On 01/12/17 18:36, Timothy D Legg wrote:
and then believes that running a2dissite on all these, perhaps to make a
backup of a php-encrusted website (such as mine) that the document root
will default to the top level of all these sites and perhaps reveal SQL
passwords in the process.
I hope this is not true...
As far as I understand it will work exactly as you described, although
keeping virtual hosts under default document root is not a good
practice. Also, leaving Apache listen to some port without configuring
site on that port does not look like good practice too.
I personally favour creating default virtualhost with dummy name which
(among other things) will get shown to bots that don't provide host name
or SNI. For instance, it may always return 403.
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
