I will modify my HOWTO documents to reflect the DocumentRoot location concern today. As far as the semi-configured 443, I have to confess I cheated. I copied a 443-enabled virtual machine to a new VM to experiment with some-web based dashboard tools on an air-gapped system. I forgot to disable the 443 instance of the server. Well, I'm grateful for this experience. I love it when a simple forum post results in a development towards improved practices. I first posted on this list some 16 or 17 years ago and even after all this time, the culture of the mailing list is as proactive and progressive as it's always been. Timothy D Legg > On 01/12/17 18:36, Timothy D Legg wrote: >> and then believes that running a2dissite on all these, perhaps to make a >> backup of a php-encrusted website (such as mine) that the document root >> will default to the top level of all these sites and perhaps reveal SQL >> passwords in the process. >> >> I hope this is not true... > > As far as I understand it will work exactly as you described, although > keeping virtual hosts under default document root is not a good > practice. Also, leaving Apache listen to some port without configuring > site on that port does not look like good practice too. > > I personally favour creating default virtualhost with dummy name which > (among other things) will get shown to bots that don't provide host name > or SNI. For instance, it may always return 403. > > -- > > With Best Regards, > Marat Khalili > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx