RE: Problem with NameVirtualHost and VirtualHost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Gregor Schneider [mailto:rc46fi@xxxxxxxxxxxxxx] 
> Sent: Wednesday, November 21, 2007 5:33 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Problem with NameVirtualHost and 
> VirtualHost
> 
> Hi Owen!
> 
> On Nov 21, 2007 4:59 PM, Boyle Owen <Owen.Boyle@xxxxxxx> wrote:
> >
> > That's about right... You didn't (mercifully :-) show us 
> your complete config,
> >
> well, if u need some reading-stuff. I'll send them to ypu right away
> or, if you prefer, post 'em here on the list ;)
> 
> > but I'm guessing you just used ServerAlias directives 
> instead of ServerName.
> 
> absolutely correct
> 
> > As far as VH resolution is concerned, they are equivalent. 
> You might get problems with redirect and self-referential 
> URLs, however.
> 
> ehem?
> 
> Could you specify what you mean by this?

Apache makes a self-referential URL when you do a 301/302 redirect to
another part of the same site (eg, Redirect /old.page /new.page). It
needs to know the name of the host to put at the front of the URL in the
Location header. Usually, it gets this from the ServerName directive. If
you haven't defined one, it makes one up by reverse-DNSing the IP
address of the VH (in extremis, it just uses the IP address). If you are
using NBVHs, then all your VHs have the same IP so a reverse DNS lookup
of the IP returns a list of domain-names. I think apache just uses the
first one, in this case. So if you had three VHs on the same IP and and
you had a redirect in VH3 as above, a request for http://host3/old.page
would be redirected to http://host1/new.page - which is probably not
what you want.

Having said all that, I'm not sure how ServerAlias affects all this.
>From a strict reading of the docs, it doesn't. But you never know...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> What I did to every vhost is, that I specified a vhost on port80 and
> one on 443.
> When coming in through port 80, then a small rule via mod_rewrite
> redirects the request to port 443, and this also works like charm.
> 
> Here's the rule:
> 
> RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1
> 
> > It is true that if you don't care about browser warnings, 
> or that the session is encrypted using the cert from the 
> first VH only, then name-based VHing under SSL will *seem* to 
> work. It's fine for a test environment but this is no 
> solution for the real world (would you type your credit card 
> number into a website that seemed to be called nice-shop.com 
> but your browser was complaining that the certificate was 
> registered to evil-crook.com?)
> >
> 
> I absolutely agree with you on that one. However, it's just a
> test-server for internal development mirroring the production-server's
> environment, and the struggle with our network-admins allowing us
> additional IPs for that server is something I'd rather avoid ;)
> 
> Cheers!
> 
> Gregor
> -- 
> what's puzzlin' you, is the nature of my game
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux