dgaudet 97/03/20 15:30:53
Modified: htdocs/manual bind.html htdocs/manual/mod core.html src CHANGES http_config.c http_main.c http_protocol.c Log: Add documentation for DNS issues (reliability and security), and try to explain the virtual host matching process. Try to continue gracefully by disabling the vhost if a DNS lookup fails while parsing the configuration file. Reviewed by: Roy, Jim Revision Changes Path 1.5 +2 -1 apache/htdocs/manual/bind.html Index: bind.html =================================================================== RCS file: /export/home/cvs/apache/htdocs/manual/bind.html,v retrieving revision 1.4 retrieving revision 1.5 diff -C3 -r1.4 -r1.5 *** bind.html 1996/12/02 18:13:38 1.4 --- bind.html 1997/03/20 23:30:44 1.5 *************** *** 89,95 **** <a href="virtual-host.html">Virtual Hosts</a>, <a href="host.html">Non-IP virtual hosts</a>, <a href="mod/core.html#bindaddress">BindAddress directive</a>, ! <a href="mod/core.html#port">Port directive</a> and <a href="mod/core.html#virtualhost"><VirtualHost> section</a>. </ul> --- 89,96 ---- <a href="virtual-host.html">Virtual Hosts</a>, <a href="host.html">Non-IP virtual hosts</a>, <a href="mod/core.html#bindaddress">BindAddress directive</a>, ! <a href="mod/core.html#port">Port directive</a>, ! <a href="dns-caveats.html">DNS Issues</a> and <a href="mod/core.html#virtualhost"><VirtualHost> section</a>. </ul> 1.42 +32 -8 apache/htdocs/manual/mod/core.html Index: core.html =================================================================== RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v retrieving revision 1.41 retrieving revision 1.42 diff -C3 -r1.41 -r1.42 *** core.html 1997/03/17 08:16:07 1.41 --- core.html 1997/03/20 23:30:46 1.42 *************** *** 245,250 **** --- 245,252 ---- <A HREF="#virtualhost"><VirtualHost></A> sections. <p><strong>See Also:</strong> + <a href="../dns-caveats.html">DNS Issues</a><br> + <strong>See Also:</strong> <a href="../bind.html">Setting which addresses and ports Apache uses</a></p> <hr> *************** *** 620,626 **** interfaces, but only on the port given by the <a href="#port">Port</a> directive.</p> ! <p><strong>See Also</strong>: <a href="../bind.html">Setting which addresses and ports Apache uses</a></p> <hr> --- 622,630 ---- interfaces, but only on the port given by the <a href="#port">Port</a> directive.</p> ! <p><strong>See Also:</strong> ! <a href="../dns-caveats.html">DNS Issues</a><br> ! <strong>See Also:</strong> <a href="../bind.html">Setting which addresses and ports Apache uses</a></p> <hr> *************** *** 1105,1112 **** The ServerAlias directive sets the alternate names for a host, for use with <a href="../host.html">Host-header based virtual hosts</a>. ! <p><hr> <A name="servername"><h2>ServerName directive</h2></A> <!--%plaintext <?INDEX {\tt ServerName} directive> --> --- 1109,1118 ---- The ServerAlias directive sets the alternate names for a host, for use with <a href="../host.html">Host-header based virtual hosts</a>. + <p><strong>See Also</strong>: + <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p> ! <hr> <A name="servername"><h2>ServerName directive</h2></A> <!--%plaintext <?INDEX {\tt ServerName} directive> --> *************** *** 1120,1126 **** not work reliably, or may not return the preferred hostname. For example: <blockquote><code>ServerName www.wibble.com</code></blockquote> would be used if the canonical (main) name of the actual machine ! were <code>monster.wibble.com</code>.<p><hr> <A name="serverpath"><h2>ServerPath directive</h2></A> --- 1126,1135 ---- not work reliably, or may not return the preferred hostname. For example: <blockquote><code>ServerName www.wibble.com</code></blockquote> would be used if the canonical (main) name of the actual machine ! were <code>monster.wibble.com</code>.<p> ! <p><strong>See Also</strong>: ! <a href="../dns-caveats.html">DNS Issues</a></p> ! <hr> <A name="serverpath"><h2>ServerPath directive</h2></A> *************** *** 1132,1137 **** --- 1141,1148 ---- The ServerPath directive sets the legacy URL pathname for a host, for use with <a href="../host.html">Host-header based virtual hosts</a>. + <p><strong>See Also</strong>: + <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p> <hr> <A name="serverroot"><h2>ServerRoot directive</h2></A> *************** *** 1260,1271 **** <A name="virtualhost"><h2><VirtualHost> directive</h2></A> <!