httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Multiple URLs / One Site
Date Tue, 27 Apr 2004 18:17:14 GMT

On Tue, 27 Apr 2004 trlists@clayst.com wrote:
> > There is one small caveat.  Occasionally apache needs to create
> > self-referential URLs.  For example, it sometimes needs to construct a
> > redirect pointing to itself.
>
> Out of curiosity, does it only do that when I do a redirect without
> specifying a full URL?  Or are there other conditions?

Yes.  The most common case is a trailing-slash redirect: When someone
requests a directory without the trailing slash, apache must redirect them
to the same URL with a trailing slash added.

Also, the server name is used in server-generated error documents and
things like that.

> > For that purpose, it can either use the configured ServerName, or it
> > can use whatever the client specified as the name it is looking at.
> > Since you want the latter, you'll want to set UseCanonicalName off
> > inside the VirtualHost section.
>
> I can do that, I read the docs on UseCanonicalName and they make sense.
> Are there any security implications to setting it Off?  I can't think
> of any, but wanted to double-check.

Nothing major.  You should just be sure not to rely on the SERVER_NAME
environment variable, since an attacker could specify whatever he wants
there.

> If I do it this way should I simply remove ServerName entirely?  Will
> it be used for anything at all with UseCanonicalName off?

I don't know, but you should just leave it in.  It won't hurt.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message