Received: by taz.hyperreal.com (8.8.4/V2.0) id DAA15090;
 Sun, 16 Feb 1997 03:36:59 -0800 (PST)
Received: from twinlark.arctic.org by taz.hyperreal.com (8.8.4/V2.0) with SMTP
 id DAA15085; Sun, 16 Feb 1997 03:36:57 -0800 (PST)
Received: (qmail 2328 invoked by uid 500); 16 Feb 1997 11:37:09 -0000
Date: Sun, 16 Feb 1997 03:37:09 -0800 (PST)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@hyperreal.com
Subject: Re: server dies if one vhost can't be resolved
In-Reply-To: <Pine.BSF.3.95.970216005828.23557V-100000@alive.znep.com>
Message-ID: <Pine.LNX.3.95dg2.970216033417.1815D-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

Actually, see my rant about DNS and security from last year :)  It was
condensed into some notes in about using DNS for vhosts can be insecure... 
although it might not be in your setup.  Essentially the example I gave
was a website provider with customers A and B.  B does their own DNS.  If
the provider uses www.A.com and www.B.com in the <virtualhost> statement
then B can steal A's address depending on the ordering of the statements
simply by changing DNS.  This is facilitated by the fact that vhosts are
searched last to first. 

At any rate, I'm not sure what the two line fix would be... I guess you
could just stick 0.0.0.0 in as the address and assume it wouldn't ever
match it. 

Dean

On Sun, 16 Feb 1997, Marc Slemko wrote:

> Right now the entire server dies if one vhost can't be resolved.  This is
> very annoying.  Don't suppose anyone is up for a two line fix that
> magically makes things work?
> 
>