httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b...@kanka.de
Subject Re: [users@httpd] Alias-ed directory appears on multiple virtual hosts
Date Wed, 08 Dec 2010 13:33:48 GMT
Hello,

On 08.12.2010 14:13, Tom Evans wrote:
...
>> And the experienced user has seen these warnings often, so he regularly
>> clicked on "I understand the risks" and accepted the ssl session anyway -
>> and it's even wiser in most cases to do because mostly you're better off (in
>> web 2.0 services for example) with an encrypted transfer and non-secure
>> identity than with both non-secure...
>
> What 'experienced' (stupid?) users do is neither here nor there. I
> rarely trust self signed certs and would never accept a certificate
> for a host that isn't what it claims to be. Since 'experienced' users
> do do this sort of thing, don't give them an option to do so.

I don't give them this opportunity, neither do you and all the other 
responsible people on this ML.
The reality on the world wide web is different, and leads to users 
spontanously clicking "I understand the risk" even if it's not really true.

>>> The best way to avoid this problem is not dummy vhosts, it is to not
>>> serve multiple websites from the same IP ...
>>
>> In an ideal world, yes.
>> But in this world the number of available IPs is restricted, whereas the
>> quest for new domains seems endless.
>
> IPv4 addresses aren't exactly tricky to lay your hands on, despite the
> endless yearly warnings that IPv4 will run out in the next N years.

If you have a direct contract with the backbone provider, fine.
If your server has a rented place in a data center your IP range is normally 
restricted.

> If you have one SSL site, and many non SSL sites, you should host on 2
> distinct IPs, ...

I prefer to keep my few IPs for real SSL services instead of nicer-written 
configuration.

> ... The cost of
> obtaining a second IP is small compared to the brand cost of having
> badly served SSL sites.

My SSL and non-SSL sites are served perfectly now that I found the hack-around 
(with the help of this ML).
I'd just prefer that apache offered a more concise way to configure that.

/ Bernd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message