dgaudet 97/03/20 15:30:53
Modified: htdocs/manual bind.html
htdocs/manual/mod core.html
src CHANGES http_config.c http_main.c http_protocol.c
Log:
Add documentation for DNS issues (reliability and security), and try
to explain the virtual host matching process.
Try to continue gracefully by disabling the vhost if a DNS lookup
fails while parsing the configuration file.
Reviewed by: Roy, Jim
Revision Changes Path
1.5 +2 -1 apache/htdocs/manual/bind.html
Index: bind.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/bind.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -C3 -r1.4 -r1.5
*** bind.html 1996/12/02 18:13:38 1.4
--- bind.html 1997/03/20 23:30:44 1.5
***************
*** 89,95 ****
<a href="virtual-host.html">Virtual Hosts</a>,
<a href="host.html">Non-IP virtual hosts</a>,
<a href="mod/core.html#bindaddress">BindAddress directive</a>,
! <a href="mod/core.html#port">Port directive</a>
and
<a href="mod/core.html#virtualhost"><VirtualHost> section</a>.
</ul>
--- 89,96 ----
<a href="virtual-host.html">Virtual Hosts</a>,
<a href="host.html">Non-IP virtual hosts</a>,
<a href="mod/core.html#bindaddress">BindAddress directive</a>,
! <a href="mod/core.html#port">Port directive</a>,
! <a href="dns-caveats.html">DNS Issues</a>
and
<a href="mod/core.html#virtualhost"><VirtualHost> section</a>.
</ul>
1.42 +32 -8 apache/htdocs/manual/mod/core.html
Index: core.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -C3 -r1.41 -r1.42
*** core.html 1997/03/17 08:16:07 1.41
--- core.html 1997/03/20 23:30:46 1.42
***************
*** 245,250 ****
--- 245,252 ----
<A HREF="#virtualhost"><VirtualHost></A> sections.
<p><strong>See Also:</strong>
+ <a href="../dns-caveats.html">DNS Issues</a><br>
+ <strong>See Also:</strong>
<a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
<hr>
***************
*** 620,626 ****
interfaces, but only on the port given by the <a href="#port">Port</a>
directive.</p>
! <p><strong>See Also</strong>:
<a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
<hr>
--- 622,630 ----
interfaces, but only on the port given by the <a href="#port">Port</a>
directive.</p>
! <p><strong>See Also:</strong>
! <a href="../dns-caveats.html">DNS Issues</a><br>
! <strong>See Also:</strong>
<a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
<hr>
***************
*** 1105,1112 ****
The ServerAlias directive sets the alternate names for a host, for use
with
<a href="../host.html">Host-header based virtual hosts</a>.
! <p><hr>
<A name="servername"><h2>ServerName directive</h2></A>
<!--%plaintext <?INDEX {\tt ServerName} directive> -->
--- 1109,1118 ----
The ServerAlias directive sets the alternate names for a host, for use
with
<a href="../host.html">Host-header based virtual hosts</a>.
+ <p><strong>See Also</strong>:
+ <a href="../vhosts-in-depth.html">In-depth description of Virtual Host
matching</a></p>
! <hr>
<A name="servername"><h2>ServerName directive</h2></A>
<!--%plaintext <?INDEX {\tt ServerName} directive> -->
***************
*** 1120,1126 ****
not work reliably, or may not return the preferred hostname. For example:
<blockquote><code>ServerName www.wibble.com</code></blockquote>
would be used if the canonical (main) name of the actual machine
! were <code>monster.wibble.com</code>.<p><hr>
<A name="serverpath"><h2>ServerPath directive</h2></A>
--- 1126,1135 ----
not work reliably, or may not return the preferred hostname. For example:
<blockquote><code>ServerName www.wibble.com</code></blockquote>
would be used if the canonical (main) name of the actual machine
! were <code>monster.wibble.com</code>.<p>
! <p><strong>See Also</strong>:
! <a href="../dns-caveats.html">DNS Issues</a></p>
! <hr>
<A name="serverpath"><h2>ServerPath directive</h2></A>
***************
*** 1132,1137 ****
--- 1141,1148 ----
The ServerPath directive sets the legacy URL pathname for a host, for
use with <a href="../host.html">Host-header based virtual hosts</a>.
+ <p><strong>See Also</strong>:
+ <a href="../vhosts-in-depth.html">In-depth description of Virtual Host
matching</a></p>
<hr>
<A name="serverroot"><h2>ServerRoot directive</h2></A>
***************
*** 1260,1271 ****
<A name="virtualhost"><h2><VirtualHost> directive</h2></A>
<!--%plaintext <?INDEX {\tt VirtualHost} section directive> -->
! <strong>Syntax:</strong> <VirtualHost <em>addr</em>[:<em>port</em>]>
...
