https://issues.apache.org/bugzilla/show_bug.cgi?id=50388
Summary: DNS stealing example might be wrong
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: docs@httpd.apache.org
ReportedBy: calestyo@scientia.net
Hi.
Here http://httpd.apache.org/docs/2.2/dns-caveats.html#denial you describe an
example how traffic to a vhost could be stolen by another one (on the same
server).
In the example it's def.com with control over the domainname, which is the
_second_ vhost definition.
As far as I understood the vhost matching process and as my examples showed,
the first vhost is always used if multiple would match (in both cases IP and
name based).
So that the stealing really works (for def.com) the vhosts woul need to be
swapped:
<VirtualHost www.def.dom>
ServerAdmin webguy@def.dom
DocumentRoot /www/def
</VirtualHost>
<VirtualHost www.abc.dom>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>
Or don't I see something?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
|