Return-Path: X-Original-To: apmail-httpd-users-de-archive@www.apache.org Delivered-To: apmail-httpd-users-de-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 67EFB10462 for ; Tue, 7 Jan 2014 16:13:36 +0000 (UTC) Received: (qmail 3090 invoked by uid 500); 7 Jan 2014 16:13:35 -0000 Delivered-To: apmail-httpd-users-de-archive@httpd.apache.org Received: (qmail 2763 invoked by uid 500); 7 Jan 2014 16:13:34 -0000 Mailing-List: contact users-de-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: users-de@httpd.apache.org List-Id: Delivered-To: mailing list users-de@httpd.apache.org Received: (qmail 2753 invoked by uid 99); 7 Jan 2014 16:13:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Jan 2014 16:13:34 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of h.reindl@thelounge.net designates 91.118.73.15 as permitted sender) Received: from [91.118.73.15] (HELO mail.thelounge.net) (91.118.73.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Jan 2014 16:13:29 +0000 Received: from rh.thelounge.net (rh.thelounge.net [10.0.0.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3dzJXh62y6z2g for ; Tue, 7 Jan 2014 17:13:08 +0100 (CET) Message-ID: <52CC2794.8070404@thelounge.net> Date: Tue, 07 Jan 2014 17:13:08 +0100 From: Reindl Harald Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: users-de@httpd.apache.org Subject: Re: Name-based Virtual Hosts Default References: In-Reply-To: X-Enigmail-Version: 1.6 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KFa199ICQv8CrLiS3VxDsXbM4ntw19MFH" X-Virus-Checked: Checked by ClamAV on apache.org --KFa199ICQv8CrLiS3VxDsXbM4ntw19MFH Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 07.01.2014 17:04, schrieb Bjoern.Becker@easycash.de: > ich nutze mehrere namensbasierte vhosts auf einem apache 2.2 und m=F6ch= te verhindern das auch ein Zugriff mit der IP-Adresse/Port m=F6glich ist.= > Da ansonsten Zugriff auf den Webserver m=F6glich ist welcher normalerwe= ise nicht erlaubt ist, was einfach daran liegt das z.B. manche vhosts kei= nen DocumentRoot haben.=20 >=20 > Zun=E4chst dachte ich man k=F6nnte dies mit dem default-host abfangen, = das funktioniert aber nicht! Die einzige M=F6glichkeit die sehe ist per R= ewriteRule nach dem http_HOST abzufragen und dann weiterzuleiten. > Das bedeutet jedoch das ich das in jede vhost Datei eintragen m=FCsste.= Gibt es keine generelle L=F6sung?=20 mod_security SecRule REQUEST_HEADERS:Host "^[\d.:]+$" "id:'960017',block,msg:'Host hea= der is a numeric IP address'" --KFa199ICQv8CrLiS3VxDsXbM4ntw19MFH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLMJ5QACgkQhmBjz394AnndfgCfcO0gizg1rwUJ/JZnllfA7XF9 SO8AmwTv/mB3AzvQ7gVtE0heEoQT9Y9x =7zWm -----END PGP SIGNATURE----- --KFa199ICQv8CrLiS3VxDsXbM4ntw19MFH--