Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 29 May 2006 08:25:56 +0200
Message-ID: 
 <FDD5D99066749040AF9098A720E989770377FD19@CIWMEXZSA0E.ex.ordersx.org>
Importance: normal
Priority: normal
Thread-Topic: [users@httpd] separate logs for aliases
thread-index: AcaC1IH9lP0S1GvySWGiT38FWOFX6wAEpgJg
From: "Boyle Owen" <Owen.Boyle@swx.com>
To: <users@httpd.apache.org>
Subject: RE: [users@httpd] separate logs for aliases

> -----Original Message-----
> From: Om [mailto:omprakash@effigent.net]=20
> Sent: Monday, May 29, 2006 5:53 AM
> To: users@httpd.apache.org
> Cc: shaibn@gmail.com
> Subject: Re: [users@httpd] separate logs for aliases
>=20
> Hi Shai,
> you can cross check once again in the apache2.2.2 manual.
> Check the Virtual hosts section.
> I read that.
> That configuration is working fine.

It depends on how you define "fine"... Your configuration "works" in =
that https://site1/ and https://site2/ will both lead to the correct =
site and https will be functional. However, if you look carefully, you =
will see that both sites are using the same certificate (namely, the =
cert from the first VH listed in the config - site1).

HTTPS requests to site1 or site2 look identical at the TCP/IP layer =
(they're just requests to 192.168.1.3:443 with no HTTP attributes =
accessible). Apache finds the first listening VH (which happens to be =
site1) and uses the cert from that VH to establish the HTTPS session. =
Once the session is open, apache can decrypt the HTTP request and so =
then sees the Host header. From then on, it can route the requests to =
the appropriate VH so everything *seems* to work.

I notice you are using private IPs (192.168.1.3) so maybe this is a LAN =
application and you don't really care about authentication. However, in =
the real world, this is no solution because you're using the wrong cert =
with site2 so have no authentication (your browser should flash an alert =
to this effect).

In real-world, commercial internet, authentication is every bit as =
important as encryption...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20


> Can you please implement that and check once.
>=20
> Thanks,
> Om.
> Shai wrote:
> > On 5/26/06, Brian Rectanus <brectanu@gmail.com> wrote:
> >> On 5/26/06, Shai <shaibn@gmail.com> wrote:
> >> > But everyone told me that each site needs its own IP or=20
> port to run on
> >> > when it comes to SSL....
> >>
> >> It does.  It is impossible to do name based vhosting w/SSL=20
> because of
> >> how SSL works.  SSL must negotiate before the HTTP Host=20
> header can be
> >> seen.  I don't even want to start that argument again ;)
> >
> > Don't start it, I already knew what I wanted to do. But do you know
> > what Om is talking about?
> >
> > Shai
> >
> >=20
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server=20
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
>=20
>=20
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP=20
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat =
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This e-mail is of a private and personal nature. It is not related to =
the exchange or business activities of the SWX Group. Le pr=E9sent =
e-mail est un message priv=E9 et personnel, sans rapport avec =
l'activit=E9 boursi=E8re du Groupe SWX.
=20
=20
This message is for the named person's use only. It may contain =
confidential, proprietary or legally privileged information. No =
confidentiality or privilege is waived or lost by any mistransmission. =
If you receive this message in error, please notify the sender urgently =
and then immediately delete the message and any copies of it from your =
system. Please also immediately destroy any hardcopies of the message. =
You must not, directly or indirectly, use, disclose, distribute, print, =
or copy any part of this message if you are not the intended recipient. =
The sender's company reserves the right to monitor all e-mail =
communications through their networks. Any views expressed in this =
message are those of the individual sender, except where the message =
states otherwise and the sender is authorised to state them to be the =
views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org