Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "CommonMisconfigurations" page has been changed by ChrisPepper. http://wiki.apache.org/httpd/CommonMisconfigurations?action=diff&rev1=9&rev2=10 -------------------------------------------------- # Options and stuff defined here. </VirtualHost> }}} - Why is the first virtual host wrong? It's wrong on a couple of levels. The most obvious is that some.domain.com used in the first <!VirtualHost> block doesn't match *:80 used in !NameVirtualHost. The other being that !NameVirtualHost refers to an interface, not a domain. For instance using *:80, means catch all interfaces on port 80. !NameVirtualHost 1.1.1.1:80, would mean to catch the interface defined as 1.1.1.1 on port 80. While you can use a "!NameVirtualHost some.domain.com/<!VirtualHost some.domain.com>" combination, it doesn't really make sense and is not used... at least not used by anyone who's experienced with Apache administration.<<BR>><<BR>> + Why is the first virtual host wrong? It's wrong on a couple levels. The most obvious is that some.domain.com, used in the first <!VirtualHost> block, doesn't match *:80 used in !NameVirtualHost. The other is that !NameVirtualHost refers to an interface, not a domain. For instance, using *:80 means all interfaces on port 80. !NameVirtualHost 1.1.1.1:80 means address 1.1.1.1 on port 80. While you can use a "!NameVirtualHost some.domain.com/<!VirtualHost some.domain.com>" combination, it doesn't make much sense and is not generally used... at least not used by anyone experienced with Apache administration.<<BR>><<BR>> Reports in #httpd suggest that Webmin 1.510 (at least) may cause this issue. <<BR>><<BR>> @@ -102, +102 @@ # SSL options, other options, and stuff defined here. </VirtualHost> }}} - Because of the nature of SSL, host information isn't used when first establishing a SSL connection. Apache will always use the certificate of the default virtual host, which is the first defined virtual host in name based virtual hosts. While this doesn't mean that you won't ever be able to access the second virtual host, it does mean your users will always get a certificate mismatch popup warning when trying to access some.domain2.com. Read more about this at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2.<<BR>><<BR>> Also, note that the configuration above isn't something someone would normally use for SSL, which requires a static, non-shared IP address -- !NameVirtualHost 127.124.3.53:80 is a more likely format. However, using !NameVirtualHost *:443 is commonly seen in howtos for Debian/Ubuntu.<<BR>><<BR>> + Because of the nature of SSL, host information isn't used when ''establishing'' an SSL connection. Apache will always use the certificate of the default virtual host, which is the first defined virtual host for name-based virtual hosts. While this doesn't mean that you won't ever be able to access the second virtual host, it does mean your users will always get a certificate mismatch warning when trying to access some.domain2.com. Read more about this at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2.<<BR>><<BR>> Also, note that the configuration above isn't something someone would normally use for SSL, which requires a static, non-shared IP address -- !NameVirtualHost 127.124.3.53:80 is a more likely format. However, using !NameVirtualHost *:443 is common in howtos for Debian/Ubuntu.<<BR>><<BR>> === Scope === ==== Adding/Restricting access and options in <Directory /> ==== @@ -144, +144 @@ # Other options defined. </Directory> }}} - Script aliased directories do not allow for directory listings specified with Options Indexes. This is a security feature. Also, script aliased directories automatically try and execute everything in them. So, Options ExecCGI is unnecessary. The DirectoryIndex directive also does not work in a script aliased directory. The workaround for this if you really need directory listings or other directory indexing options is to use Alias instead of ScriptAlias.<<BR>><<BR>> Example: + Script aliased directories do not allow directory listings specified with Options Indexes -- this is a security feature. Also, script aliased directories automatically try to execute everything in them, so Options ExecCGI is unnecessary. The DirectoryIndex directive also does not work in a script aliased directory. The workaround, if you really need directory listings or other directory indexing options, is to use Alias instead of ScriptAlias.<<BR>><<BR>> Example: {{{ Alias /cgi-bin/ /var/www/cgi-bin/
