dgaudet     97/03/20 15:30:53

  Modified:    htdocs/manual  bind.html
               htdocs/manual/mod  core.html
               src       CHANGES http_config.c http_main.c http_protocol.c
  Log:
  Add documentation for DNS issues (reliability and security), and try
  to explain the virtual host matching process.
  
  Try to continue gracefully by disabling the vhost if a DNS lookup
  fails while parsing the configuration file.
  
  Reviewed by:  Roy, Jim
  
  Revision  Changes    Path
  1.5       +2 -1      apache/htdocs/manual/bind.html
  
  Index: bind.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/bind.html,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -C3 -r1.4 -r1.5
  *** bind.html 1996/12/02 18:13:38     1.4
  --- bind.html 1997/03/20 23:30:44     1.5
  ***************
  *** 89,95 ****
    <a href="virtual-host.html">Virtual Hosts</a>,
    <a href="host.html">Non-IP virtual hosts</a>,
    <a href="mod/core.html#bindaddress">BindAddress directive</a>,
  ! <a href="mod/core.html#port">Port directive</a>
    and
    <a href="mod/core.html#virtualhost">&lt;VirtualHost&gt; section</a>.
    </ul>
  --- 89,96 ----
    <a href="virtual-host.html">Virtual Hosts</a>,
    <a href="host.html">Non-IP virtual hosts</a>,
    <a href="mod/core.html#bindaddress">BindAddress directive</a>,
  ! <a href="mod/core.html#port">Port directive</a>,
  ! <a href="dns-caveats.html">DNS Issues</a>
    and
    <a href="mod/core.html#virtualhost">&lt;VirtualHost&gt; section</a>.
    </ul>
  
  
  
  1.42      +32 -8     apache/htdocs/manual/mod/core.html
  
  Index: core.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v
  retrieving revision 1.41
  retrieving revision 1.42
  diff -C3 -r1.41 -r1.42
  *** core.html 1997/03/17 08:16:07     1.41
  --- core.html 1997/03/20 23:30:46     1.42
  ***************
  *** 245,250 ****
  --- 245,252 ----
    <A HREF="#virtualhost">&lt;VirtualHost&gt;</A> sections.
    
    <p><strong>See Also:</strong>
  + <a href="../dns-caveats.html">DNS Issues</a><br>
  + <strong>See Also:</strong>
    <a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
    
    <hr>
  ***************
  *** 620,626 ****
    interfaces, but only on the port given by the <a href="#port">Port</a>
    directive.</p>
    
  ! <p><strong>See Also</strong>:
    <a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
    <hr>
    
  --- 622,630 ----
    interfaces, but only on the port given by the <a href="#port">Port</a>
    directive.</p>
    
  ! <p><strong>See Also:</strong>
  ! <a href="../dns-caveats.html">DNS Issues</a><br>
  ! <strong>See Also:</strong>
    <a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
    <hr>
    
  ***************
  *** 1105,1112 ****
    The ServerAlias directive sets the alternate names for a host, for use
    with
    <a href="../host.html">Host-header based virtual hosts</a>.
    
  ! <p><hr>
    
    <A name="servername"><h2>ServerName directive</h2></A>
    <!--%plaintext &lt;?INDEX {\tt ServerName} directive&gt; -->
  --- 1109,1118 ----
    The ServerAlias directive sets the alternate names for a host, for use
    with
    <a href="../host.html">Host-header based virtual hosts</a>.
  + <p><strong>See Also</strong>:
  + <a href="../vhosts-in-depth.html">In-depth description of Virtual Host 
matching</a></p>
    
  ! <hr>
    
    <A name="servername"><h2>ServerName directive</h2></A>
    <!--%plaintext &lt;?INDEX {\tt ServerName} directive&gt; -->
  ***************
  *** 1120,1126 ****
    not work reliably, or may not return the preferred hostname. For example:
    <blockquote><code>ServerName www.wibble.com</code></blockquote>
    would be used if the canonical (main) name of the actual machine
  ! were <code>monster.wibble.com</code>.<p><hr>
    
