You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1997/03/23 16:08:40 UTC

vhosts-in-depth paper (fwd)

---------- Forwarded message ----------
Date: Sat, 22 Mar 1997 18:52:12 -0800
From: Brent Holland <br...@tenon.com>
To: apache-bugs@mail.apache.org
Subject: vhosts-in-depth paper

Just wanted to relate some additional problems in the VirtualHost
matching in Apache that was alluded to in the paper at

   http://www.apache.org/docs/vhosts-in-depth

If a Port directive is mistakenly entered in a "name-based" VirtualHost
section, apache is tricked (in default_server_hostnames()) into believing
the name-based vhost is an ip-based vhost.

Subsequently, for each new connection to the main server,
find_virtual_server() instead finds the name-based vhost, so the
name-based vhost steals all hits on the main server.

----------

Server matching also breaks down when a ServerName directive
for the main server resolves, but doesn't resolve to an IP address
known to the serving host.  The result is hit stealing by the
name-based vhost.

Brent Holland
Tenon Intersystems

Re: vhosts-in-depth paper (fwd)

Posted by Dean Gaudet <dg...@arctic.org>.
Oh cool, I had a note in the paper "This is probably a bug.", and that is
in fact where the bug is that causes the Port statement to let the host
steal all the hits.  I just didn't figure out how to manifest it.

Your second observation is actually already covered because of how I
defined the main_server address set (those addresses returned by resolving
the ServerName).  But for the sake of clarity I'll make it more obvious.

Thanks for the notes.  I've updated the page, and included the context
diff below.

Dean

On Sun, 23 Mar 1997, Rob Hartill wrote:

> 
> ---------- Forwarded message ----------
> Date: Sat, 22 Mar 1997 18:52:12 -0800
> From: Brent Holland <br...@tenon.com>
> To: apache-bugs@mail.apache.org
> Subject: vhosts-in-depth paper
> 
> Just wanted to relate some additional problems in the VirtualHost
> matching in Apache that was alluded to in the paper at
> 
>    http://www.apache.org/docs/vhosts-in-depth
> 
> If a Port directive is mistakenly entered in a "name-based" VirtualHost
> section, apache is tricked (in default_server_hostnames()) into believing
> the name-based vhost is an ip-based vhost.
> 
> Subsequently, for each new connection to the main server,
> find_virtual_server() instead finds the name-based vhost, so the
> name-based vhost steals all hits on the main server.
> 
> ----------
> 
> Server matching also breaks down when a ServerName directive
> for the main server resolves, but doesn't resolve to an IP address
> known to the serving host.  The result is hit stealing by the
> name-based vhost.
> 
> Brent Holland
> Tenon Intersystems
> 
> 
> 
> 
> 
> 


*** vhosts-in-depth.html	Sun Mar 23 11:27:51 1997
--- vhosts-in-depth.html.foo	Sun Mar 23 11:24:45 1997
***************
*** 56,62 ****
  first name in its <code>VirtualHost</code> directive.  The complete
  list of names in the <code>VirtualHost</code> directive are treated
  just like a <code>ServerAlias</code> (but are not overridden by any
! <code>ServerAlias</code> statement).
  
  <p>
  All vhosts are stored in a list which is in the reverse order that
--- 56,64 ----
  first name in its <code>VirtualHost</code> directive.  The complete
  list of names in the <code>VirtualHost</code> directive are treated
  just like a <code>ServerAlias</code> (but are not overridden by any
! <code>ServerAlias</code> statement).  Note that subsequent <code>Port</code>
! statements for this vhost will not affect the ports assigned in the
! address set.
  
  <p>
  All vhosts are stored in a list which is in the reverse order that
***************
*** 118,126 ****
  
  <p> Now a pass is made through the vhosts to fill in any missing
  <code>ServerName</code> fields and to classify the vhost as either
! an <i>ip-based</i> vhost or a <i>name-based</i> vhost.  A vhost is an
! ip-based vhost if none of the vhosts address set overlaps the main_server
! address set.  Otherwise it is considered a name-based vhost.
  
