httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From José Francisco Álvarez Aguilar <pepinsoftw...@hotmail.com>
Subject Re: [users@httpd] VirtualHosts on different ports and trying a non-response when asking to a non-allowed service.
Date Wed, 12 Dec 2012 09:30:44 GMT
Yes, www1.example.com, www2.example.com and wwwsecure.example.com all
resolve to the same IP.
So, due to your explanation, I can't have different behaviour for this 3
virtualhosts without using different certificates or without using SNI.
But there's one thing I don't understand: if we use "virtualhost", that is
because we would like to "emulate" that there are three (or more) hosts. So
if we use real hosts with different IPs... it would work... so the
"virtualhost" directive doesn't do what it supposed it should do: emulate
three different hosts... am I wrong?

Thank you very much.

2012/12/10 Tom Evans <tevans.uk@googlemail.com>

> On Thu, Dec 6, 2012 at 7:59 PM, Pepe <pepinsoftware@hotmail.com> wrote:
> > I have an apache server with 3 virtual host (all DNS work already done):
> > http://www1.example.com --> listens on port 80
> > http://www2.example.com --> listens on port 80 with required user
> > authentication
> > https://wwwsecure.example.com --> listens on port 443
> > Everyone with different DocumentRoot.
> >
> > Everything working with "<VirtualHost>" directive
> >
> > I want that if someone types:
> > http://wwwsecure.example.com   (--> request to port 80)
> > the client do not receive any answer (like "page not found"). By now, the
> > client receives the first virtual host (http://www1.example.com).
> > And viceversa, if someone types:
> > https://www1.example.com (--> request to port 443) or
> > https://www2.example.com
> > I would like the client do not receive any answer.
> >
> > Is this possible?
> >
> > Thanks.
>
> If www1.example.com, www2.example.com and wwwsecure.example.com all
> resolve to the same IP then there is no way to provide different
> responses on www1 and www2 than on wwwsecure.
>
> There are a few caveats to that statement however:
>
> 1) If you can use the same certificate for all three sites - a
> wildcard certificate, or specifying the additional sites in
> subjectAltName in the certificate - then you can produce a different
> response after the SSL request has been decrypted. Keywords:
> "subjectAltName SSL httpd"
>
> 2) If you can use SNI - your server, SSL libraries and all clients
> support SNI - you can use name based virtual hosting. Keywords:"SNI
> SSL httpd"
>
> If you can't do either of those things, my original statement stands.
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

Mime
View raw message