On 08.12.10 12:45, Tom Evans wrote:
The best way to avoid this problem is not dummy vhosts, it is to not
serve multiple websites from the same IP if you intend on handling SSL
for any one of those websites and not the others. SSL sites that share
a certificate (eg, if you have a wildcard
On 08.12.2010 12:48, Tom Evans wrote:
... and serve data from the www.hosta.com vhost.
On 08.12.10 13:21, b...@kanka.de wrote:
.. but at this point apache knows that there is something wrong with the
request or the configuration, and should throw an error instead of
serving the wrong
On 07.12.10 19:08, b...@kanka.de wrote:
I've switched to a new debian server with apache 2.2.9 and installed the
'phpgadmin'
tool via a debian package.
This copies the php sources outside of /var/www and sets an 'alias ..'
directive in /etc/apache2/conf.d/
Now what happens to my surprise
Hello,
On 08.12.2010 11:38, Matus UHLAR - fantomas wrote:
Now what happens to my surprise is that /phppgadmin is accessible via
all my virtual hosts, not just the one (base host) where it is
defined.
...
On 07.12.10 20:27, Joost de Heer wrote:
SSL namebased virtualhosting will not work.
..
On Wed, Dec 8, 2010 at 11:13 AM, b...@kanka.de wrote:
Just to make it clear:
What I perceived as a .. quirky behaviour of apache was that it did _not_
throw an error when https://not-ssl-configured-domain.xx is requested.
How to run several https domains with one IP was not my challenge.
/
Hello,
On 08.12.2010 12:48, Tom Evans wrote:
Until the incoming request has been received and decrypted, apache has
no clue that the domain requested was 'not-ssl-configured-domain.xx'.
That's kind of the point of SSL.
Ok, thanks for pointing that out.
Apache determines which vhost to use
ServerName ... exclusive directive for
the config (and logic behind) could make sense, or maybe it exists and my
weary eyes overread it.
This facility is effectively already there by creating a default
(first-listed) name-based virtual host and handling unspecified
domains that show up on that
Hello,
On 08.12.2010 13:31, Eric Covener wrote:
ServerName ... exclusive directive for
the config (and logic behind) could make sense, ...
This facility is effectively already there by creating a default
(first-listed) name-based virtual host and handling unspecified
domains that show up on
On Wed, Dec 8, 2010 at 12:21 PM, b...@kanka.de wrote:
Hello,
On 08.12.2010 12:48, Tom Evans wrote:
Until the incoming request has been received and decrypted, apache has
no clue that the domain requested was 'not-ssl-configured-domain.xx'.
That's kind of the point of SSL.
Ok, thanks for
Hello,
On 08.12.2010 13:45, Tom Evans wrote:
.. but at this point apache knows that there is something wrong with the
request or the configuration, and should throw an error instead of serving
the wrong data.
Typically, you don't even get to that point. Most browsers will throw
a fit if they
Hello,
On 08.12.2010 14:13, Tom Evans wrote:
...
And the experienced user has seen these warnings often, so he regularly
clicked on I understand the risks and accepted the ssl session anyway -
and it's even wiser in most cases to do because mostly you're better off (in
web 2.0 services for
On Wed, Dec 8, 2010 at 7:43 AM, b...@kanka.de wrote:
Hello,
On 08.12.2010 13:31, Eric Covener wrote:
ServerName ... exclusive directive for
the config (and logic behind) could make sense, ...
This facility is effectively already there by creating a default
(first-listed) name-based
Hello,
On 08.12.2010 15:03, Eric Covener wrote:
And at least 50% of the world would think whatever you intuitively
expect to happen in this case is quirky. That's why there's a
configuration file.
I expect nothing to happen intuitively.
What happens now, serving any-SSL violating the vhost
On Wed, Dec 8, 2010 at 9:54 AM, b...@kanka.de wrote:
Hello,
On 08.12.2010 15:03, Eric Covener wrote:
And at least 50% of the world would think whatever you intuitively
expect to happen in this case is quirky. That's why there's a
configuration file.
I expect nothing to happen
Hello,
On 08.12.2010 16:01, Eric Covener wrote:
.. I propose a less quirky configuration, for example
with ServerName .. exclusive
So it would handshake with the wrong information and serve the wrong
virtualhosts error documents?
The exclusive defined vhost would do what the second vhost in
Hello,
I've switched to a new debian server with apache 2.2.9 and installed the
'phpgadmin'
tool via a debian package.
This copies the php sources outside of /var/www and sets an 'alias ..'
directive in /etc/apache2/conf.d/
Now what happens to my surprise is that /phppgadmin is accessible via
What works and should _not_ work:
https://twosite.com/phppgadmin
You only listed one port 443 virtualhost, and it has the Alias in it.
Apache finds the best match for the IP:Port, then looks at the
ServerName/ServerAlias in that set of NameVirtualHost's.
Hello,
On 07.12.2010 19:13, Eric Covener wrote:
What works and should _not_ work:
https://twosite.com/phppgadmin
You only listed one port 443 virtualhost, and it has the Alias in it.
Apache finds the best match for the IP:Port, then looks at the
ServerName/ServerAlias in that set of
On Tue, Dec 7, 2010 at 1:26 PM, b...@kanka.de wrote:
Hello,
On 07.12.2010 19:13, Eric Covener wrote:
What works and should _not_ work:
https://twosite.com/phppgadmin
You only listed one port 443 virtualhost, and it has the Alias in it.
Apache finds the best match for the IP:Port, then
Hello,
On 07.12.2010 19:35, Eric Covener wrote:
...
No, based on my short description of how a virtualhost is found, you
never jump to 2nd-best IP:PORT match to match up a
servername/serveralias ...
Right, so I'd expect apache to throw an error - instead it uses a ServerName
from another
Now what happens to my surprise is that /phppgadmin is accessible via
all my virtual hosts, not just the one (base host) where it is
defined.
All your virtual hosts or all your SSL virtual hosts?
https://onesite.com/phppgadmin
https://twosite.com/phppgadmin
SSL namebased virtualhosting
Hi,
On 07.12.2010 20:27, Joost de Heer wrote:
Now what happens to my surprise is that /phppgadmin is accessible via
all my virtual hosts, not just the one (base host) where it is
defined.
All your virtual hosts or all your SSL virtual hosts?
The latter.
https://onesite.com/phppgadmin
So apache should throw an error, right?
Apache uses the first virtual host in each set of NameVirtualHost's as
a default/catch-all after IP-based vhosting as selected that
host:port.
--
Eric Covener
cove...@gmail.com
-
The
Ho,
On 07.12.2010 20:33, Eric Covener wrote:
Apache uses the first virtual host in each set of NameVirtualHost's as
a default/catch-all after IP-based vhosting ...
Now I understand, thanks for your patience in explaining it.
What I did now is add a dummy-domain on top of my SSL config:
##
24 matches
Mail list logo
