httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] 2.4 named virtual hosts question
Date Mon, 12 Sep 2016 08:40:43 GMT
There has to be some configuration Apache will use if it cannot match 
any virtualhost; or, if no hostname is specified by client. You can make 
a configuration that denies access in this case, and put it before 
others. That's what I use:

> <VirtualHost *:80>
>     ServerName default
>
>     <Directory />
>         AllowOverride none
>         Order Allow,Deny
>         Require all denied
>     </Directory>
> </VirtualHost>
>
> SSLStrictSNIVHostCheck on
> <VirtualHost *:443>
>     ServerName default
>
>     SSLEngine on
>     SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
>     SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
>     <Directory />
>         AllowOverride none
>         Order Allow,Deny
>         Require all denied
>     </Directory>
> </VirtualHost>
Works great in pair with fail2ban ;)

--

With Best Regards,
Marat Khalili

On 12/09/16 04:43, Ronald F. Guilmette wrote:
> A simple question.  Sorry if this is an FAQ.
>
> I'm just bringing up a fresh VM system that I plan to move my small
> handful of web sites to.
>
> I'v so far managed to mostly get apache24 installed and configured.
> I've moved all of my web sites over to the new system, and it mostly
> all seems to be working, but I ran the "httpd -S" command to see
> if that would detect any goof-ups on my part.  (It did, but I already
> fixed those.)
>
> Now when I run "httpd -S" I am seeing in the output:
>
> ===============================================================================
> VirtualHost configuration:
> *:*                    is a NameVirtualHost
>           default server tristatelogic.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:40)
>           port * namevhost tristatelogic.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:40)
>                   alias www.tristatelogic.com
>           port * namevhost 47-usc-230c2.org (/usr/local/etc/apache24/extra/httpd-vhosts.conf:69)
>                   alias www.47-usc-230c2.org
>           port * namevhost sordid-details.com (/usr/local/etc/apache24/extra/httpd-vhosts.conf:94)
>                   alias www.sordid-details.com
> ...
> ===============================================================================
>
> I have three domains that I want to serve (as vhosts) from this newly
> installed server, and all three are mentioned above.  But the part I don't
> get (and don't really want) is all that stuff about a default (*:*)
> server/service.  How can I get rid of that while still providing service
> for my three vhosts?
>
> (Note:  People may say: "Oh, just leave it.  It isn't really any
> problem to just leave it."  But I'm paranoid about security, so I'm
> always inclined to minimize my attack surface as much as possible.)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message