www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Bieringer ...@bieringer.de>
Subject general/8857: "listen <address>" without corresponding "virtual host" and also no "default virtual host" was routed to compiled-in docroot
Date Sun, 25 Nov 2001 21:41:03 GMT

>Number:         8857
>Category:       general
>Synopsis:       "listen <address>" without corresponding "virtual host" and also
no "default virtual host" was routed to compiled-in docroot
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun Nov 25 13:50:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     pb@bieringer.de
>Release:        1.3.14 and 2.0.28
>Organization:
apache
>Environment:
Red Hat Linux 6.2
>Description:
Looks like this is a historic behavior which can be become a security hole, if Apache config
is not really reviewed or proper defined.

Config: upper lines do not contain any listen or docroot

Listen 192.168.1.17:80
Listen 192.168.1.18:80
<VirtualHost 192.168.1.17:80>
    DocumentRoot /home/internet/testserver3/pub
</VirtualHost>
<VirtualHost 192.168.1.18:80>
    DocumentRoot /home/internet/testserver3/pub
</VirtualHost>

If second virtual host is disabled, a request to 192.168.1.18:80 is routed to compiled-in
docroot (in my case "/usr/htdocs/").

Means: if someone forgot to setup a "default virtual host" but has one listen address with
no correspondending "virtual host", compiled-in configuration is used.
>How-To-Repeat:
See description
>Fix:
Hmm, best way would be if any "virtual host" is active, the main will go inactive (e.g. report
an error 501 on connect) and must be explicitly reenabled as "default virtual host". Unfortunately,
this break many examples and rolled-out configurations.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message