Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 76EF9200B8C for ; Mon, 12 Sep 2016 17:47:13 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 757E9160AB8; Mon, 12 Sep 2016 15:47:13 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BA5CD160AB2 for ; Mon, 12 Sep 2016 17:47:12 +0200 (CEST) Received: (qmail 38351 invoked by uid 500); 12 Sep 2016 15:47:11 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 38340 invoked by uid 99); 12 Sep 2016 15:47:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Sep 2016 15:47:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id E702FC0372 for ; Mon, 12 Sep 2016 15:47:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.801 X-Spam-Level: X-Spam-Status: No, score=-0.801 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=sevenval.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id wRTChzrJVfqs for ; Mon, 12 Sep 2016 15:47:06 +0000 (UTC) Received: from mail-oi0-f44.google.com (mail-oi0-f44.google.com [209.85.218.44]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 9A7205FCAF for ; Mon, 12 Sep 2016 15:47:06 +0000 (UTC) Received: by mail-oi0-f44.google.com with SMTP id m11so319630325oif.1 for ; Mon, 12 Sep 2016 08:47:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sevenval.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Khxyped8FS0fr+ZIEcFbaLXaIl1NqgvakTaFs/3TATk=; b=QRvExQarbOs6Zy3SE13PFvNMI770F4qKrOn8/O06CK5zbYnDDPa+CS7/0hLJMsQfbk g8WzzFN33tuTrVUOYHpbX3Yn7BfHIkj8R4WIfE/PyazOGCoxmXYVrgovaswMKoQ5CxEL kkjikrosk69ghWMB6bQ3Q4d21WbO/0Qh1noVE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Khxyped8FS0fr+ZIEcFbaLXaIl1NqgvakTaFs/3TATk=; b=Nc9qYQTnchi9/oB0/a6+LA3YNTGvZEMaPnKX1D5Lj4mdp+iG9Zz+tjYBywjXNtToG1 J37+gOqTHaNoCdY+s01LMyUPiFcUcRCxgr3aFTorRkZw50/XVMvdC9URDIw+0nVucZ6V ewpu/88uyf4+R/EzGeUfABO7//2awSKEOv8XQVCF3xNZvai/i+/xTkyCW060Rl5oSwUP S2Ur1AuZhNAm9L7Ghkjlb3pqEiL7+b3hPsRbCnCXs9RAhfAuxE8ZTuHKPoSF+YFgovP7 uUBLYCxCMTLMZM89lClKeFlIhmLZLZqEJ/dKAkzDPJtVtOqTcfWcdaDp7v+wVq5zvJr1 Jl2A== X-Gm-Message-State: AE9vXwM1zerYojNHpw9XJWXoj4Z60t/oUO00I5DeaEp1IcipVFbbB/+ZR07L2xK4Us9RmkuLihnoCPMpLQlI3Ug8 X-Received: by 10.202.221.198 with SMTP id u189mr24053143oig.149.1473695225877; Mon, 12 Sep 2016 08:47:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.128.196 with HTTP; Mon, 12 Sep 2016 08:47:05 -0700 (PDT) In-Reply-To: <06e19c2e-62a5-033d-9e13-b621abd032a8@rqc.ru> References: <52219.1473644635@server1.tristatelogic.com> <154cdb61-475d-b1d2-2ee5-5f1ba3eb548f@rqc.ru> <06e19c2e-62a5-033d-9e13-b621abd032a8@rqc.ru> From: Rainer Canavan Date: Mon, 12 Sep 2016 17:47:05 +0200 Message-ID: To: users@httpd.apache.org Content-Type: text/plain; charset=UTF-8 Subject: Re: [users@httpd] 2.4 named virtual hosts question archived-at: Mon, 12 Sep 2016 15:47:13 -0000 On Mon, Sep 12, 2016 at 3:21 PM, Marat Khalili wrote: > On 12/09/16 15:25, Rainer Canavan wrote: >> >> >> However, in this example, you'd add a virtualhost that may expose >> globally configured resources without the individual access controls of >> the "real" vhosts. On top of that, the additional vhost may not see any >> significant testing in case of configuration changes. > > I don't get it, can you please provide an example? IMO any additional vhosts > should not depend at all on what's inside this vhost. The obvious ones I can come up with would be Alias, ScriptAlias, FastCGIExternalServer, Action and RewriteRule. All those can be defined in the global context (i.e. outside of any vhost) and are valid for all vhosts. (for RewriteRule, that may require RewriteOptions Inherit), all others simply apply to all vhosts. >> Do _exactly_ that, e.g. with a RewriteRule to - and RewriteCond that >> checks the Host: header. > > You mean, outside any virtualhost? Why do you think it's better? Initial > problem was default virtualhost -- I want none. that's exaclty what I'm saying. A default vhost has the potential to add more problems than it can ever solve. [...] >> Overall I'd say that the negligible gain in >> perceived security isn't worth the effort or the additional risks >> (both regarding security and availability). > > Well, for one thing log messages from actual vhosts and from internet scans > are separated, this alone saves a lot of time. Finally, an actual, measurable benefit, although it only filters out the not-too-smart scanners. rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org