teh fear

Posted in apache by: meh
No Comments

08 Oct

apache virtual host

People often get confused as to how Virtual hosts in apache work, here’s an explanation from my understanding…

Firstly each <VirtualHost XXX> entry requires (unless there is only one virtual host) a corresponding NameVirtualHost XXX entry.

The XXX is effectively what IP address and port apache should be listening on for this set of virtual hosts.

For a lot of people this may just be ‘*’ – every IP and any port that apache is listening on.
If you are running on more than one port (http and https would be different ports) then you will probably want to specify a port too… ‘*:80′ would specify all IP addresses and port 80.

NOTE: apache will need to be listening on this port – see the apache directives for Listen (and possibly BindAddress and Port).

If like me, you have a machine with multiple IP addresses with certain sites on certain IP addresses, you may have something like this:

NameVirtualHost 10.1.1.1:80
<VirtualHost 10.1.1.1:80>
ServerName dummy
DocumentRoot /var/www/blank
</VirtualHost>
 
<VirtualHost 10.1.1.1:80>
ServerName www.site1.com
DocumentRoot /var/www/blank
</VirtualHost>
 
<VirtualHost 10.1.1.1:80>
ServerName www.site2.com
DocumentRoot /var/www/blank
</VirtualHost>
 
NameVirtualHost 10.1.1.2:80
<VirtualHost 10.1.1.2:80>
ServerName dummy
DocumentRoot /var/www/blank
</VirtualHost>
 
<VirtualHost 10.1.1.2:80>
ServerName www.site3.com
DocumentRoot /var/www/site3
</VirtualHost>
 
<VirtualHost 10.1.1.2:80>
ServerName www.site4.com
DocumentRoot /var/www/site4
</VirtualHost>

These are by no means full examples, but they should give you a good idea – both www.site1.com and www.site2.com are served by the IP address of 10.1.1.1 while www.site3.com and www.site4.com are served by 10.1.1.2.

How does this work?
When someone makes a request for http://www.site2.com/ in their web browser, firstly the IP address of that name is looked up (in this case www.site2.com should resolve to 10.1.1.1, if it doesn’t then this will not work!)
Then a request for / at Host www.site2.com is sent to 10.1.1.1 on port 80 (being the default http port).

Apache knows from the NameVirtualHost entry that it has virtual hosts on that IP/port, and so it traverses its VirtualHosts entries for 10.1.1.1:80 to find a match in either ServerName or ServerAlias, in this case the first two (dummy and www.site1.com) do not match, but the third one does and so this is the site that is displayed.

if apache cannot determine which web server a request was destined for it will pick the first host in the list (in this case ‘dummy’).

What is the ‘dummy’ entry for? and why does it appear first in the list for each IP?

This is a small protection I like to use against bots/script kiddies checking my server for potential security holes – a lot of bots appear to scan web servers by IP address checking for files known to be vulnerable, if my first two entries were not there then these probes would be directed at www.site1.com and www.site2.com – by putting a blank site first in the list a request for http://10.1.1.1/anything will return a 404/403 error rather than any useful information.
This is not any use if someone probes directly to http://www.site1.com/ but, in my experience, the majority of probes are IP only.

«
»

Leave a Reply

© 2010 teh fear | Entries (RSS) and Comments (RSS)

Powered by Wordpress