httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Alias-ed directory appears on multiple virtual hosts
Date Wed, 08 Dec 2010 11:48:44 GMT
On Wed, Dec 8, 2010 at 11:13 AM,  <breg@kanka.de> wrote:
>
> Just to make it clear:
> What I perceived as a .. quirky behaviour of apache was that it did _not_
> throw an error when https://not-ssl-configured-domain.xx is requested.
> How to run several https domains with one IP was not my challenge.
>
> / Bernd
>
>

Until the incoming request has been received and decrypted, apache has
no clue that the domain requested was 'not-ssl-configured-domain.xx'.
That's kind of the point of SSL.

In order to decrypt the request, apache must handshake with the
client, passing certificates to the client indicating what the host
is. This happens before the client sends any information about the
request.

Apache determines which vhost to use to send certificates from based
on the ip:port, since no other information is available.

Because of this, if you have two hosts, www.hosta.com and
www.hostb.com, that resolve to the same IP address, and configure SSL
for www.hosta.com, then requesting www.hostb.com via SSL will connect
and handshake using certificates from www.hosta.com and serve data
from the www.hosta.com vhost.

It's not quirky, it's a direct consequence of how things work, and
without changing how SSL works it will always work that way.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message