Return-Path: 
 <users-return-105473-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1BF65D250
	for <apmail-httpd-users-archive@www.apache.org>;
 Wed, 12 Dec 2012 11:00:31 +0000 (UTC)
Received: (qmail 88183 invoked by uid 500); 12 Dec 2012 11:00:28 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 88131 invoked by uid 500); 12 Dec 2012 11:00:27 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 88106 invoked by uid 99); 12 Dec 2012 11:00:27 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 11:00:27 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of tevans.uk@googlemail.com
 designates 209.85.212.45 as permitted sender)
Received: from [209.85.212.45] (HELO mail-vb0-f45.google.com) (209.85.212.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 11:00:19 +0000
Received: by mail-vb0-f45.google.com with SMTP id p1so577541vbi.18
        for <users@httpd.apache.org>; Wed, 12 Dec 2012 02:59:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=fc2lMzFtJt5bnqNp5hXN3Uah2huaiKShYeWQ8ddtDI0=;
        b=g4ymbXpsh1Rsi5R7WCHIF4KRzJh5FuL9cnH91gewOUhc+usmnVxzLO+5ieddRsLoIh
         35CvfDsqZUrRCtxXOdEelSKUgBsY1v9BKbCAc0ImZ3KHsHXrq/nEvK3xXbvPHe8+Cvrs
         cyPav9s0MBum8g1V2vDPXNeuUUQXBt+nw5RETGl42b8GY8JoOMjFq0NH3WS2h5F0E9Sv
         9avKW88AP0wut8m1QN9YN1NAhx/ZFZO7I0/AkMFZM6kiAvsvTqrgvk+vc5Xwe2ThR/Uw
         9v2O6d0YBeJ4WwBFPJCmSny3TALdyCC/SZvZMvpcwE6xpxEBGOfpBuHknaZS8B8eD+tm
         sMtg==
MIME-Version: 1.0
Received: by 10.52.240.165 with SMTP id wb5mr252024vdc.102.1355309998454; Wed,
 12 Dec 2012 02:59:58 -0800 (PST)
Received: by 10.58.233.39 with HTTP; Wed, 12 Dec 2012 02:59:58 -0800 (PST)
In-Reply-To: <BLU0-SMTP31373E976E2AF14F9D5EB47A24F0@phx.gbl>
References: <SNT120-W417FFD8A3F79F5C354A6C7A2450@phx.gbl>
	<CAFHbX1LK9a=AwD-SFD_to6rEu1Un=aUmUpUjKkmMAcaDh_wAMA@mail.gmail.com>
	<BLU0-SMTP31373E976E2AF14F9D5EB47A24F0@phx.gbl>
Date: Wed, 12 Dec 2012 10:59:58 +0000
Message-ID: 
 <CAFHbX1JovTZXBdwh-9NYMJjchA-3YSEFV5sr=30a1ZhXh=+8QQ@mail.gmail.com>
From: Tom Evans <tevans.uk@googlemail.com>
To: users@httpd.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] VirtualHosts on different ports and trying a
 non-response when asking to a non-allowed service.

On Wed, Dec 12, 2012 at 9:30 AM, Jos=C3=A9 Francisco =C3=81lvarez Aguilar
<pepinsoftware@hotmail.com> wrote:
> Yes, www1.example.com, www2.example.com and wwwsecure.example.com all
> resolve to the same IP.
> So, due to your explanation, I can't have different behaviour for this 3
> virtualhosts without using different certificates or without using SNI.
> But there's one thing I don't understand: if we use "virtualhost", that i=
s
> because we would like to "emulate" that there are three (or more) hosts. =
So
> if we use real hosts with different IPs... it would work... so the
> "virtualhost" directive doesn't do what it supposed it should do: emulate
> three different hosts... am I wrong?
>
> Thank you very much.

It "works" just fine, you are just not understanding what is necessary
for it to work.

VirtualHost uses the Host header supplied in the request to best
determine the website to route the request to.

In order to read headers in an SSL request you need to decrypt the
encrypted request.

In order to decrypt the request, you need to know what key was used to
encrypt the request, which depends upon which host name the request
was sent to,

Apache cannot work this out, and so uses the configuration from the
default vhost for that IP/port combo. If this certificate matches,
then the request works, and it can use the Host header to route the
request to the appropriate vhost.

Therefore, if you can setup your vhosts so they share the same SSL
certificates - either using wildcard certificates, or using
subjectAltName certificates - then they can share the same IP.

If you can't do this, then they can't share the same IP. This is not a
limitation of Apache.

Cheers

Tom

If you can setup your site.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org