You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Michael Rasmussen <mi...@patch.com> on 2007/09/22 17:43:53 UTC
Clarification on NameVirtualHost and VirtualHost sections
Hi,
I'd supply a patch, but I don't know which of:
http://httpd.apache.org/docs/2.0/mod/core.html#virtualhost
http://httpd.apache.org/docs/2.0/vhosts/name-based.html
http://httpd.apache.org/docs/2.0/vhosts/ ...
is appropriate.
I believe the statement:
If a <VirtualHost> block does not contain a ServerName statement the hostname
of the computer will be used.
Should be added.
Why?
It explains the default behavior.
If someone has a misconfigured VirtualHost it can possibly hijack the
configuration for the hostname defined VirtualHost.
Assume a configuration using
Include /etc/apache2/sites-enabled/[^.#]*
that has a, perhaps vendor supplied, 000-default or default that does not
have a ServerName specified. For example:
000-default or default file:
<VirtualHost *:80>
# No Server Name definition
DocumentRoot /var/www/
# ... other directives
</VirtualHost>
hostname.domain.tld file:
<VirtualHost *:80>
ServerName hostname.domain.tld
DocumentRoot /var/www/hostname
# ... other directives
</VirtualHost>
Contrary to their expectation the content stored at /var/www/hostname
would never be served. Instead the content at the DocumentRoot defined
in the 000-default or default file would be served.
Note, this could happen with any configuration where the file for
a misconfigured VirtualHost is loaded before the one containing the
definition where ServerName equals `hostname`.
Thank you for considering this suggestion.
--
Michael Rasmussen, Portland Oregon
Be appropriate && Follow your curiosity
http://www.patch.com/words/
The fortune cookie says:
Excuse me, but didn't I tell you there's NO HOPE for the survival of
OFFSET PRINTING?
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Clarification on NameVirtualHost and VirtualHost sections
Posted by Joshua Slive <jo...@slive.ca>.
On 9/22/07, Michael Rasmussen <mi...@patch.com> wrote:
> Joshua Slive wrote:
> > > If a <VirtualHost> block does not contain a ServerName statement the hostname
> > > of the computer will be used.
> >
> > Not quite. It should be "Each <VirtualHost> block should contain a
> > ServerName. If it is absent, the ServerName from the main server
> > configuration will be used."
Committed something like this to trunk and will backport to 2.2.
>
> Unless there's no ServerName in the main server configuration. Then it pulls
> the hostname. Ubunutu, for example, defaults to this situation.
It uses the default ServerName, which is indeed taken from the
hostname. This is actually an Ubuntu bug if they have no ServerName in
the main server context, because this forces Apache to do a reverse
DNS lookup at startup, needlessly placing a dependency on DNS.
All apache configs should have a main context ServerName, even if you
know it will never be used for anything.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Clarification on NameVirtualHost and VirtualHost sections
Posted by Michael Rasmussen <mi...@patch.com>.
Joshua Slive wrote:
> > If a <VirtualHost> block does not contain a ServerName statement the hostname
> > of the computer will be used.
>
> Not quite. It should be "Each <VirtualHost> block should contain a
> ServerName. If it is absent, the ServerName from the main server
> configuration will be used."
Unless there's no ServerName in the main server configuration. Then it pulls
the hostname. Ubunutu, for example, defaults to this situation.
> I have indeed stumbled into this myself while debugging someone's
> configuration, so I agree it should be documented. I'll try to do it
> myself.
Thank you.
--
Michael Rasmussen, Portland Oregon
Be appropriate && Follow your curiosity
http://www.patch.com/words/
The fortune cookie says:
La rosa tiene espinas, pero... ¿tiene pétalos el atún?
-- Roberto Fontanarrosa. Humorista argentino.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Clarification on NameVirtualHost and VirtualHost sections
Posted by Joshua Slive <jo...@slive.ca>.
On 9/22/07, Michael Rasmussen <mi...@patch.com> wrote:
> Hi,
>
> I'd supply a patch, but I don't know which of:
> http://httpd.apache.org/docs/2.0/mod/core.html#virtualhost
> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
> http://httpd.apache.org/docs/2.0/vhosts/ ...
> is appropriate.
>
> I believe the statement:
>
> If a <VirtualHost> block does not contain a ServerName statement the hostname
> of the computer will be used.
Not quite. It should be "Each <VirtualHost> block should contain a
ServerName. If it is absent, the ServerName from the main server
configuration will be used." That should probably go just in the
<VirtualHost> docs, since the name-based docs make is pretty-clear
that a ServerName is needed.
I have indeed stumbled into this myself while debugging someone's
configuration, so I agree it should be documented. I'll try to do it
myself.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org