httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From José Francisco Álvarez Aguilar <pepinsoftw...@hotmail.com>
Subject Re: [users@httpd] VirtualHosts on different ports and trying a non-response when asking to a non-allowed service.
Date Wed, 12 Dec 2012 11:43:56 GMT
2012/12/12 Tom Evans <tevans.uk@googlemail.com>

>  It "works" just fine, you are just not understanding what is necessary
> for it to work.
>
> VirtualHost uses the Host header supplied in the request to best
> determine the website to route the request to.
>
> In order to read headers in an SSL request you need to decrypt the
> encrypted request.
>
> In order to decrypt the request, you need to know what key was used to
> encrypt the request, which depends upon which host name the request
> was sent to,
>
> Apache cannot work this out, and so uses the configuration from the
> default vhost for that IP/port combo. If this certificate matches,
> then the request works, and it can use the Host header to route the
> request to the appropriate vhost.
>
> Therefore, if you can setup your vhosts so they share the same SSL
> certificates - either using wildcard certificates, or using
> subjectAltName certificates - then they can share the same IP.
>
> If you can't do this, then they can't share the same IP. This is not a
> limitation of Apache.
>
> Cheers
>
> Tom
>
> If you can setup your site.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
I understand what you mean. Maybe I did not explain myself properly. (using
a foreign language is always a barrier)


Just imagine we have 3 vhost redirected to 3 different machines everyone
with different IP. (it doesn't matter if it's using SSL or not).
If one of this three machine is switched off and apache receives a request
for that one.... it's supposed that the client should receive "Page not
found", isn't it? or apache will send the first vhost available? if so...
it shouldn't.

In the other hand, if we have a lonely apache server listening only on 443
and if someone sends a request to 80, receives "Page not found" because no
one is listening on 80. And viceversa: if a lonely server is listening on
80 and someone sends a request to 443, should receive "Page not found".

If we put together this two lonely machines throught vhost.... apache
*should behave transparently*, the way the client doesn't know how many
machines (real or virtual) are behind our service...

Do you understand what I am trying to explain?

Thank you very much for your time.

Mime
View raw message