general/1530: ServerName/ServerAlias is checked when using IP-based virtual hosts

[Roger Hunen <ro...@medtronic.com>]

>Number:         1530
>Category:       general
>Synopsis:       ServerName/ServerAlias is checked when using IP-based virtual hosts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Dec  8 00:50:00 PST 1997
>Last-Modified:
>Originator:     roger.hunen@medtronic.com
>Organization:
apache
>Release:        1.2.4
>Environment:
Server OS  : Solaris 2.4 with all suggested patches
User agent : Netscape 3.03Gold (Win95; I)
Compiler   : gcc 2.7.2.3 using GNU as and GNU ld
>Description:
Server names defined with ServerName or ServerAlias *are* checked for IP-based
virtual hosts if the user agent sends a 'Host:' header. From what I deduct from
the documentation on virtual hosts, this should only be done with Name-based
virtual hosts, not with IP-based virtual hosts.

Workaround: use ServerAlias to define likely aliases.

Curiosity : Netscape 3 sends a 'Host:' header in HTTP/1.0 requests, even though
            this is not defined in RFC 1945. I assume that old servers that
            don't accept 'Host:' headers will simply ignore them.
>How-To-Repeat:
Repeating the problem should be trivial (I can send my config if needed).
Example URLs are not available (Intranet server in a Firewalled environment).
>Fix:
Don't check the host spec from the 'Host:' header for IP-based virtual hosts.
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]