Martin Decker <[EMAIL PROTECTED]> wrote:
>
> I just wanted to ask what the latest information regarding name-based
> vhosts is. I am using apache with 3 name-based ssl vhosts and a dozen
> normal vhosts and it seems to work ok. Howevery, in the ssl_engine_log i
> get a warning: [05/Sep/2000 10:54:39 15677] [warn] Init: You should not
> use name-based virtual hosts in conjunction with SSL!!
Name-based virtual hosts do not work with SSL, full-stop. This is because
the SSL session must be established (and by implication a virtual server
chosen) *before* the http Host: header can be passed to the server.
The lowdown is as follows.
When apache receives a request, it knows the the IP address and port number
the request was received on. It can use this info to select from
the various
<VirtualHost AA.BB.CC.DD:PP>
entries. This works for both http and https.
In the specific case of http (but not https), if for a specific
AA.BB.CC.DD:PP combination there is a directive
NameVirtualHost AA.BB.CC.DD:PP,
then apache will look for a virtual server which matches all *three* of
IP, port, host, ie it will look for a matching
<VirtualHost AA.BB.CC.DD:PP>
ServerName HHH or
ServerAlias HHH
rather than just
<VirtualHost AA.BB.CC.DD:PP>
* Dave Mitchell, Operations Manager,
* Fretwell-Downing Facilities Ltd, UK. [EMAIL PROTECTED]
* Tel: +44 114 281 6113. The usual disclaimers....
*
* Standards (n). Battle insignia or tribal totems
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