    <A name="serverpath"><h2>ServerPath directive</h2></A>
    
  --- 1126,1135 ----
    not work reliably, or may not return the preferred hostname. For example:
    <blockquote><code>ServerName www.wibble.com</code></blockquote>
    would be used if the canonical (main) name of the actual machine
  ! were <code>monster.wibble.com</code>.<p>
  ! <p><strong>See Also</strong>:
  ! <a href="../dns-caveats.html">DNS Issues</a></p>
  ! <hr>
    
    <A name="serverpath"><h2>ServerPath directive</h2></A>
    
  ***************
  *** 1132,1137 ****
  --- 1141,1148 ----
    
    The ServerPath directive sets the legacy URL pathname for a host, for
    use with <a href="../host.html">Host-header based virtual hosts</a>.
  + <p><strong>See Also</strong>:
  + <a href="../vhosts-in-depth.html">In-depth description of Virtual Host 
matching</a></p>
    <hr>
    
    <A name="serverroot"><h2>ServerRoot directive</h2></A>
  ***************
  *** 1260,1271 ****
    
    <A name="virtualhost"><h2>&lt;VirtualHost&gt; directive</h2></A>
    <!--%plaintext &lt;?INDEX {\tt VirtualHost} section directive&gt; -->
  ! <strong>Syntax:</strong> &lt;VirtualHost <em>addr</em>[:<em>port</em>]&gt; 
...
    &lt;/VirtualHost&gt; <br>
    <strong>Context:</strong> server config<br>
    <strong>Status:</strong> Core.<br>
  ! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting is
  ! only available in Apache 1.2 and later.<p>
    
    &lt;VirtualHost&gt; and &lt;/VirtualHost&gt; are used to enclose a group of
    directives which will apply only to a particular virtual host.
  --- 1271,1284 ----
    
    <A name="virtualhost"><h2>&lt;VirtualHost&gt; directive</h2></A>
    <!--%plaintext &lt;?INDEX {\tt VirtualHost} section directive&gt; -->
  ! <strong>Syntax:</strong> &lt;VirtualHost <em>addr</em>[:<em>port</em>] 
...&gt; ...
    &lt;/VirtualHost&gt; <br>
    <strong>Context:</strong> server config<br>
    <strong>Status:</strong> Core.<br>
  ! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting only
  ! available in Apache 1.1 and later.<br>
  ! <strong>Compatibility:</strong> Multiple address support only available in
  ! Apache 1.2 and later.<p>
    
    &lt;VirtualHost&gt; and &lt;/VirtualHost&gt; are used to enclose a group of
    directives which will apply only to a particular virtual host.
  ***************
  *** 1296,1311 ****
    command (if your OS supports it), or with kernel patches like <A
    HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
    
  ! SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> 
    document for details on why your security could be compromised if
    the directory where logfiles are stored is writable by anyone other
    than the user that starts the server.
    
    <p><strong>See also:</strong>
    <A HREF="../virtual-host.html">Information on Virtual Hosts.
    (multihome)</A><br>
    <strong>See also:</strong>
  ! <a href="../host.html">Non-IP address-based Virtual Hosts</a>
    </p>
    
    <!--#include virtual="footer.html" -->
  --- 1309,1335 ----
    command (if your OS supports it), or with kernel patches like <A
    HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
    
  ! The special name <code>_default_</code> can be specified in which case
  ! this virtual host will match any ip address that is not explicitly listed
  ! in another virtual host.  In the absence of any _default_ virtual host
  ! the "main" server config, consisting of all those definitions outside
  ! any VirtualHost section, is used when no match occurs.<p>
  ! 
  ! <strong>SECURITY</strong>: See the
  ! <A HREF="../misc/security_tips.html">security tips</A> 
    document for details on why your security could be compromised if
    the directory where logfiles are stored is writable by anyone other
    than the user that starts the server.
    
