Appropriate HTTP Error Code for "No Default Host" in Name-Based Virtual Host Setup

Appropriate HTTP Error Code for "No Default Host" in Name-Based Virtual Host Setup

Post by Thorste » Tue, 26 Nov 2002 11:49:04



I am hosting several web sites at the same IP address and I don't intend
to provide a default host.

(Example: Let's say I am hosting www.foo.tld and www.bar.tld at
10.20.30.40. I want to show an appropriate error message for all
requests to http://10.20.30.40, i.e., any requests that don't use a FQHN.)

Obviously, I could declare a default host that serves a single HTML file
with a message such as, "Please always use the FQHN when requesting web
pages hosted at this address" (or sth to that effect), but that would
automatically send a 200 code with the response, which doesn't strike me
as correct.

I am not quite sure what HTTP error code to generate. Several candidates
look like they mey be appropriate, e.g.,

403 Forbidden
409 Conflict
501 Not Implemented

Any input?

Thanks,
Thorsten

 
 
 

Appropriate HTTP Error Code for "No Default Host" in Name-Based Virtual Host Setup

Post by Joshua Sli » Wed, 27 Nov 2002 03:28:19



> I am hosting several web sites at the same IP address and I don't intend
> to provide a default host.

> (Example: Let's say I am hosting www.foo.tld and www.bar.tld at
> 10.20.30.40. I want to show an appropriate error message for all
> requests to http://10.20.30.40, i.e., any requests that don't use a FQHN.)

> Obviously, I could declare a default host that serves a single HTML file
> with a message such as, "Please always use the FQHN when requesting web
> pages hosted at this address" (or sth to that effect), but that would
> automatically send a 200 code with the response, which doesn't strike me
> as correct.

> I am not quite sure what HTTP error code to generate. Several candidates
> look like they mey be appropriate, e.g.,

> 403 Forbidden
> 409 Conflict
> 501 Not Implemented

Don't just go by the title of the error code.  "Not Implemented" and "Conflict"
have very specific meanings that are not appropriate to your situation.  Check
the HTTP/1.1 spec for details.

Assuming that you are using
NameVirtualHost *
Then all you need to do is list the following BEFORE ANY OTHER VHOSTS
in your config file:

<VirtualHost *>
ServerName 10.20.30.40
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>

That will give you a 403, which is appropriate.  Alternatively, you
could remove the Location block and add
DocumentRoot /dev/null
which should give you a 404, which would also be appropriate.

Joshua.

 
 
 

Appropriate HTTP Error Code for "No Default Host" in Name-Based Virtual Host Setup

Post by Thorste » Wed, 27 Nov 2002 05:52:06




>>I am hosting several web sites at the same IP address and I don't intend
>>to provide a default host.
>>I am not quite sure what HTTP error code to generate. Several candidates
>>look like they may be appropriate, e.g.,

>>403 Forbidden
>>409 Conflict
>>501 Not Implemented
> Don't just go by the title of the error code.

I didn't. But RFC 2068 (this is the authoritative source in this regard,
no?) doesn't really go into too much detail explaining all the possible
scenarios for the specific codes. E.g., for code 409, an example is
given (a PUT with "bad" data), but nothing is said about other possible
scenarios where a 409 may or may not be appropriate.

The definition given for 501 is even less verbose. It does seem to
indicate that the chosen request method, i.e., HEAD, GET, PUT, etc. is
not supported, but without any explicit statement, one could possibly
make an argument that "method" might be used in a wider sense, e.g.,
"the method the URI is formatted". I acknowledge that this was my
weakest candidate, but that's what have the experts in Usenet for, to
explain the details, right? ;-)

Quote:> "Not Implemented" and "Conflict"
> have very specific meanings that are not appropriate to your situation.  Check
> the HTTP/1.1 spec for details.

Well, taken at face value (and without possibly existing commentary),
things don't seem to be so clear (at least to me.) Can anyone recommend
an (authoritative) commentary on this RFC?

Quote:> That will give you a 403, which is appropriate.  Alternatively,
> [...] a 404, which would also be appropriate.

I really don't want to use 404 in this context. While perhaps formally
appropriate, it is usually generated for broken links, ill-configured
servers, unmaintained default configurations, etc. Something similar
(although to a much lesser extend) could be said about 403.

However, the message I am trying to convey is different, i.e., "I am
intentionally not returning any content here, because you are supposed
to use a FQHN in your URI. Since multiple hosts can be reached at this
address, using a numeric IP address as the host name would lead to
ambiguities. Please figure out which host you want and then come back."

Perhaps there is no perfect code for my situation. Right now I am
leaning towards either using 403 or 200, each accompanied by an
appropriate explanation.

Thanks for the input,
Thorsten

 
 
 

1. : How to prevent one named virtual host from "seeing" another virtual hosts files ?

I have a question about named virtual hosts.  I have the following
config (with IPs changed):

Aapche server IP 192.168.1.1

Named virtual host - host1.mydomain.com
Docroot = /usr/local/apache/htdocs-host1

Named virtual host - host2.mydomain.com
Docroot = /usr/local/apache/htdocs-host2

I want SSL enabled on the host1.mydomain.com but NOT on htdocs-host2.

I've setup what I thought was going to work and it does almost.
Normal non-SSL access works fine.  Its the SSL part that is messed up.
If I access https://host2.mydomain.com, I get the index.html page for
host1.mydomain.com.  This has to be related to how the VirtualHost
container is setup for host1.mydomain.com.

Can someone help me out?  How do I prevent host2 from being
accessed by HTTPS completely, if possible ?  Is there a named virtual
host configuration that allows some hosts to have both 80 and 443
access and other to only have 80 and maybe again other to only have
443?

The following are the options that I think are important in the
httpd.conf file:

#
# Virtual Host host1.mydomain.com
# DocumentRoot, ErrorLog, CustomLog, and all that should be taken
# from the already defined values from the httpd.conf - I think
#
<VirtualHost 192.168.1.180>
    ServerName host1.mydomain.com
</VirtualHost>

#
# Virtual Host host2.mydomain.com
#
<VirtualHost 192.168.1.1:80>
    ServerName host2.mydomain.com

    DocumentRoot /usr/local/apache/htdocs-host2
    ErrorLog /usr/local/apache/logs/host2-error_log
    CustomLog /usr/local/apache/logs/host2-access_log combined
</VirtualHost>

<IfDefine SSL>

<VirtualHost 192.168.1.1:443>

#  General setup for the virtual host
ServerName host1.mydomain.com

DocumentRoot /usr/local/apache/host1-secure-htdocs
ErrorLog /usr/local/apache/logs/host1-ssl_error_log
TransferLog /usr/local/apache/logs/host1-ssl_access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#### And all that jazz

</VirtualHost>

2. Kernel Modules & procfs ?

3. Help: setup name-based or port-based virtual web host.

4. Arabic Support for RedHat 6.x

5. Mixing Apache Name Based Virtual Hosts and SSL Virtual Host

6. config

7. Apache 1.3b2: Default Host and all virtual hosts serve only first virtual hosts pages?

8. something wrong with hub.freebsd.org?

9. named: "found it", ping: "unknown host"

10. Appropriate Tools for "enhancing" / "fixing" / creating Linux GPLed code

11. Name-based vs IP based virtual hosts

12. Mixing IP-based and name-based virtual hosts?

13. Can IP-based and Name-Based Virtual Hosting coexist