httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Apache shows code when using IP address
Date Mon, 09 Nov 2009 17:07:54 GMT
Tanner Bachman wrote:
> Hi Everyone, 
> 
> Forgive me if this seems like a stupid oversight on my part, but I've setup an Apache
2.2.x server with Resin and Railo for my ColdFusion site. This is all running on Ubuntu 9.04
Server. When I call the site by it's domain name, all is well. However, if I use the IP address
of the site, it just shows the ColdFusion code of my page. I know this is probably just a
simple config error on my part, but I'm stumped. I'm using virtual hosting like this: 
> 
> 
> NameVirtualHost x.x.x.x:80 (x.x.x.x being my IP address) 
> NameVirtualHost x.x.x.x:443 
> 
> # MYSITE.COM (NON-SSL) 
> <VirtualHost x.x.x.x:80> 
> ServerAdmin me@mysite.com 
> ServerName www.mysite.com 
> ServerAlias mysite.com 
> 
> DocumentRoot /var/www/mysite.com/www/ 
> 
> <Directory /var/www/mysite.com/www> 
> Options -Indexes FollowSymLinks 
> AllowOverride None 
> Order allow,deny 
> Allow from all 
> </Directory> 
> 
> </VirtualHost> 
> 
> # MYSITE.COM (SSL) 
> <VirtualHost x.x.x.x:443> 
> ServerAdmin me@mysite.com 
> ServerName www.mysite.com 
> ServerAlias mysite.com 
> 
> DocumentRoot /var/www/mysite.com/www/ 
> 
> <Directory /var/www/mysite.com/www> 
> Options -Indexes FollowSymLinks 
> AllowOverride None 
> Order allow,deny 
> Allow from all 
> </Directory> 
> 
In very summary (and you should *really* read the VirtualHost 
documentation on the Apache website) :

Within each listening port (above : 80 and 443), the first VirtualHost 
which you define (top to bottom) is also the *default* VirtualHost.
That means that, whichever way the browser establishes a connection to 
your server, Apache will use that default VirtualHost configuration, 
/unless/ it finds an exact match between the hostname requested, and one 
of the defined VirtualHost "ServerName" or "ServerAlias".

In other words, when you enter in your browser
http://(ip-address):80/
it will look at all VirtualHosts defined for port 80, trying to match 
(ip-address) with a ServerName or ServerAlias.
Since it does not find any, it will default to the first VirtualHost.

That is the first issue.
The second one is that in your configuration, you use the same 
DocumentRoot for both your VirtualHosts.
But the configuration of these hosts is different.
In other words, anyone can bypass whatever you put as directives in the 
second host, by adressing the first one.

Suggestion :
- define a new first VirtualHost :80, before the existing one for port 
80, and set its DocumentRoot to something harmless (create a directory 
with just a dummy page), and use that directory as DocumentRoot.
Give it a
ServerName www.mysite.default
(it does not matter which name, as long as it is not www.mysite.com).
This new host will then (by virtue of being the first one named) become 
the default host, and people will get that one when they input an IP 
address instead of the registered hostname.

Then let's take it from there.
But read the doc first. There is a special page dedicated to VirtualHosts.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message