    <p><strong>See also:</strong>
  + <A HREF="../dns-caveats.html">Warnings about DNS and Apache</a><br>
  + <strong>See also:</strong>
    <A HREF="../virtual-host.html">Information on Virtual Hosts.
    (multihome)</A><br>
    <strong>See also:</strong>
  ! <a href="../host.html">Non-IP address-based Virtual Hosts</a><br>
  ! <strong>See also:</strong>
  ! <a href="../vhosts-in-depth.html">In-depth description of Virtual Host 
matching</a>
    </p>
    
    <!--#include virtual="footer.html" -->
  
  
  
  1.208     +6 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.207
  retrieving revision 1.208
  diff -C3 -r1.207 -r1.208
  *** CHANGES   1997/03/20 18:40:11     1.207
  --- CHANGES   1997/03/20 23:30:48     1.208
  ***************
  *** 45,50 ****
  --- 45,56 ----
    
      *) Fixed server status updating of per-connection counters. [Roy Fielding]
    
  +   *) Add documentation for DNS issues (reliability and security), and try
  +      to explain the virtual host matching process.  [Dean Gaudet]
  + 
  +   *) Try to continue gracefully by disabling the vhost if a DNS lookup
  +      fails while parsing the configuration file.  [Dean Gaudet]
  + 
      *) Workaround to a compiler bug that causes SunOS 4.1.x to panic.
         [Roy Fielding]
    
  
  
  
  1.46      +5 -6      apache/src/http_config.c
  
  Index: http_config.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_config.c,v
  retrieving revision 1.45
  retrieving revision 1.46
  diff -C3 -r1.45 -r1.46
  *** http_config.c     1997/03/18 09:57:40     1.45
  --- http_config.c     1997/03/20 23:30:48     1.46
  ***************
  *** 902,909 ****
        hep = gethostbyname(w);
    
        if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
  !     fprintf (stderr, "Cannot resolve host name %s --- exiting!\n", w);
  !     exit(1);
        }
    
        for( i = 0; hep->h_addr_list[i]; ++i ) {
  --- 902,910 ----
        hep = gethostbyname(w);
    
        if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
  !     fprintf (stderr, "Cannot resolve host name %s --- ignoring!\n", w);
  !     if (t != NULL) *t = ':';
  !     return;
        }
    
        for( i = 0; hep->h_addr_list[i]; ++i ) {
  ***************
  *** 953,963 ****
        }
        /* terminate the list */
        *addrs = NULL;
  !     if( s->addrs == NULL ) {
  !     fprintf( stderr, "virtual host must have at least one address\n" );
  !     exit(1);
        }
  -     s->port = s->addrs->host_port;  /* set them the same, by default */
        s->next = NULL;
    
        s->is_virtual = 1;
  --- 954,962 ----
        }
        /* terminate the list */
        *addrs = NULL;
  !     if( s->addrs ) {
  !     s->port = s->addrs->host_port;  /* set them the same, by default */
        }
        s->next = NULL;
    
        s->is_virtual = 1;
  
  
  
  1.132     +28 -16    apache/src/http_main.c
  
  Index: http_main.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_main.c,v
  retrieving revision 1.131
  retrieving revision 1.132
  diff -C3 -r1.131 -r1.132
  *** http_main.c       1997/03/18 09:34:52     1.131
  --- http_main.c       1997/03/20 23:30:49     1.132
  ***************
  *** 1434,1440 ****
        char *def_hostname;
        int n;
        server_addr_rec *sar;
  !     int has_inaddr_any;
        int mainport = s->port;
        int from_local=0;  
    
  --- 1434,1440 ----
        char *def_hostname;
        int n;
        server_addr_rec *sar;
  !     int has_default_vhost_addr;
        int mainport = s->port;
        int from_local=0;  
    
  ***************
  *** 1473,1486 ****
        
        for (s = s->next; s; s = s->next) {
        /* Check to see if we might be a HTTP/1.1 virtual host - same IP */
  !     has_inaddr_any = 0;
        for (n = 0; n < num_addr; n++) {
            for(sar = s->addrs; sar; sar = sar->next) {
                if (sar->host_addr.s_addr == main_addr[n].s_addr &&
                    s->port == mainport)
                    s->is_virtual = 2;
  !             if( sar->host_addr.s_addr == htonl(INADDR_ANY) ) {
  !                 has_inaddr_any = 1;
                }
            }
        }
  --- 1473,1486 ----
        
