httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: WWW Form Bug Report: "check_hostalias bug?" on Solaris 2.x (fwd)y
Date Tue, 21 May 1996 02:12:28 GMT
On Mon, 20 May 1996, wrote:

Thanks for your bug report... I've attempted to answer as best I can,
and have copied the Apache developer list. Hope this helps.

> Problem is, that both the main server running on
> port 80 and the virtual server running on port 443
> have the same server_name and check_hostalias in
> http_protocol.c will replace the r->server (pointing
> to the main server) with a pointer to the virtual
> server, when a netscape (2.0+) browser connects to
> port 80 (note that netscape sends a Host:, thus
> check_hostalias is called).

Hmm. The behavior you describe is most likely a bug, we'll look into
fixing it. Though you should know that the <VirtualHost host:port>
syntax is somewhat unsupported; the member of our project who wrote it
seems to have disappeared, so it may not be reliable.

> - shouldn't check_hostalias consider only virtual hosts
>   with s->is_virtual == 2?

No. We have it check all of them, because it's possible that someone
might change part of their DNS entries, meaning to use the Host-header
form of virtual host, but the server might think that it is still
using a seperate IP address. Furthermore, if the "main" server IP is
actually a virtual interface, this could result in mass
confusion. Therefore we check all virtual hosts.

>   ( <VirtualHost *:443> uses is_virtual == 1  )
> - if a virtual host want's to match a specific port,
>   shouldn't check_hostalias ignore connections
>   to a different port

I believe it does. As you say...

> - what the reason for the atoi(r->hostname) != r->server->port)
>   check in check_hostalias?

To do as you say, only match connections to the port that the server
is running on (which should be in r->server->port). There may be
several concerns here:

* the getword() call on line 350 of http_protocol.c (or thereabouts)
will pull the actual hostname out of r->hostname and put it into
host. Now r->hostname will contain only the port number (if there is

* It's possible that the code that lets you do VirtualHost host:port
does not appropriately set r->server->port. This could cause your

* More likely, though, I'd suspect that it's entirely possible that
whatever browser you are using will not send a port number for SSL
requests on the default port (443), which is acceptable according to
the HTTP/1.1 specification for the Host: header. Unfortunately, Apache
does not know how to handle SSL internally, and does not realize that
it is an SSL request on port 443, not a HTTP request on port
80. Therefore, it thinks (since there is no port number) that it is
appropriate to use the virtual host in question.

Hopefully, this will answer concerns that you might have. We'll look
into fixing the problems you describe for the next beta release.

Thanks for using Apache!

Alexei Kosut <>      The Apache HTTP Server
      "War does not determine who is right, only who is left."

View raw message