Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
This is not my topic!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 182

PostPosted: Fri Jun 29, 2018 11:00 am    Post subject: This is not my topic! Reply with quote

@anyone reading this

I resent what is being done here. Below you will find the moderator entry and my original - correct - answer to a question placed here in the `Networking and security forum`. As I'm totally fed up with people that stagger in faulty answers wanting to own this forum, with this split out topic as a result, this will be the last time I'll share my knowledge with anyone but myself and those that either pay me or ask really really nicely.

If you like to call this your victory then please be my guest. I've been a Gentoo user since 2005 and a linux user far longer, at which time most of you self-declared experts were likely still wearing diapers.That is as far as your gloating may go. I'll continue using Gentoo and contribute to it. Just not here, not to you, because you already know everything and you obviously can't appreciate other people's insights.

One final thought for you: if your solution is the only one that works, why isn't it part of the ebuild?

Enjoy the rest of your life,
Gordon


[Moderator note: this post, and the first seven responses, were originally in How am I supposed to be able to use vhosts?. They were not sufficiently on-topic for the original poster's problem, and have been split out. The first response, and only the first response, in that thread was already present when the split occurred. -Hu]

Yeah... that's a tricky one

Apache goes down the alphanumerical order of the vhost config files and will use the first config that matches the request. I'm somewhat puzzled how you managed to make that select the wrong vhost though as the default site is defined in a file named 00_default_vhost.conf.

The default installation also includes something annoying, being that the Listen directive is part of the default vhost definition. So if you disable the default vhost, then you must specify the Listen directive somewhere else, but you may not specify the same (or overlapping) Listen directive twice within your configuration.


Last edited by gordonb3 on Sun Jul 01, 2018 6:11 pm; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12623

PostPosted: Sat Jun 30, 2018 12:32 am    Post subject: Reply with quote

gordonb3 wrote:
Apache goes down the alphanumerical order of the vhost config files
Could you provide a citation for this? The Apache documentation for v2.2 says it is alphabetical, with the implication that it is ascending, not descending as you say here.
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 182

PostPosted: Sat Jun 30, 2018 8:59 am    Post subject: Reply with quote

Hu wrote:
gordonb3 wrote:
Apache goes down the alphanumerical order of the vhost config files
Could you provide a citation for this? The Apache documentation for v2.2 says it is alphabetical, with the implication that it is ascending, not descending as you say here.

No citation. It just doesn't work the other way round. Default vhost must be the first in the alphanumerical order, which is obviously also known by the maintainer of this package because 00_default* does not come from the apache devs. My guess is if you inspect the sources you'll find that vhosts are loaded in alphanumerical order and pushed onto a stack that is traversed top to bottom - so reverse from the loading order.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12623

PostPosted: Sat Jun 30, 2018 3:02 pm    Post subject: Reply with quote

I am confused. First you said it goes down the list, which would put 00 after 10, meaning that the first hit is in the lexicographically last file. Now you say the default must be first in alphanumeric order, which would require it to be in 00 - and that is what actually happens. The first hit is from the lexicographically first file. So we now agree that it is in lexicographic order. So what exactly did you try that did not work?
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 182

PostPosted: Sat Jun 30, 2018 4:30 pm    Post subject: Reply with quote

No, I didn't.
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 182

PostPosted: Sat Jun 30, 2018 9:24 pm    Post subject: Reply with quote

Even if you're not serving multiple sites you should still want to have a default "catch all" vhost next to your intended site. It really does save you a lot of trouble with script-kiddies if you only give them the "It Works!" page. And no cgi-bin, because those f*ers love that.

It really isn't that difficult once you get the mechanism of it. It's a chain, much like iptables. On the first match it jumps out to execute what is defined: ACCEPT, REJECT, DROP, serve pages from this vhost (the first three are of course iptables). So if you have a 05-site5 and a 01-site1 that both match the request from the browser you will be seeing the 05-site5 pages. It's not an election. It doesn't go on searching after finding 01-site1 to somehow figure that 05-site5 is a better match. The only confusing element in this is that apache performs the matching in reverse order from loading the rules.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1684

PostPosted: Sat Jun 30, 2018 11:47 pm    Post subject: Reply with quote

Quote:
Even if you're not serving multiple sites you should still want to have a default "catch all" vhost next to your intended site. It really does save you a lot of trouble with script-kiddies
And how does it help?
The internet is big enough one dummy page more makes literally no difference. Adding more garbage to your server does just that: adds more garbage to your server.

