https://issues.apache.org/bugzilla/show_bug.cgi?id=50388
Summary: DNS stealing example might be wrong
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [email protected]
Hi.
Here http://httpd.apache.org/docs/2.2/dns-caveats.html#denial you describe an
example how traffic to a vhost could be stolen by another one (on the same
server).
In the example it's def.com with control over the domainname, which is the
_second_ vhost definition.
As far as I understood the vhost matching process and as my examples showed,
the first vhost is always used if multiple would match (in both cases IP and
name based).
So that the stealing really works (for def.com) the vhosts woul need to be
swapped:
<VirtualHost www.def.dom>
ServerAdmin [email protected]
DocumentRoot /www/def
</VirtualHost>
<VirtualHost www.abc.dom>
ServerAdmin [email protected]
DocumentRoot /www/abc
</VirtualHost>
Or don't I see something?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
