Re: How about mixing BindAddress and VirtualHost???

[Tony Sanders <sa...@bsdi.com>]

Cliff Skolnick writes:
> Well, BindAddress was ment for people that wanted a different 
> sever/servers running for addresses.  They could be different UID and 
> stuff that virtual host directives can't provide.

I understand how and why Apache got into the current situation,
but the fact remains that if you want six VirtualHosts on one uid
and another six on another uid then you'll have to run seven server
instances instead of two.

> Now we could just have apache do a binch of seperate binds for the set of 
> virtualhost directives, but I hope this is not the default behavior.  It 
> is kind of nice having a sane default behavior, instead of "server not 
> responding" when you try and get a page from an address configured on the 
> machine with no specific virtualhost directive.

I'm not suggesting you change current practice, but I'm not sure
how you get "sane" out of the fact that if you configure the server
for a VirtualHost on one address that it answers with the default
configuration for all other IP addresses on your machine (possibly
including things like ftp.xxx.xxx where you just might not want to
be running your web server).  This fact isn't made clear in the
docs and can easily lead to a security exposure if the webmaster
isn't aware of this "feature".

I was certainly under the impression that each VirtualHost got it's
own socket bound to that address and that the default's were just
that, defaults (and certainly not 5 extra web servers that I
hadn't intended to be running).

And that every time you add an IP address to your machine you have
to change your Apache configuration?  [until you figure it out
and setup the "default" server pointing to a dead page].

I certainly urge everyone on this list to double check their
configuration.  I would be surprised if at least one or two people
on this list didn't have servers running on IP addresses that they
hadn't thought of.