On Jan 26, 2011, at 3:13 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 26 Jan 2011 12:56:01 -1000, Antonio Querubin said:
On Wed, 26 Jan 2011, Owen DeLong wrote:
Listen a.b.c.d:80 -> Listen 80 <Virtualhost a.b.c.d:80> -> <Virtualhost *:80>
That only works if you have only one address on the machine and.
Actually it works fine on machines with multiple IP addresses for both FreeBSD and CentOS. And IPv6 enabled servers can easily have multiple IPv6 addresses.
What Owen meant was that if you expect it to answer *only* for a.b.c.d:80, and *not* to answer for other addresses/interfaces, you may be in for a surprise (consider a DMZ host where you have:
outside world - 128.257.12.2 inside facing - 192.168.149.149
VirtualHost 198.168.149.149:80 # super-sekrit corporate internal site
Changing that VirtualHost to *:80 will probably cause some grief. ;)
Exactly... That is one of MANY examples of the kind of potential for abuse I was attempting to describe. Admittedly, if you put your Super-sekrit corporate internal site on a DMZ host, you arguably deserve what happens, but... Owen