</VirtualHost> <br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Core.<br>
! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting is
! only available in Apache 1.2 and later.<p>
<VirtualHost> and </VirtualHost> are used to enclose a group of
directives which will apply only to a particular virtual host.
--- 1271,1284 ----
<A name="virtualhost"><h2><VirtualHost> directive</h2></A>
<!--%plaintext <?INDEX {\tt VirtualHost} section directive> -->
! <strong>Syntax:</strong> <VirtualHost <em>addr</em>[:<em>port</em>]
...> ...
</VirtualHost> <br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Core.<br>
! <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting only
! available in Apache 1.1 and later.<br>
! <strong>Compatibility:</strong> Multiple address support only available in
! Apache 1.2 and later.<p>
<VirtualHost> and </VirtualHost> are used to enclose a group of
directives which will apply only to a particular virtual host.
***************
*** 1296,1311 ****
command (if your OS supports it), or with kernel patches like <A
HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
! SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
<p><strong>See also:</strong>
<A HREF="../virtual-host.html">Information on Virtual Hosts.
(multihome)</A><br>
<strong>See also:</strong>
! <a href="../host.html">Non-IP address-based Virtual Hosts</a>
</p>
<!--#include virtual="footer.html" -->
--- 1309,1335 ----
command (if your OS supports it), or with kernel patches like <A
HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
! The special name <code>_default_</code> can be specified in which case
! this virtual host will match any ip address that is not explicitly listed
! in another virtual host. In the absence of any _default_ virtual host
! the "main" server config, consisting of all those definitions outside
! any VirtualHost section, is used when no match occurs.<p>
!
! <strong>SECURITY</strong>: See the
! <A HREF="../misc/security_tips.html">security tips</A>
document for details on why your security could be compromised if
the directory where logfiles are stored is writable by anyone other
than the user that starts the server.
<p><strong>See also:</strong>
+ <A HREF="../dns-caveats.html">Warnings about DNS and Apache</a><br>
+ <strong>See also:</strong>
<A HREF="../virtual-host.html">Information on Virtual Hosts.
(multihome)</A><br>
<strong>See also:</strong>
! <a href="../host.html">Non-IP address-based Virtual Hosts</a><br>
! <strong>See also:</strong>
! <a href="../vhosts-in-depth.html">In-depth description of Virtual Host
matching</a>
</p>
<!--#include virtual="footer.html" -->
1.208 +6 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.207
retrieving revision 1.208
diff -C3 -r1.207 -r1.208
*** CHANGES 1997/03/20 18:40:11 1.207
--- CHANGES 1997/03/20 23:30:48 1.208
***************
*** 45,50 ****
--- 45,56 ----
*) Fixed server status updating of per-connection counters. [Roy Fielding]
+ *) Add documentation for DNS issues (reliability and security), and try
+ to explain the virtual host matching process. [Dean Gaudet]
+
+ *) Try to continue gracefully by disabling the vhost if a DNS lookup
+ fails while parsing the configuration file. [Dean Gaudet]
+
*) Workaround to a compiler bug that causes SunOS 4.1.x to panic.
[Roy Fielding]
1.46 +5 -6 apache/src/http_config.c
Index: http_config.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_config.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -C3 -r1.45 -r1.46
*** http_config.c 1997/03/18 09:57:40 1.45
--- http_config.c 1997/03/20 23:30:48 1.46
***************
*** 902,909 ****
hep = gethostbyname(w);
if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
! fprintf (stderr, "Cannot resolve host name %s --- exiting!\n", w);
! exit(1);
}
for( i = 0; hep->h_addr_list[i]; ++i ) {
--- 902,910 ----
hep = gethostbyname(w);
if ((!hep) || (hep->h_addrtype != AF_INET || !hep->h_addr_list[0])) {
! fprintf (stderr, "Cannot resolve host name %s --- ignoring!\n", w);
! if (t != NULL) *t = ':';
! return;
}
for( i = 0; hep->h_addr_list[i]; ++i ) {
***************
*** 953,963 ****
}
/* terminate the list */
*addrs = NULL;
! if( s->addrs == NULL ) {
! fprintf( stderr, "virtual host must have at least one address\n" );
! exit(1);
}
- s->port = s->addrs->host_port; /* set them the same, by default */
s->next = NULL;
s->is_virtual = 1;