--%plaintext <?INDEX {\tt VirtualHost} section directive> --> ! <strong>Syntax:</strong> <VirtualHost <em>addr</em>[:<em>port</em>]> ... </VirtualHost> <br> <strong>Context:</strong> server config<br> <strong>Status:</strong> Core.<br> ! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting is ! only available in Apache 1.2 and later.<p> <VirtualHost> and </VirtualHost> are used to enclose a group of directives which will apply only to a particular virtual host. --- 1271,1284 ---- <A name="virtualhost"><h2><VirtualHost> directive</h2></A> <!--%plaintext <?INDEX {\tt VirtualHost} section directive> --> ! <strong>Syntax:</strong> <VirtualHost <em>addr</em>[:<em>port</em>] ...> ... </VirtualHost> <br> <strong>Context:</strong> server config<br> <strong>Status:</strong> Core.<br> ! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting only ! available in Apache 1.1 and later.<br> ! <strong>Compatibility:</strong> Multiple address support only available in ! Apache 1.2 and later.<p> <VirtualHost> and </VirtualHost> are used to enclose a group of directives which will apply only to a particular virtual host. *************** *** 1296,1311 **** command (if your OS supports it), or with kernel patches like <A HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p> ! SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server. <p><strong>See also:</strong> <A HREF="../virtual-host.html">Information on Virtual Hosts. (multihome)</A><br> <strong>See also:</strong> ! <a href="../host.html">Non-IP address-based Virtual Hosts</a> </p> <!--#include virtual="footer.html" --> --- 1309,1335 ---- command (if your OS supports it), or with kernel patches like <A HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p> ! The special name <code>_default_</code> can be specified in which case ! this virtual host will match any ip address that is not explicitly listed ! in another virtual host. In the absence of any _default_ virtual host ! the "main" server config, consisting of all those definitions outside ! any VirtualHost section, is used when no match occurs.<p> ! ! <strong>SECURITY</strong>: See the ! <A HREF="../misc/security_tips.html">security tips</A> document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server. <p><strong>See also:</strong> + <A HREF="../dns-caveats.html">Warnings about DNS and Apache</a><br> + <strong>See also:</strong> <A HREF="../virtual-host.html">Information on Virtual Hosts. (multihome)</A><br> <strong>See also:</strong> ! <a href="../host.html">Non-IP address-based Virtual Hosts</a><br> ! <strong>See also:</strong> ! <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a> </p> <!--#include virtual="footer.html" --> 1.208 +6 -0 apache/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.207 retrieving revision 1.208 diff -C3 -r1.207 -r1.208 *** CHANGES 1997/03/20 18:40:11 1.207 --- CHANGES 1997/03/20 23:30:48 1.208 *************** *** 45,50 **** --- 45,56 ---- *) Fixed server status updating of per-connection counters. [Roy Fielding] + *) Add documentation for DNS issues (reliability and security), and try + to explain the virtual host matching process. [Dean Gaudet] + + *) Try to continue gracefully by disabling the vhost if a DNS lookup + fails while parsing the configuration file. [Dean Gaudet] + *) Workaround to a compiler bug that causes SunOS 4.1.x to panic. [Roy Fielding] 1.46 +5 -6 apache/src/http_config.c Index: http_config.c =================================================================== RCS file: /export/home/cvs/apache/src/http_config.c,v retrieving revision 1.45 retrieving revision 1.46 diff -C3 -r1.45 -r1.46 *** http_config.c 1997/03/18 09:57:40 1.45 --- http_config.c 1997/03/20 23:30:48 1.46 *************** *** 902,909 **** hep = gethostbyname(w); if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) { ! fprintf (stderr, "Cannot resolve host name %s --- exiting!\n", w); ! exit(1); } for( i = 0; hep->h_addr_list[i]; ++i ) { --- 902,910 ---- hep = gethostbyname(w); if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) { ! fprintf (stderr, "Cannot resolve host name %s --- ignoring!