How about mixing BindAddress and VirtualHost???

[Tony Sanders <sa...@bsdi.com>]

The problem...
> 	Note that with apache you only appear to have the following choices:
> 	*   One server (two or more processes) answering one IP address
> 	*   One server (two or more processes) answering *every* IP
> 	    alias on the machine.
> 	*   One server per virtual host (two or more processes per
> 	    server) each answering one IP address
>     	I have gone the second route, which implies I had to create a
> 	dummy index page which returns an error when people try to
> 	attach to IP addresses [that shouldn't be running servers.]
> 	It sure would have been nice to be able to list
> 	the addresses I wanted to accept connections on.

Technically speaking, if you just use <VirtualHost> then Apache
binds to *.80.  Which also means that you cannot then run another
Apache with a different uid also using <VirtualHost>.

Anyone care?  Anyone looked at patching Apache so you could list
multiple BindAddress's (possibly in the <VirtualHost> section) to
get around this?

Re: How about mixing BindAddress and VirtualHost???

[Tony Sanders <sa...@bsdi.com>]

Cliff Skolnick writes:
> Well, BindAddress was ment for people that wanted a different 
> sever/servers running for addresses.  They could be different UID and 
> stuff that virtual host directives can't provide.

I understand how and why Apache got into the current situation,
but the fact remains that if you want six VirtualHosts on one uid
and another six on another uid then you'll have to run seven server
instances instead of two.

> Now we could just have apache do a binch of seperate binds for the set of 
> virtualhost directives, but I hope this is not the default behavior.  It 
> is kind of nice having a sane default behavior, instead of "server not 
> responding" when you try and get a page from an address configured on the 
> machine with no specific virtualhost directive.

I'm not suggesting you change current practice, but I'm not sure
how you get "sane" out of the fact that if you configure the server
for a VirtualHost on one address that it answers with the default
configuration for all other IP addresses on your machine (possibly
including things like ftp.xxx.xxx where you just might not want to
be running your web server).  This fact isn't made clear in the
docs and can easily lead to a security exposure if the webmaster
isn't aware of this "feature".

I was certainly under the impression that each VirtualHost got it's
own socket bound to that address and that the default's were just
that, defaults (and certainly not 5 extra web servers that I
hadn't intended to be running).

And that every time you add an IP address to your machine you have
to change your Apache configuration?  [until you figure it out
and setup the "default" server pointing to a dead page].

I certainly urge everyone on this list to double check their
configuration.  I would be surprised if at least one or two people
on this list didn't have servers running on IP addresses that they
hadn't thought of.

Re: How about mixing BindAddress and VirtualHost???

[Cliff Skolnick <cl...@organic.com>]

On Fri, 2 Feb 1996, Tony Sanders wrote:

> Technically speaking, if you just use <VirtualHost> then Apache
> binds to *.80.  Which also means that you cannot then run another
> Apache with a different uid also using <VirtualHost>.
> 
> Anyone care?  Anyone looked at patching Apache so you could list
> multiple BindAddress's (possibly in the <VirtualHost> section) to
> get around this?

Well, BindAddress was ment for people that wanted a different 
sever/servers running for addresses.  They could be different UID and 
stuff that virtual host directives can't provide.

Now we could just have apache do a binch of seperate binds for the set of 
virtualhost directives, but I hope this is not the default behavior.  It 
is kind of nice having a sane default behavior, instead of "server not 
responding" when you try and get a page from an address configured on the 
machine with no specific virtualhost directive.


--
Cliff Skolnick                                      cliff@organic.com

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759