: How to prevent one named virtual host from "seeing" another virtual hosts files ?

: How to prevent one named virtual host from "seeing" another virtual hosts files ?

Post by Sean O'Neil » Wed, 21 Feb 2001 11:59:18



I have a question about named virtual hosts.  I have the following
config (with IPs changed):

Aapche server IP 192.168.1.1

Named virtual host - host1.mydomain.com
Docroot = /usr/local/apache/htdocs-host1

Named virtual host - host2.mydomain.com
Docroot = /usr/local/apache/htdocs-host2

I want SSL enabled on the host1.mydomain.com but NOT on htdocs-host2.

I've setup what I thought was going to work and it does almost.
Normal non-SSL access works fine.  Its the SSL part that is messed up.
If I access https://host2.mydomain.com, I get the index.html page for
host1.mydomain.com.  This has to be related to how the VirtualHost
container is setup for host1.mydomain.com.

Can someone help me out?  How do I prevent host2 from being
accessed by HTTPS completely, if possible ?  Is there a named virtual
host configuration that allows some hosts to have both 80 and 443
access and other to only have 80 and maybe again other to only have
443?

The following are the options that I think are important in the
httpd.conf file:

#
# Virtual Host host1.mydomain.com
# DocumentRoot, ErrorLog, CustomLog, and all that should be taken
# from the already defined values from the httpd.conf - I think
#
<VirtualHost 192.168.1.180>
    ServerName host1.mydomain.com
</VirtualHost>

#
# Virtual Host host2.mydomain.com
#
<VirtualHost 192.168.1.1:80>
    ServerName host2.mydomain.com

    DocumentRoot /usr/local/apache/htdocs-host2
    ErrorLog /usr/local/apache/logs/host2-error_log
    CustomLog /usr/local/apache/logs/host2-access_log combined
</VirtualHost>

<IfDefine SSL>

<VirtualHost 192.168.1.1:443>

#  General setup for the virtual host
ServerName host1.mydomain.com

DocumentRoot /usr/local/apache/host1-secure-htdocs
ErrorLog /usr/local/apache/logs/host1-ssl_error_log
TransferLog /usr/local/apache/logs/host1-ssl_access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#### And all that jazz

</VirtualHost>

 
 
 

: How to prevent one named virtual host from "seeing" another virtual hosts files ?

Post by Sean O'Neil » Wed, 21 Feb 2001 14:08:10


On Mon, 19 Feb 2001 20:59:18 -0600, Sean O'Neill


>Can someone help me out?  How do I prevent host2 from being
>accessed by HTTPS completely, if possible ?  Is there a named virtual
>host configuration that allows some hosts to have both 80 and 443
>access and other to only have 80 and maybe again other to only have
>443?

Well, trying to have two seperate VirtualHosts utilize SSL seems to be
impossible at least according to the following I found on the Net:

(copied from
http://www.seul.org/archives/linuxkb/linuxkb-list/Oct-1999/msg00053.html)

Also, I don't have any experiance with the _default_ flag for
VirtualHosts.  I recommend you name each virtual host explicitly.
And, you can't run the same SSL server for two different VirtualHosts.
It doesnot work.  It will never work.  It can't work.  Basically, you
can have only one SSL certificate per httpd, and SSL certs are
specific to a specific host.  This gets asked all the time on the
mod_ssl list, so check the archives for details if your curious.
(Search on VirtualHosts)

But is it possible to restrict it so that only ONE of the virtualhosts
can utilize SSL and the other one can not ???

 
 
 

: How to prevent one named virtual host from "seeing" another virtual hosts files ?

Post by Miguel Cr » Wed, 21 Feb 2001 19:10:57



Quote:> And, you can't run the same SSL server for two different VirtualHosts.
> It doesnot work.  It will never work.  It can't work.  Basically, you
> can have only one SSL certificate per httpd, and SSL certs are
> specific to a specific host.  This gets asked all the time on the
> mod_ssl list, so check the archives for details if your curious.
> (Search on VirtualHosts)

Are you sure? I'm too lazy to try setting it up just now, but the
documentation seems to suggest that you can use as many as you like. Of
course, you can't use the same certificate on multiple name-based virtual
hosts, but you should be able to with multiple IP-based virtual hosts on the
same httpd. You sure could with Apache-SSL.

miguel

 
 
 

1. Appropriate HTTP Error Code for "No Default Host" in Name-Based Virtual Host Setup

I am hosting several web sites at the same IP address and I don't intend
to provide a default host.

(Example: Let's say I am hosting www.foo.tld and www.bar.tld at
10.20.30.40. I want to show an appropriate error message for all
requests to http://10.20.30.40, i.e., any requests that don't use a FQHN.)

Obviously, I could declare a default host that serves a single HTML file
with a message such as, "Please always use the FQHN when requesting web
pages hosted at this address" (or sth to that effect), but that would
automatically send a 200 code with the response, which doesn't strike me
as correct.

I am not quite sure what HTTP error code to generate. Several candidates
look like they mey be appropriate, e.g.,

403 Forbidden
409 Conflict
501 Not Implemented

Any input?

Thanks,
Thorsten

2. IBM 3590 tape drive on 5.05

3. Apache 1.3b2: Default Host and all virtual hosts serve only first virtual hosts pages?

4. How does ioctl() work?

5. Mixing Apache Name Based Virtual Hosts and SSL Virtual Host

6. RT-11 Emulation under Ultrix?

7. FrontPage virtual hosting, removal or reset of virtual host

8. LOOK FIRST-- FORGED SPAM

9. For Discussion: web virtual hosting vs mail virtual hosting

10. named: "found it", ping: "unknown host"

11. Apache Question: "Virtual hosts"

12. Virtual host "lite"?

13. CGI-Virtual Host-IP Aliasing "Sorry....Cant run from here!"