You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Tanner Bachman <tb...@mtharley.com> on 2009/11/09 17:30:12 UTC

[users@httpd] Apache shows code when using IP address

Hi Everyone, 

Forgive me if this seems like a stupid oversight on my part, but I've setup an Apache 2.2.x server with Resin and Railo for my ColdFusion site. This is all running on Ubuntu 9.04 Server. When I call the site by it's domain name, all is well. However, if I use the IP address of the site, it just shows the ColdFusion code of my page. I know this is probably just a simple config error on my part, but I'm stumped. I'm using virtual hosting like this: 


NameVirtualHost x.x.x.x:80 (x.x.x.x being my IP address) 
NameVirtualHost x.x.x.x:443 

# MYSITE.COM (NON-SSL) 
<VirtualHost x.x.x.x:80> 
ServerAdmin me@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

<Directory /var/www/mysite.com/www> 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
</Directory> 

</VirtualHost> 

# MYSITE.COM (SSL) 
<VirtualHost x.x.x.x:443> 
ServerAdmin me@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

<Directory /var/www/mysite.com/www> 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
</Directory> 

SSLEngine On 
SSLProtocol -all +TLSv1 +SSLv3 
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM 
SSLCertificateFile "/var/www/mysite.com/ssl/mysite.crt" 
SSLCertificateKeyFile "/var/www/mysite.com/ssl/mysite.key" 
</VirtualHost> 

If you need more config info, I'd be happy to provide it, but any help would be much appreciated. 

Thanks, 

Tanner

Re: [users@httpd] Apache shows code when using IP address

Posted by André Warnier <aw...@ice-sa.com>.

Tanner Bachman wrote:
> Hi Everyone, 
> 
> Forgive me if this seems like a stupid oversight on my part, but I've setup an Apache 2.2.x server with Resin and Railo for my ColdFusion site. This is all running on Ubuntu 9.04 Server. When I call the site by it's domain name, all is well. However, if I use the IP address of the site, it just shows the ColdFusion code of my page. I know this is probably just a simple config error on my part, but I'm stumped. I'm using virtual hosting like this: 
> 
> 
> NameVirtualHost x.x.x.x:80 (x.x.x.x being my IP address) 
> NameVirtualHost x.x.x.x:443 
> 
> # MYSITE.COM (NON-SSL) 
> <VirtualHost x.x.x.x:80> 
> ServerAdmin me@mysite.com 
> ServerName www.mysite.com 
> ServerAlias mysite.com 
> 
> DocumentRoot /var/www/mysite.com/www/ 
> 
> <Directory /var/www/mysite.com/www> 
> Options -Indexes FollowSymLinks 
> AllowOverride None 
> Order allow,deny 
> Allow from all 
> </Directory> 
> 
> </VirtualHost> 
> 
> # MYSITE.COM (SSL) 
> <VirtualHost x.x.x.x:443> 
> ServerAdmin me@mysite.com 
> ServerName www.mysite.com 
> ServerAlias mysite.com 
> 
> DocumentRoot /var/www/mysite.com/www/ 
> 
> <Directory /var/www/mysite.com/www> 
> Options -Indexes FollowSymLinks 
> AllowOverride None 
> Order allow,deny 
> Allow from all 
> </Directory> 
> 
In very summary (and you should *really* read the VirtualHost 
documentation on the Apache website) :

Within each listening port (above : 80 and 443), the first VirtualHost 
which you define (top to bottom) is also the *default* VirtualHost.
That means that, whichever way the browser establishes a connection to 
your server, Apache will use that default VirtualHost configuration, 
/unless/ it finds an exact match between the hostname requested, and one 
of the defined VirtualHost "ServerName" or "ServerAlias".

In other words, when you enter in your browser
http://(ip-address):80/
it will look at all VirtualHosts defined for port 80, trying to match 
(ip-address) with a ServerName or ServerAlias.
Since it does not find any, it will default to the first VirtualHost.

That is the first issue.
The second one is that in your configuration, you use the same 
DocumentRoot for both your VirtualHosts.
But the configuration of these hosts is different.
In other words, anyone can bypass whatever you put as directives in the 
second host, by adressing the first one.

Suggestion :
- define a new first VirtualHost :80, before the existing one for port 
80, and set its DocumentRoot to something harmless (create a directory 
with just a dummy page), and use that directory as DocumentRoot.
Give it a
ServerName www.mysite.default
(it does not matter which name, as long as it is not www.mysite.com).
This new host will then (by virtue of being the first one named) become 
the default host, and people will get that one when they input an IP 
address instead of the registered hostname.

Then let's take it from there.
But read the doc first. There is a special page dedicated to VirtualHosts.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache shows code when using IP address

Posted by Doug McNutt <do...@macnauchtan.com>.

At 18:12 +0100 11/9/09, André Warnier wrote:
>To see why it may not be the correct patch, try to enter your IP address with an extra zero that should not normally matter, for example :
>if your IP address was
>100.200.21.123
>then try
>http://100.200.021.123/...

I once tried adding zeros like that and got quite surprised.

021 as above gets interpreted as an octal number in accordance with IP and C standards so that 100.200.021.123 equivalent to 100.200.17.123
-- 

--> A fair tax is one that you pay but I don't <--

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache shows code when using IP address

Posted by André Warnier <aw...@ice-sa.com>.

Tanner Bachman wrote:
> Sorry for wasting your time...I got it figured out. Apparently the IP address must be added to the Resin server as a virtualhost, so that Resin knows what to do with those requests. 
> 
That may be a "patch", but it is not the correct explanation.
See my previous post.

To see why it may not be the correct patch, try to enter your IP address 
with an extra zero that should not normally matter, for example :
if your IP address was
100.200.21.123
then try
http://100.200.021.123/...



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache shows code when using IP address

Posted by Tanner Bachman <tb...@mtharley.com>.

Sorry for wasting your time...I got it figured out. Apparently the IP address must be added to the Resin server as a virtualhost, so that Resin knows what to do with those requests. 

Thanks, 


Tanner 


----- Original Message ----- 
From: "Tanner Bachman" <tb...@mtharley.com> 
To: users@httpd.apache.org 
Sent: Monday, November 9, 2009 9:30:12 AM 
Subject: [users@httpd] Apache shows code when using IP address 


Hi Everyone, 

Forgive me if this seems like a stupid oversight on my part, but I've setup an Apache 2.2.x server with Resin and Railo for my ColdFusion site. This is all running on Ubuntu 9.04 Server. When I call the site by it's domain name, all is well. However, if I use the IP address of the site, it just shows the ColdFusion code of my page. I know this is probably just a simple config error on my part, but I'm stumped. I'm using virtual hosting like this: 


NameVirtualHost x.x.x.x:80 (x.x.x.x being my IP address) 
NameVirtualHost x.x.x.x:443 

# MYSITE.COM (NON-SSL) 
<VirtualHost x.x.x.x:80> 
ServerAdmin me@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

<Directory /var/www/mysite.com/www> 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
</Directory> 

</VirtualHost> 

# MYSITE.COM (SSL) 
<VirtualHost x.x.x.x:443> 
ServerAdmin me@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

<Directory /var/www/mysite.com/www> 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
</Directory> 

SSLEngine On 
SSLProtocol -all +TLSv1 +SSLv3 
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM 
SSLCertificateFile "/var/www/mysite.com/ssl/mysite.crt" 
SSLCertificateKeyFile "/var/www/mysite.com/ssl/mysite.key" 
</VirtualHost> 

If you need more config info, I'd be happy to provide it, but any help would be much appreciated. 

Thanks, 

Tanner