httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52978] Binding to an interface instead of an address
Date Fri, 23 Mar 2012 13:28:16 GMT

--- Comment #1 from Alexandre Ferrieux <> 2012-03-23
13:28:16 UTC ---
Are there any plans to make use of SO_BINDTODEVICE, as has been proposed by
various patchers over the years, to allow Apache to bind to a specific device
rather than address ?

The typical use case is a VRRP-managed address that  is *not* owned by the host
at the time httpd starts. It then fails with the regular bind() syscall.

With     setsockopt(..., SO_BINDTODEVICE, "ethX", ...); on could simply bind to
the device, and any floating IP subsequently attached to it (with VRRP or
manual "ip addr add" commands) could receive requests.

Of course, people usually don't care because INADDR_ANY satisfies most simple
uses. However, there are real life setups where one wants to restrict to one
interface for security reasons, or for modularity (because another service or
Apache instance runs on the same port on another interface).

The SO_BINDTODEVICE method could easily be triggered by a syntax extension to
Listen, as has also been proposed by those who do it by hand.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message