ID: 37323 User updated by: jameslporter at gmail dot com Reported By: jameslporter at gmail dot com -Status: Bogus +Status: Closed Bug Type: Apache2 related Operating System: Gentoo PHP Version: 5.1.4 New Comment:
This is not a bug at all! You simply need to change the UseCanonicalName to on!! With it off it will use the header, with it on it will use the ServerName configuration. http://www.apacheref.com/ref/http_core/UseCanonicalName.html Maybe add a note about this in the documentation...I saw a few other bug reports similar to this with no resolution. I'm sure a lot of people get frustrated by this! Previous Comments: ------------------------------------------------------------------------ [2006-05-05 17:34:32] [EMAIL PROTECTED] 1.) I doubt they will change anything. 2.) That's just how it is. If you have a certificate for xxx.com you must ensure that users are only accessing xxx.com. ------------------------------------------------------------------------ [2006-05-05 17:21:52] jameslporter at gmail dot com <?php $envs = apache_getenv('Server_Name'); print_r($envs); ?> This will output www.website.com or website.com as well....I assume that this is truly what Apache reports then....Guess it goes up to them now? ------------------------------------------------------------------------ [2006-05-05 17:05:10] jameslporter at gmail dot com Yes, thats why we need our login link to have the SERVER_NAME so that the link would be echo '<a href="https://'.$_SERVER[SERVER_NAME].'/index.php'; Then the browser would be on the correct hostname to compare, rather then showing a warning because www.website.com doesn't match website.com 'SERVER_NAME' The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host. Hmm, bug or no bug? If this is "bogus" then the documentation needs clarifying. ------------------------------------------------------------------------ [2006-05-05 17:00:19] [EMAIL PROTECTED] This doesn't have anything to do with the coice of scripting language. You know that the browser compares the current host name and the one from the cert? ------------------------------------------------------------------------ [2006-05-05 16:55:14] jameslporter at gmail dot com Yes, the serveralias is to allow users who type www.website.com to view the site, for our script though it needs to use the ServerName Directive...I shudder to think of the result of someone who uses another server alias of www.websiteother.com and websiteother.com and www.website.com and website.com .....You would have to buy 4 ssl certs...I think I'll convert our site to .NET before I would do that. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/37323 -- Edit this bug report at http://bugs.php.net/?id=37323&edit=1