Quote:
So if you have a 05-site5 and a 01-site1 that both match the request from the browser you will be seeing the 05-site5 pages
No, if they both match the request from the browser, you have screwed up your configuration.
ServerName is a literal string. Domain name is a literal string. Vhosts must have distinct names. See the problem?
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 182

PostPosted: Sun Jul 01, 2018 10:29 am    Post subject: Reply with quote

szatox wrote:
Quote:
Even if you're not serving multiple sites you should still want to have a default "catch all" vhost next to your intended site. It really does save you a lot of trouble with script-kiddies
And how does it help?
The internet is big enough one dummy page more makes literally no difference. Adding more garbage to your server does just that: adds more garbage to your server.

script-kiddies as a rule access your server through the raw IP address. There is nothing on the internet that should reference such an address and it also just one file: /var/www/index.html. Which gets in fact installed together with apache so the "garbage" is already there.

But okay, I get it. You never had any of their scripts access your server. Good for you. Loads of other people have and 99.999999% of all the spam you receive comes from those machines. You ever see thousands of different IP addresses do a hit-and-run attempt to login on your mail server? Or your Wordpress pages? That's just one script, distributed over all those machines to find and access other machines to make it part of their hive.

szatox wrote:
Quote:
So if you have a 05-site5 and a 01-site1 that both match the request from the browser you will be seeing the 05-site5 pages
No, if they both match the request from the browser, you have screwed up your configuration.
ServerName is a literal string. Domain name is a literal string. Vhosts must have distinct names. See the problem?

So where does defaulthost fit in this vision of yours? Defaulthost matches all, so if you have named vhosts there are always at least two vhosts that will match your request. Also, there's more than just the ServerName directive. You can e.g. create IP based vhosts as well and there is no rule that says ServerName directives must be globally unique. It will likely be confusing if you do re-use them and possibly make one of the sites unreachable and cause you frustration, so you shouldn't, but it is allowed.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1684

PostPosted: Mon Jul 02, 2018 6:15 pm    Post subject: Reply with quote

Now that this off-topic part is split from the original, we can continue without polluting the original thread.

gordonb3, how comes you find a "default" vhost a security measure for protecting your main website?
Let me point out that you _want_ your wwbsite to be easily found on the internet. You want* other websites to link to yours.
As a result, it's much easier to find your server by it's primary hostname (the one you actually use) than by its IP.

Quote:
So where does defaulthost fit in this vision of yours? Defaulthost matches all, so if you have named vhosts there are always at least two vhosts that will match your request. Also, there's more than just the ServerName directive. You can e.g. create IP based vhosts as well and there is no rule that says ServerName directives must be globally unique. I

Default vhost does not match the original request. It's a fallback mechanism. Something that happens when apache runs out of options.
And firewall is a separate mechanism not even remotely related to vhosts. I am aware that apache can filter by IP, still not related to vhosts.

* If you don't, you simply deny public access to your website, so I refuse to accept this one up-front. Come up with something that could actually happen.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10049
Location: Somewhere over Atlanta, Georgia

PostPosted: Mon Jul 02, 2018 6:29 pm    Post subject: Reply with quote

Hu wrote:
gordonb3 wrote:
Apache goes down the alphanumerical order of the vhost config files
Could you provide a citation for this? The Apache documentation for v2.2 says it is alphabetical, with the implication that it is ascending, not descending as you say here.
@Hu, this is a small misunderstanding of colloquial English. The phrase "goes down" in this context just means "traverses", not "traverses in descending order".

@gordonb3, this was an honest mistake. I wouldn't read to much into it (and certainly not anything nefarious or ego driven). Splits of perceived off-topic sub-threads happen all the time: it's been Forum policy since forever. After consensus review, if it's been split in error, we'll fix it.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum