RE: Problem with NameVirtualHost and VirtualHost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Gregor Schneider [mailto:rc46fi@xxxxxxxxxxxxxx] 
> Sent: Wednesday, November 21, 2007 11:32 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Problem with NameVirtualHost and 
> VirtualHost
> 
> hi krist,
> 
> 
> >
> > Are you sure? This looks like Apache behaving against its
> > specification in a big way.
> >
> I am sure since it's working as expected.
> 
> Afaik this issue has been discussed before, I just couldn't find it.
> 
> Against what specs should Apache behave? Any URL quoting those specs?
> 
> As I'm understanding it, Apache parses the URL of the request (after
> SSL-handshake ´mumbling about a wrong cert) and then routes to the
> correct ServerAlias - I can't see what should be wrong in this
> behaviour.

That's about right... You didn't (mercifully :-) show us your complete config, but I'm guessing you just used ServerAlias directives instead of ServerName. As far as VH resolution is concerned, they are equivalent. You might get problems with redirect and self-referential URLs, however.

It is true that if you don't care about browser warnings, or that the session is encrypted using the cert from the first VH only, then name-based VHing under SSL will *seem* to work. It's fine for a test environment but this is no solution for the real world (would you type your credit card number into a website that seemed to be called nice-shop.com but your browser was complaining that the certificate was registered to evil-crook.com?)

It is worth emphasising that this "problem" is nothing specific to do with apache; it's a fundamental feature of HTTP/HTTPS.
 
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> Again, if you have any sources stating different, please let me know.
> 
> Cheers
> 
> Gregor
> 
> 
> > Krist
> >
> >
> >
> >
> > --
> > krist.vanbesien@xxxxxxxxx
> > krist@xxxxxxxxxxxxx
> > Bremgarten b. Bern, Switzerland
> > --
> > A: It reverses the normal flow of conversation.
> > Q: What's wrong with top-posting?
> > A: Top-posting.
> > Q: What's the biggest scourge on plain text email discussions?
> >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
> 
> 
> 
> -- 
> what's puzzlin' you, is the nature of my game
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux