Received: by taz.hyperreal.com (8.6.12/8.6.5) id DAA10074; Sat, 3 Feb 1996 03:49:07 -0800 Received: from infinity.c2.org by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP id DAA10067; Sat, 3 Feb 1996 03:49:04 -0800 Received: (from sameer@localhost) by infinity.c2.org (8.7.1/8.6.9) id DAA04479 for new-httpd@hyperreal.com; Sat, 3 Feb 1996 03:43:23 -0800 (PST) Community ConneXion: Privacy & Community: From: sameer Message-Id: <199602031143.DAA04479@infinity.c2.org> Subject: Re: How about mixing BindAddress and VirtualHost??? To: new-httpd@hyperreal.com Date: Sat, 3 Feb 1996 03:43:20 -0800 (PST) In-Reply-To: from "Cliff Skolnick" at Feb 2, 96 05:21:41 pm X-Mailer: ELM [version 2.4 PL20] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com > > Now we could just have apache do a binch of seperate binds for the set of > virtualhost directives, but I hope this is not the default behavior. It > is kind of nice having a sane default behavior, instead of "server not > responding" when you try and get a page from an address configured on the > machine with no specific virtualhost directive. I'd actually prefer this to be the default, but we obviously can't change it to that, because that would break people expecting current default behavior. In any case, in addition to what Tony described, you also have a security hole in that if you bind to INADDR_ANY someone else can bind to a specific ip# right under you, and steal connections, spoofing you. (You can spoof nfs this way, if your nfsd binds to INADDR_ANY.) Allowing for multiple binds with virtualhosts i think is good.. You'd have to have multiple sockets and select though, wouldn't you? -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org