this is an FAQ.

I'm just bringing up a fresh VM system that I plan to move my small
handful of web sites to.

I'v so far managed to mostly get apache24 installed and configured.
I've moved all of my web sites over to the new system, and it mostly
all seems to be working, but I ran the "httpd -S" command to see
if that would detect any goof-ups on my part.  (It did, but I already
fixed those.)

Now when I run "httpd -S" I am seeing in the output:

===============================================================================
VirtualHost configuration:
*:*                    is a NameVirtualHost
          default server tristatelogic.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:40)
          port * namevhost tristatelogic.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:40)
                  alias www.tristatelogic.com
          port * namevhost 47-usc-230c2.org (/usr/local/etc/apache24/extra/httpd-vhosts.conf:69)
                  alias www.47-usc-230c2.org
          port * namevhost sordid-details.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:94)
                  alias www.sordid-details.com
...
===============================================================================

I have three domains that I want to serve (as vhosts) from this newly
installed server, and all three are mentioned above.  But the part I don't
get (and don't really want) is all that stuff about a default (*:*)
server/service.  How can I get rid of that while still providing service
for my three vhosts?

(Note:  People may say: "Oh, just leave it.  It isn't really any
problem to just leave it."  But I'm paranoid about security, so I'm
always inclined to minimize my attack surface as much as possible.)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux