virtual host port 443

im sure this question has been asked before, but i looked around and i
cannot find anything... so here goes,

i have one virtualhost set up to use port 443, but for some reason if you go
to any of the virtualhost set up on port 80, via https it defaults to the
one host set up on port 443.

config:

Listen 1.2.3.4:80
NameVirtualHost 1.2.3.4:80


ServerAdmin blah@blah
DocumentRoot /home/httpd/html
ServerName www.blah.blah
ErrorLog logs/blah-error_log
TransferLog logs/blah-access_log

AllowOverride AuthConfig
Options Indexes Includes ExecCGI
Order allow,deny
Allow from all





Listen 1.2.3.4:443


ServerAdmin webmaster@otherdomain
DocumentRoot /www/lotherdomain
ServerName www.otherdomain.net
ServerAlias otherdomain.net *.otherdomain.net
ErrorLog /var/log/httpd/secure-otherdomain-errlog
TransferLog /var/log/httpd/secure-otherdomain-access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
AddType text/html .shtml .html
AddHandler server-parsed .shtml .html

Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride AuthConfig
Order allow,deny
Allow from all



thanks ann
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: virtual host port 443

ann wallace wrote:
> im sure this question has been asked before, but i looked around and i
> cannot find anything... so here goes,
>
> i have one virtualhost set up to use port 443, but for some reason if you go
> to any of the virtualhost set up on port 80, via https it defaults to the
> one host set up on port 443.
>
> config:
>
> Listen 1.2.3.4:80
> NameVirtualHost 1.2.3.4:80
>
>
> ServerAdmin blah@blah
> DocumentRoot /home/httpd/html
> ServerName www.blah.blah
> ErrorLog logs/blah-error_log
> TransferLog logs/blah-access_log
>
> AllowOverride AuthConfig
> Options Indexes Includes ExecCGI
> Order allow,deny
> Allow from all
>
>
>
>
>
> Listen 1.2.3.4:443
>
>
> ServerAdmin webmaster@otherdomain
> DocumentRoot /www/lotherdomain
> ServerName www.otherdomain.net
> ServerAlias otherdomain.net *.otherdomain.net
> ErrorLog /var/log/httpd/secure-otherdomain-errlog
> TransferLog /var/log/httpd/secure-otherdomain-access_log
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
> AddType text/html .shtml .html
> AddHandler server-parsed .shtml .html
>
> Options Indexes Includes FollowSymLinks ExecCGI
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
>
>
>
> thanks ann
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

ann,

Requesting https means 'use port 443'.

That is consistent with your results, though it may not be consistent
with your intent.

I am sorry, but I do not have the experience to know how to achieve what
you want, however I will give the limited insight that I have aquired...

I have been able to specify ports explicitly in the url to override the
http or https, but when left to figure it out my servers (the browsers)
obey the rules.

http = 80
https = 443

I have specifically set a server to listen to

http = 1046
https = 1047

But, in order to make this work as expected I need to pass the port on
the url. I have noticed that different browsers behave differently to
not specifying the port. In some cases typing the url to a server
listening on a non-standard port will result in complete failure (by not
providing the http part)

http://my.domain.org:1046
https://my.domain.org:1047

It may be that there is more than one derived valued from the terms,
'http' and 'https'.

I think (but wait to be corrected) that you must maintain the separation
of function between your secure and non-secure servers so that http and
https behave naturally.

That is ... the server that is listening on port 80 is non-secure and
will respond to requests from 'http' while your server listening on port
443 will be secure and will respond to requests from 'https'.

However, I don't think this precludes your ability to specify ports and
thus force http or https on different port values.

I do not know if this will help you and I invite someone to correct me
for the benefit of us both.

