The following reply was made to PR config/1927; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: Andreas Heilwagen <[EMAIL PROTECTED]> Cc: Apache bugs database <[EMAIL PROTECTED]> Subject: Re: config/1927: Get full access to apache installation path by misusing https Date: Tue, 10 Mar 1998 08:25:27 -0700 (MST) On Tue, 10 Mar 1998, Andreas Heilwagen wrote: > Marc Slemko wrote: > > > > Well, that is the problem then. You set the DocumentRoot explicitly to > > tell the server to serve files from that directory. If the request > > doesn't match any vhost, it uses the main DocumentRoot. I don't see any > > problems with Apache serving files from where you have told it to serve > > files... > > Do you really think it should be correct behaviour that apache serves > files for servers which are not configured. Remember, you can get Yes. > files by https://www.<domain>.<tld> where only http://www.<domain>.<tld> > has been configured. > I think your answer is correct but too easy. There are enough reasons > to run apache with only virtual servers. If you don't want it to do that, add an explicit Listen statement for each IP address and port you want to listen on. Otherwise, the only thing that makes sense is for it to serve files for "servers which aren't configured". Think about what happens in the case of not having any virtualhosts. All adding virtualhosts does is add specific host and/or IP and/or port combinations to treat differently.
