You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Roger Hunen <ro...@medtronic.com> on 1997/12/08 09:40:24 UTC
general/1530: ServerName/ServerAlias is checked when using IP-based virtual hosts
>Number: 1530
>Category: general
>Synopsis: ServerName/ServerAlias is checked when using IP-based virtual hosts
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Dec 8 00:50:00 PST 1997
>Last-Modified:
>Originator: roger.hunen@medtronic.com
>Organization:
apache
>Release: 1.2.4
>Environment:
Server OS : Solaris 2.4 with all suggested patches
User agent : Netscape 3.03Gold (Win95; I)
Compiler : gcc 2.7.2.3 using GNU as and GNU ld
>Description:
Server names defined with ServerName or ServerAlias *are* checked for IP-based
virtual hosts if the user agent sends a 'Host:' header. From what I deduct from
the documentation on virtual hosts, this should only be done with Name-based
virtual hosts, not with IP-based virtual hosts.
Workaround: use ServerAlias to define likely aliases.
Curiosity : Netscape 3 sends a 'Host:' header in HTTP/1.0 requests, even though
this is not defined in RFC 1945. I assume that old servers that
don't accept 'Host:' headers will simply ignore them.
>How-To-Repeat:
Repeating the problem should be trivial (I can send my config if needed).
Example URLs are not available (Intranet server in a Firewalled environment).
>Fix:
Don't check the host spec from the 'Host:' header for IP-based virtual hosts.
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]