  <p> For any undefined <code>ServerName</code> fields, a name-based vhost
  defaults to the address given first in the <code>VirtualHost</code>
--- 120,130 ----
  
  <p> Now a pass is made through the vhosts to fill in any missing
  <code>ServerName</code> fields and to classify the vhost as either
! an <i>ip-based</i> vhost or a <i>name-based</i> vhost.  A vhost is
! considered a name-based vhost if any of its address set overlaps the
! main_server (the port associated with each address must match the
! main_server's <code>Port</code>).  Otherwise it is considered an ip-based
! vhost.
  
  <p> For any undefined <code>ServerName</code> fields, a name-based vhost
  defaults to the address given first in the <code>VirtualHost</code>
***************
*** 141,147 ****
  <p> <code>find_virtual_server</code>: When the connection is first made
  by the client, the local ip address (the ip address to which the client
  connected) is looked up in the server list.  A vhost is matched if it
! is an ip-based vhost, and the ip address matches and the port matches
  (taking into account wildcards).
  
  <p> If no vhosts are matched then the last occurance, if it appears,
--- 145,151 ----
  <p> <code>find_virtual_server</code>: When the connection is first made
  by the client, the local ip address (the ip address to which the client
  connected) is looked up in the server list.  A vhost is matched if it
! is an ip-based vhost, the ip address matches and the port matches
  (taking into account wildcards).
  
  <p> If no vhosts are matched then the last occurance, if it appears,
***************
*** 185,191 ****
  of this match is to compare any port, if one was given in the request,
  against the <code>Port</code> field of the connection vhost.  If there's
  a mismatch then the vhost used for the request is the connection vhost.
! (This is probably a bug.)
  
  <p>
  If the port matches, then httpd scans the list of vhosts starting with
--- 189,195 ----
  of this match is to compare any port, if one was given in the request,
  against the <code>Port</code> field of the connection vhost.  If there's
  a mismatch then the vhost used for the request is the connection vhost.
! (This is a bug, see observations.)
  
  <p>
  If the port matches, then httpd scans the list of vhosts starting with
***************
*** 199,206 ****
      <code>ServerName</code> and <code>Port</code>.
  
  <li> Compare the request hostname against any and all addresses given in
!     the <code>VirtualHost</code> directive for this vhost.  <i>(n.b. this
!     assumes Dean's "VirtualHost confusion" patch is accepted.)</i>
  
  <li> Compare the request hostname against the <code>ServerAlias</code>
      given for the vhost.
--- 203,209 ----
      <code>ServerName</code> and <code>Port</code>.
  
  <li> Compare the request hostname against any and all addresses given in
!     the <code>VirtualHost</code> directive for this vhost.
  
  <li> Compare the request hostname against the <code>ServerAlias</code>
      given for the vhost.
***************
*** 275,281 ****
      another <code>ServerPath</code> directive that appears later in
      the configuration file, then the former will always be matched
      and the latter will never be matched.  (That is assuming that no
!     Host header was available to disambiguate the two.)
  
  </ul>
  
--- 278,301 ----
      another <code>ServerPath</code> directive that appears later in
      the configuration file, then the former will always be matched
      and the latter will never be matched.  (That is assuming that no
!     Host header was available to disambiguate the two.)</p>
! 
! <li> If a vhost that would otherwise be a name-vhost includes a
!     <code>Port</code> statement that doesn't match the main_server
!     <code>Port</code> then it will be considered an ip-based vhost.
!     Then <code>find_virtual_server</code> will match it (because
!     the ports associated with each address in the address set default
!     to the port of the main_server) as the connection vhost.  Then
!     <code>check_hostalias</code> will refuse to check any other name-based
!     vhost because of the port mismatch.  The result is that the vhost
!     will steal all hits going to the main_server address.</p>
! 
! <li> If two ip-based vhosts have an address in common, the vhost appearing
!     later in the file is always matched.  Such a thing might happen
!     inadvertantly.  If the config has name-based vhosts and for some reason
!     the main_server <code>ServerName</code> resolves to the wrong address
!     then all the name-based vhosts will be parsed as ip-based vhosts.
!     Then the last of them will steal all the hits.</p>
  
  </ul>