\n", w); ! if (t != NULL) *t = ':'; ! return; } for( i = 0; hep->h_addr_list[i]; ++i ) { *************** *** 953,963 **** } /* terminate the list */ *addrs = NULL; ! if( s->addrs == NULL ) { ! fprintf( stderr, "virtual host must have at least one address\n" ); ! exit(1); } - s->port = s->addrs->host_port; /* set them the same, by default */ s->next = NULL; s->is_virtual = 1; --- 954,962 ---- } /* terminate the list */ *addrs = NULL; ! if( s->addrs ) { ! s->port = s->addrs->host_port; /* set them the same, by default */ } s->next = NULL; s->is_virtual = 1; 1.132 +28 -16 apache/src/http_main.c Index: http_main.c =================================================================== RCS file: /export/home/cvs/apache/src/http_main.c,v retrieving revision 1.131 retrieving revision 1.132 diff -C3 -r1.131 -r1.132 *** http_main.c 1997/03/18 09:34:52 1.131 --- http_main.c 1997/03/20 23:30:49 1.132 *************** *** 1434,1440 **** char *def_hostname; int n; server_addr_rec *sar; ! int has_inaddr_any; int mainport = s->port; int from_local=0; --- 1434,1440 ---- char *def_hostname; int n; server_addr_rec *sar; ! int has_default_vhost_addr; int mainport = s->port; int from_local=0; *************** *** 1473,1486 **** for (s = s->next; s; s = s->next) { /* Check to see if we might be a HTTP/1.1 virtual host - same IP */ ! has_inaddr_any = 0; for (n = 0; n < num_addr; n++) { for(sar = s->addrs; sar; sar = sar->next) { if (sar->host_addr.s_addr == main_addr[n].s_addr && s->port == mainport) s->is_virtual = 2; ! if( sar->host_addr.s_addr == htonl(INADDR_ANY) ) { ! has_inaddr_any = 1; } } } --- 1473,1486 ---- for (s = s->next; s; s = s->next) { /* Check to see if we might be a HTTP/1.1 virtual host - same IP */ ! has_default_vhost_addr = 0; for (n = 0; n < num_addr; n++) { for(sar = s->addrs; sar; sar = sar->next) { if (sar->host_addr.s_addr == main_addr[n].s_addr && s->port == mainport) s->is_virtual = 2; ! if( sar->host_addr.s_addr == DEFAULT_VHOST_ADDR ) { ! has_default_vhost_addr = 1; } } } *************** *** 1489,1509 **** the presence of multiple addresses on the <VirtualHost> directive. It should issue warnings here perhaps. -djg */ if (!s->server_hostname) { ! if (s->is_virtual == 2) ! s->server_hostname = s->addrs->virthost; ! else if (has_inaddr_any) s->server_hostname = def_hostname; ! else ! { ! h = gethostbyaddr ((char *)&(s->addrs->host_addr), ! sizeof (struct in_addr), AF_INET); ! if (h != NULL) s->server_hostname = pstrdup (pconf, (char *)h->h_name); ! else ! { ! fprintf(stderr,"Failed to resolve server name for %s (check DNS)\n",inet_ntoa(s->addrs->host_addr)); ! exit(0); } } } } --- 1489,1521 ---- the presence of multiple addresses on the <VirtualHost> directive. It should issue warnings here perhaps. -djg */ if (!s->server_hostname) { ! if (s->is_virtual == 2) { ! if (s->addrs) { ! s->server_hostname = s->addrs->virthost; ! } else { ! /* what else can we do? at this point this vhost has ! no configured name, probably because they used ! DNS in the VirtualHost statement. It's disabled ! anyhow by the host matching code. -djg */ ! s->server_hostname = "bogus_host_without_forward_dns"; ! } ! } else if (has_default_vhost_addr) { s->server_hostname = def_hostname; ! } else { ! if (s->addrs ! && (h = gethostbyaddr ((char *)&(s->addrs->host_addr), ! sizeof (struct in_addr), AF_INET))) { s->server_hostname = pstrdup (pconf, (char *)h->h_name); ! } else { ! /* again, what can we do? They didn't specify a ! ServerName, and their DNS isn't working. -djg */ ! if (s->addrs) { ! fprintf(stderr, "Failed to resolve server name " ! "for %s (check DNS)\n", ! inet_ntoa(s->addrs->host_addr)); } + s->server_hostname = "bogus_host_without_reverse_dns"; + } } } } 1.110 +7 -1 apache/src/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /export/home/cvs/apache/src/http_protocol.c,v retrieving revision 1.109 retrieving revision 1.110 diff -C3 -r1.109 -r1.110 *** http_protocol.c 1997/03/20 17:10:11 1.109 --- http_protocol.c 1997/03/20 23:30:50 1.110 *************** *** 692,697 **** --- 692,703 ---- const char *names; server_addr_rec *sar; + if (s->addrs == NULL) { + /* this server has been disabled because of DNS screwups during + configuration */ + continue; + } + if ((!strcasecmp(host, s->server_hostname)) && (port == s->port)) { r->server = r->connection->server = s; if (r->hostlen && !strncmp(r->uri, "http://", 7)) { *************** *** 739,745 **** */ for (s = r->server->next; s; s = s->next) { ! if (s->path && !strncmp(r->uri, s->path, s->pathlen) && (s->path[s->pathlen - 1] == '/' || r->uri[s->pathlen] == '/' || r->uri[s->pathlen] == '\0')) --- 745,751 ---- */ for (s = r->server->next; s; s = s->next) { ! if (s->addrs && s->path && !strncmp(r->uri, s->path, s->pathlen) && (s->path[s->pathlen - 1] == '/' || r->uri[s->pathlen] == '/' || r->uri[s->pathlen] == '\0'))