[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: [users@httpd] Re: Apache httpd does not respect the HTTP RFCs !
From: Carsten Wiedmann <carsten_sttgt () gmx ! de>
Date: 2009-11-30 20:10:59
Message-ID: hf18si$bgp$1 () ger ! gmane ! org
[Download RAW message or body]
Andr=E9 Warnier schrieb:
> But is is interesting to see how in the end, a document such as RFC2616=
> which is meant to "specify" a relatively strict set of rules, and of
> which I am sure the phrasing is examined carefully and repeatedly (it
> being after all a revision of an earlier document on the same topic),
> still leaves areas open to interpretation, or downright inconsistent.
> What is for example, in this case, a hostname which is /invalid/ on thi=
s
> host ?
> If the request reached this host, then it must be that for the DNS
> system, the hostname resolved to one of this physical host's IP
> addresses. In that sense, any HTTP request which reaches the host coul=
d
> be deemed to address a valid hostname.
Yes and no. It's always up to the server (or server admin) if it's accept=
ing
a given hostname or not. But if it's not accepting a hostname, it must
return a 400.
Well, there is no directive in Apache httpd to enable such strict hostnam=
e
tests and Apache is always accepting all hostnames and is routing this to=
the default (v)host. And that's the reason I'm always using the namebased=
vhosts from my last post. Even I normally only want have an ip-based vhos=
t
(or no vhosts at all).
BTW: If you want/must deal with IPs in the URIs, just add the IP for that=
vhost as ServerAlias to the first regular VirtualHost block.
Regarding DNS:
Well, a normal browser is asking a dns server for the IP, and then is
connecting to that IP and using the servername from the URI for the Host =
header.
Example:
URI: http://www.apache.org/ (nslookup: 192.87.106.226)
| telnet 192.87.106.226 80
| GET / HTTP/1.1
| Host: www.apache.org
|
That's what a normal browser is doing. Well, apache.org is also accepting=
all hostnames, and so the next example shows the same homapage:
URI: http://www.apache.org/ (nslookup: 192.87.106.226)
telnet 192.87.106.226 80
| GET / HTTP/1.1
| Host: www.microsoft.com
|
Well, I don't want that this happens on my servers, and with a namebased
vhost, a perl script and a rewriterule I have the behavior I want: an err=
or
400 in this case. Also Apache is now only accepting a defined
ServerName/ServerAlias, and not all requests which are possible with a
wildcard dns entry. But be careful with *.foo.com in ServerAlias.
Regards,
Carsten
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic