It's how you do a catchall... there is no other way of doing it - it doesn't cause any problems if you only have one. I have many domains with wildcard DNS it is the clean way of handling those sub-domains I am not serving in a "nice" manner rather than just dropping the requests on the floor.... -----Original Message----- From: Frank <thumbs@xxxxxxxxxx> Sent: 12 October 2020 16:36 To: users@xxxxxxxxxxxxxxxx Subject: Re: Forwarding IP to HTTPS. [EXT] James, Omitting an explicit ServerName in name-based vhosts is a bad idea as well. You can create conflicts or ambiguities. On 12/10/20 11:22 AM, James Smith wrote: > This would be my set-up in your case - note as someone said it was too complex I've removed the extra security bits I'd left in by accident... > > ## Port 80 && 443 default configs... > > <VirtualHost *:80> > RequestHeader unset X-is-ssl > RewriteEngine on > RewriteRule ^(.*)$ https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25-257BREQUEST-5FURI-257D&d=DwICaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=w8mNihZcLdPkrkWTFdVG6LmAT8UO_9FqLV_4Ywf19mc&s=47aeC7VpZqBNUbE_aKiS0JoffbV7H5FyjfM7UmoWTDI&e= [R=permanent,L,NE] > </VirtualHost> > > <VirtualHost *:443> > RewriteEngine on > RewriteRule ^(.*)$ https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25-257BREQUEST-5FURI-257D&d=DwICaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=w8mNihZcLdPkrkWTFdVG6LmAT8UO_9FqLV_4Ywf19mc&s=aVlFo1DDVwr3tEOodTNO7ClXY1kSHj0WWY8i_gvHs-M&e= [R,L,NE] > </VirtualHost> > > ## Port 443 default - this is our main server...... so your main apache config stuff should be in here with SSL configured correctly.. > > <VirtualHost *:443> > ServerName https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwICaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=w8mNihZcLdPkrkWTFdVG6LmAT8UO_9FqLV_4Ywf19mc&s=szdN2RRM4IZr7J-1Pvimaja8Tgaxr2VdeFsiw-dixVU&e= > ... > ... > ... > ... > ... > </VirtualHost> > > If you have more than one domain then you will need to add rules on > port 80 to preserve the hostname & also blocks for each additional > domain > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|