On Thu, May 24, 2018 at 2:09 PM, Eric Covener <cove...@gmail.com> wrote: > > Thinking about base server and how scanners report it the "vulnerability"... > > AllowUnmatchedHost[name]? > RejectUnknownHost[name]?
The one or the other is probably a better name than UseDefaultVHost, it allows to specify it by vhost (really meaningful on base servers though) OR globally to avoid using fake base servers in the whole configuration (when relevant). Looks good to me.