        for (s = s->next; s; s = s->next) {
        /* Check to see if we might be a HTTP/1.1 virtual host - same IP */
  !     has_default_vhost_addr = 0;
        for (n = 0; n < num_addr; n++) {
            for(sar = s->addrs; sar; sar = sar->next) {
                if (sar->host_addr.s_addr == main_addr[n].s_addr &&
                    s->port == mainport)
                    s->is_virtual = 2;
  !             if( sar->host_addr.s_addr == DEFAULT_VHOST_ADDR ) {
  !                 has_default_vhost_addr = 1;
                }
            }
        }
  ***************
  *** 1489,1509 ****
            the presence of multiple addresses on the <VirtualHost>
            directive.  It should issue warnings here perhaps. -djg */
            if (!s->server_hostname) {
  !         if (s->is_virtual == 2)
  !             s->server_hostname = s->addrs->virthost;
  !         else if (has_inaddr_any)
                s->server_hostname = def_hostname;
  !         else
  !         {
  !             h = gethostbyaddr ((char *)&(s->addrs->host_addr),
  !                                sizeof (struct in_addr), AF_INET);
  !             if (h != NULL)
                    s->server_hostname = pstrdup (pconf, (char *)h->h_name);
  !             else
  !                 {
  !                 fprintf(stderr,"Failed to resolve server name for %s (check 
DNS)\n",inet_ntoa(s->addrs->host_addr));
  !                 exit(0);
                    }
            }
        }
        }
  --- 1489,1521 ----
            the presence of multiple addresses on the <VirtualHost>
            directive.  It should issue warnings here perhaps. -djg */
            if (!s->server_hostname) {
  !         if (s->is_virtual == 2) {
  !             if (s->addrs) {
  !                 s->server_hostname = s->addrs->virthost;
  !             } else {
  !                 /* what else can we do?  at this point this vhost has
  !                     no configured name, probably because they used
  !                     DNS in the VirtualHost statement.  It's disabled
  !                     anyhow by the host matching code.  -djg */
  !                 s->server_hostname = "bogus_host_without_forward_dns";
  !             }
  !         } else if (has_default_vhost_addr) {
                s->server_hostname = def_hostname;
  !         } else {
  !             if (s->addrs
  !                 && (h = gethostbyaddr ((char *)&(s->addrs->host_addr),
  !                                sizeof (struct in_addr), AF_INET))) {
                    s->server_hostname = pstrdup (pconf, (char *)h->h_name);
  !             } else {
  !                 /* again, what can we do?  They didn't specify a
  !                     ServerName, and their DNS isn't working. -djg */
  !                 if (s->addrs) {
  !                     fprintf(stderr, "Failed to resolve server name "
  !                         "for %s (check DNS)\n",
  !                         inet_ntoa(s->addrs->host_addr));
                    }
  +                 s->server_hostname = "bogus_host_without_reverse_dns";
  +             }
            }
        }
        }
  
  
  
  1.110     +7 -1      apache/src/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_protocol.c,v
  retrieving revision 1.109
  retrieving revision 1.110
  diff -C3 -r1.109 -r1.110
  *** http_protocol.c   1997/03/20 17:10:11     1.109
  --- http_protocol.c   1997/03/20 23:30:50     1.110
  ***************
  *** 692,697 ****
  --- 692,703 ----
        const char *names;
        server_addr_rec *sar;
    
  +     if (s->addrs == NULL) {
  +     /* this server has been disabled because of DNS screwups during
  +         configuration */
  +     continue;
  +     }
  + 
        if ((!strcasecmp(host, s->server_hostname)) && (port == s->port)) {
          r->server = r->connection->server = s;
          if (r->hostlen && !strncmp(r->uri, "http://";, 7)) {
  ***************
  *** 739,745 ****
       */
    
      for (s = r->server->next; s; s = s->next) {
  !     if (s->path && !strncmp(r->uri, s->path, s->pathlen) &&
        (s->path[s->pathlen - 1] == '/' ||
         r->uri[s->pathlen] == '/' ||
         r->uri[s->pathlen] == '\0'))
  --- 745,751 ----
       */
    
      for (s = r->server->next; s; s = s->next) {
  !     if (s->addrs && s->path && !strncmp(r->uri, s->path, s->pathlen) &&
        (s->path[s->pathlen - 1] == '/' ||
         r->uri[s->pathlen] == '/' ||
         r->uri[s->pathlen] == '\0'))
  
  
  

Reply via email to