httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50388] New: DNS stealing example might be wrong
Date Tue, 30 Nov 2010 21:33:19 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50388

           Summary: DNS stealing example might be wrong
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: docs@httpd.apache.org
        ReportedBy: calestyo@scientia.net


Hi.

Here http://httpd.apache.org/docs/2.2/dns-caveats.html#denial you describe an
example how traffic to a vhost could be stolen by another one (on the same
server).

In the example it's def.com with control over the domainname, which is the
_second_ vhost definition.
As far as I understood the vhost matching process and as my examples showed,
the first vhost is always used if multiple would match (in both cases IP and
name based).

So that the stealing really works (for def.com) the vhosts woul need to be
swapped:
<VirtualHost www.def.dom>
ServerAdmin webguy@def.dom
DocumentRoot /www/def
</VirtualHost> 

<VirtualHost www.abc.dom>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>


Or don't I see something?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message