--- 954,962 ----
}
/* terminate the list */
*addrs = NULL;
! if( s->addrs ) {
! s->port = s->addrs->host_port; /* set them the same, by default */
}
s->next = NULL;
s->is_virtual = 1;
1.132 +28 -16 apache/src/http_main.c
Index: http_main.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_main.c,v
retrieving revision 1.131
retrieving revision 1.132
diff -C3 -r1.131 -r1.132
*** http_main.c 1997/03/18 09:34:52 1.131
--- http_main.c 1997/03/20 23:30:49 1.132
***************
*** 1434,1440 ****
char *def_hostname;
int n;
server_addr_rec *sar;
! int has_inaddr_any;
int mainport = s->port;
int from_local=0;
--- 1434,1440 ----
char *def_hostname;
int n;
server_addr_rec *sar;
! int has_default_vhost_addr;
int mainport = s->port;
int from_local=0;
***************
*** 1473,1486 ****
for (s = s->next; s; s = s->next) {
/* Check to see if we might be a HTTP/1.1 virtual host - same IP */
! has_inaddr_any = 0;
for (n = 0; n < num_addr; n++) {
for(sar = s->addrs; sar; sar = sar->next) {
if (sar->host_addr.s_addr == main_addr[n].s_addr &&
s->port == mainport)
s->is_virtual = 2;
! if( sar->host_addr.s_addr == htonl(INADDR_ANY) ) {
! has_inaddr_any = 1;
}
}
}
--- 1473,1486 ----
for (s = s->next; s; s = s->next) {
/* Check to see if we might be a HTTP/1.1 virtual host - same IP */
! has_default_vhost_addr = 0;
for (n = 0; n < num_addr; n++) {
for(sar = s->addrs; sar; sar = sar->next) {
if (sar->host_addr.s_addr == main_addr[n].s_addr &&
s->port == mainport)
s->is_virtual = 2;
! if( sar->host_addr.s_addr == DEFAULT_VHOST_ADDR ) {
! has_default_vhost_addr = 1;
}
}
}
***************
*** 1489,1509 ****
the presence of multiple addresses on the <VirtualHost>
directive. It should issue warnings here perhaps. -djg */
if (!s->server_hostname) {
! if (s->is_virtual == 2)
! s->server_hostname = s->addrs->virthost;
! else if (has_inaddr_any)
s->server_hostname = def_hostname;
! else
! {
! h = gethostbyaddr ((char *)&(s->addrs->host_addr),
! sizeof (struct in_addr), AF_INET);
! if (h != NULL)
s->server_hostname = pstrdup (pconf, (char *)h->h_name);
! else
! {
! fprintf(stderr,"Failed to resolve server name for %s (check
DNS)\n",inet_ntoa(s->addrs->host_addr));
! exit(0);
}
}
}
}
--- 1489,1521 ----
the presence of multiple addresses on the <VirtualHost>
directive. It should issue warnings here perhaps. -djg */
if (!s->server_hostname) {
! if (s->is_virtual == 2) {
! if (s->addrs) {
! s->server_hostname = s->addrs->virthost;
! } else {
! /* what else can we do? at this point this vhost has
! no configured name, probably because they used
! DNS in the VirtualHost statement. It's disabled
! anyhow by the host matching code. -djg */
! s->server_hostname = "bogus_host_without_forward_dns";
! }
! } else if (has_default_vhost_addr) {
s->server_hostname = def_hostname;
! } else {
! if (s->addrs
! && (h = gethostbyaddr ((char *)&(s->addrs->host_addr),
! sizeof (struct in_addr), AF_INET))) {
s->server_hostname = pstrdup (pconf, (char *)h->h_name);
! } else {
! /* again, what can we do? They didn't specify a
! ServerName, and their DNS isn't working. -djg */
! if (s->addrs) {
! fprintf(stderr, "Failed to resolve server name "
! "for %s (check DNS)\n",
! inet_ntoa(s->addrs->host_addr));
}
+ s->server_hostname = "bogus_host_without_reverse_dns";
+ }
}
}
}
1.110 +7 -1 apache/src/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_protocol.c,v
retrieving revision 1.109
retrieving revision 1.110
diff -C3 -r1.109 -r1.110
*** http_protocol.c 1997/03/20 17:10:11 1.109
--- http_protocol.c 1997/03/20 23:30:50 1.110
***************
*** 692,697 ****
--- 692,703 ----
const char *names;
server_addr_rec *sar;
+ if (s->addrs == NULL) {
+ /* this server has been disabled because of DNS screwups during
+ configuration */
+ continue;
+ }
+
if ((!strcasecmp(host, s->server_hostname)) && (port == s->port)) {
r->server = r->connection->server = s;
if (r->hostlen && !strncmp(r->uri, "http://";, 7)) {
***************
*** 739,745 ****
*/
for (s = r->server->next; s; s = s->next) {
! if (s->path && !strncmp(r->uri, s->path, s->pathlen) &&
(s->path[s->pathlen - 1] == '/' ||
r->uri[s->pathlen] == '/' ||
r->uri[s->pathlen] == '\0'))
--- 745,751 ----
*/
for (s = r->server->next; s; s = s->next) {
! if (s->addrs && s->path && !strncmp(r->uri, s->path, s->pathlen) &&
(s->path[s->pathlen - 1] == '/' ||
r->uri[s->pathlen] == '/' ||
r->uri[s->pathlen] == '\0'))
