Re: Alias-ed directory appears on multiple virtual hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

On 08.12.2010 14:13, Tom Evans wrote:
...
And the experienced user has seen these warnings often, so he regularly
clicked on "I understand the risks" and accepted the ssl session anyway -
and it's even wiser in most cases to do because mostly you're better off (in
web 2.0 services for example) with an encrypted transfer and non-secure
identity than with both non-secure...

What 'experienced' (stupid?) users do is neither here nor there. I
rarely trust self signed certs and would never accept a certificate
for a host that isn't what it claims to be. Since 'experienced' users
do do this sort of thing, don't give them an option to do so.

I don't give them this opportunity, neither do you and all the other responsible people on this ML. The reality on the world wide web is different, and leads to users spontanously clicking "I understand the risk" even if it's not really true.

The best way to avoid this problem is not dummy vhosts, it is to not
serve multiple websites from the same IP ...

In an ideal world, yes.
But in this world the number of available IPs is restricted, whereas the
quest for new domains seems endless.

IPv4 addresses aren't exactly tricky to lay your hands on, despite the
endless yearly warnings that IPv4 will run out in the next N years.

If you have a direct contract with the backbone provider, fine.
If your server has a rented place in a data center your IP range is normally restricted.

If you have one SSL site, and many non SSL sites, you should host on 2
distinct IPs, ...

I prefer to keep my few IPs for real SSL services instead of nicer-written configuration.

... The cost of
obtaining a second IP is small compared to the brand cost of having
badly served SSL sites.

My SSL and non-SSL sites are served perfectly now that I found the hack-around (with the help of this ML).
I'd just prefer that apache offered a more concise way to configure that.

/ Bernd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux