-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've had a couple discussions on IRC about this, and I'd like to expand this discussion to more of you. Here's something I see many people do:
<VirtualHost *:80> ServerName example.com ServerAlias www.example.com [*.example.com [other.example.domain]] [other directives] </VirtualHost> This creates at least these problems: * Google and other search engines see multiple sites with exactly the same content. Maybe this reduces your search rank. * SSL either gets more expensive, or screwed up. If you have multiple domains for the same site, then you must have a certificate for each domain. This would not be expensive if CAcerts.org and other free certificate authorities were recognized authorities, but they are not. So you must purchase a certificate for every domain you list in ServerAlias. A wildcard certificate which can be /wildly/ expensive (pardon the pun). If you don't pay for the extra certs, you must let your customers deal with errors saying the domain is using a certificate for another domain. * Some coders use full paths for <link> and <script> tags, and I've seen this break a site with multiple domains. As I see it, any time you have a ServerAlias, you should instead use RedirectPermanent, unless you are also redirecting the ServerAlias. Naturally, you can't put the redirect in the same virtual host because you'd create an infinite loop with the main server redirecting back to itself. Thus, I do this: <VirtualHost *:80> ServerName example.com [other directives] </VirtualHost> <VirtualHost *:80> Server Name www.example.com [ServerAlias *.example.com [other.example.domain]] RedirectPermanent / http://example.com/ </VirtualHost> Some of you might notice that you can do the same with DocumentRewrite, but I prefer RedirectPermanent for straight domain redirecting because: * It sends the appropriate signal to whatever is requesting the domain, saying that this is a permanent thing. * It requires less processing * It's almost certainly faster * There's less coding involved I also have a couple of personal reasons for redirecting in general, whatever the method: * It's my private retribution to people who don't listen. If I say 'mscis.org', I mean 'mscis.org', not 'www.mscis.org'. People who type the www in front get the www taken away. The only improvement would be for a voice recording to say "did I say to put 'www' in front? Let me fix it for you". * People should lose the www in front of all domains. The fact that they are asking for the domain on port 80 or 443 means they are seeking for web content. You don't need the www to tell the server to give web content. Perhaps a few cases call for enforcing the www, but I think most cases, you can throw them out. Either way, I can force it to go the way I need it to go. The exception, where you might want to use DocumentRewrite instead of RedirectPermanent is perhaps SSL domain redirecting (<VirtualHost *:443>) because you have to include the certificate information for the domain you want to forward, even it's just a RedirectPermanent. There's also another potential problem. If client software does it's own redirecting, and you do the opposite redirect in httpd.conf, you will end up with an infinite redirect loop that might be hard to find, especially if the client software stores the domain information in a database (like Wordpress does). Those are my thoughts on the matter. I'd like to see what some of you have to say about RedirectPermanent usage. Are my premises for using it all accurate? Brandon Stout Stout Hosting LLC -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkna5MkACgkQx0pgn74qrcK/JQCeIvAfKunUQ2j4bYCk+VGkcEM7 v+QAnii608HNE5LuhRNN5n/T+FhL14jV =EJQr -----END PGP SIGNATURE----- _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