chris


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: virtual host port 443

Amazing words from hunter(theantigod):
:) ann wallace wrote:
:) > im sure this question has been asked before, but i looked around and i
:) > cannot find anything... so here goes,
:) >
:) > i have one virtualhost set up to use port 443, but for some reason if you go
:) > to any of the virtualhost set up on port 80, via https it defaults to the
:) > one host set up on port 443.
:) >
:) > config:
:) >
:) > Listen 1.2.3.4:80
:) > NameVirtualHost 1.2.3.4:80
:) >
:) >
:) > ServerAdmin blah@blah
:) > DocumentRoot /home/httpd/html
:) > ServerName www.blah.blah
:) > ErrorLog logs/blah-error_log
:) > TransferLog logs/blah-access_log
:) >
:) > AllowOverride AuthConfig
:) > Options Indexes Includes ExecCGI
:) > Order allow,deny
:) > Allow from all
:) >
:) >
:) >
:) >
:) >
:) > Listen 1.2.3.4:443
:) >
:) >
:) > ServerAdmin webmaster@otherdomain
:) > DocumentRoot /www/lotherdomain
:) > ServerName www.otherdomain.net
:) > ServerAlias otherdomain.net *.otherdomain.net
:) > ErrorLog /var/log/httpd/secure-otherdomain-errlog
:) > TransferLog /var/log/httpd/secure-otherdomain-access_log
:) > SSLEngine on
:) > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
:) > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
:) > AddType text/html .shtml .html
:) > AddHandler server-parsed .shtml .html
:) >
:) > Options Indexes Includes FollowSymLinks ExecCGI
:) > AllowOverride AuthConfig
:) > Order allow,deny
:) > Allow from all
:) >
:) >
:) >
:) > thanks ann
:) > ____________________________________________________________ __________
:) > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
:) > User Support Mailing List modssl-users@modssl.org
:) > Automated List Manager majordomo@modssl.org
:) >
:)
:) ann,
:)
:) Requesting https means 'use port 443'.
:)
:) That is consistent with your results, though it may not be consistent
:) with your intent.
:)
:) I am sorry, but I do not have the experience to know how to achieve what
:) you want, however I will give the limited insight that I have aquired...
:)
:) I have been able to specify ports explicitly in the url to override the
:) http or https, but when left to figure it out my servers (the browsers)
:) obey the rules.
:)
:) http = 80
:) https = 443
:)
:) I have specifically set a server to listen to
:)
:) http = 1046
:) https = 1047
:)
:) But, in order to make this work as expected I need to pass the port on
:) the url. I have noticed that different browsers behave differently to
:) not specifying the port. In some cases typing the url to a server
:) listening on a non-standard port will result in complete failure (by not
:) providing the http part)
:)
:) http://my.domain.org:1046
:) https://my.domain.org:1047
:)
:) It may be that there is more than one derived valued from the terms,
:) 'http' and 'https'.
:)
:) I think (but wait to be corrected) that you must maintain the separation
:) of function between your secure and non-secure servers so that http and
:) https behave naturally.
:)
:) That is ... the server that is listening on port 80 is non-secure and
:) will respond to requests from 'http' while your server listening on port
:) 443 will be secure and will respond to requests from 'https'.
:)
:) However, I don't think this precludes your ability to specify ports and
:) thus force http or https on different port values.
:)
:) I do not know if this will help you and I invite someone to correct me
:) for the benefit of us both.
:)
:) chris
:)
:)

i understand what you are saying and i prob should of phrased my email
differently. i have http/https working fine, but the problem is i only have
1 https client and a lot of http clients. but if someone accidently types
https for an http client it brings up the one https web page. if a client
isn't configured for https and someone tries to use https i would assume you
should get a network error message.

thanks ann
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: virtual host port 443

On Fri, 19 Jul 2002 09:45:23 -0700
ann wallace wrote:

> Amazing words from hunter(theantigod):
> :) ann wallace wrote:
> :) > im sure this question has been asked before, but i looked around and i
> :) > cannot find anything... so here goes,
> :) >
> :) > i have one virtualhost set up to use port 443, but for some reason if you go
> :) > to any of the virtualhost set up on port 80, via https it defaults to the
> :) > one host set up on port 443.
> :) >
> :) > config:
> :) >
> :) > Listen 1.2.3.4:80
> :) > NameVirtualHost 1.2.3.4:80
> :) >
> :) >
> :) > ServerAdmin blah@blah
> :) > DocumentRoot /home/httpd/html
> :) > ServerName www.blah.blah
> :) > ErrorLog logs/blah-error_log
> :) > TransferLog logs/blah-access_log
> :) >
> :) > AllowOverride AuthConfig
> :) > Options Indexes Includes ExecCGI
> :) > Order allow,deny
> :) > Allow from all
> :) >
> :) >
> :) >
> :) >
> :) >
> :) > Listen 1.2.3.4:443
> :) >
> :) >
> :) > ServerAdmin webmaster@otherdomain
> :) > DocumentRoot /www/lotherdomain
> :) > ServerName www.otherdomain.net
> :) > ServerAlias otherdomain.net *.otherdomain.net
> :) > ErrorLog /var/log/httpd/secure-otherdomain-errlog
> :) > TransferLog /var/log/httpd/secure-otherdomain-access_log
> :) > SSLEngine on
> :) > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.otherdomain.net.crt
> :) > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key
> :) > AddType text/html .shtml .html
> :) > AddHandler server-parsed .shtml .html
> :) >
> :) > Options Indexes Includes FollowSymLinks ExecCGI
> :) > AllowOverride AuthConfig
> :) > Order allow,deny
> :) > Allow from all
> :) >
> :) >
> :) >
> :) > thanks ann
> :) > ____________________________________________________________ __________
> :) > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> :) > User Support Mailing List modssl-users@modssl.org
> :) > Automated List Manager majordomo@modssl.org
> :) >
> :)
> :) ann,
> :)
> :) Requesting https means 'use port 443'.
> :)
> :) That is consistent with your results, though it may not be consistent
> :) with your intent.
> :)
> :) I am sorry, but I do not have the experience to know how to achieve what
> :) you want, however I will give the limited insight that I have aquired...
> :)
> :) I have been able to specify ports explicitly in the url to override the
> :) http or https, but when left to figure it out my servers (the browsers)
> :) obey the rules.
> :)
> :) http = 80
> :) https = 443
> :)
> :) I have specifically set a server to listen to
> :)
> :) http = 1046
> :) https = 1047
> :)
> :) But, in order to make this work as expected I need to pass the port on
> :) the url. I have noticed that different browsers behave differently to
> :) not specifying the port. In some cases typing the url to a server
> :) listening on a non-standard port will result in complete failure (by not
> :) providing the http part)
> :)
> :) http://my.domain.org:1046
> :) https://my.domain.org:1047
> :)
> :) It may be that there is more than one derived valued from the terms,
> :) 'http' and 'https'.
> :)
> :) I think (but wait to be corrected) that you must maintain the separation
> :) of function between your secure and non-secure servers so that http and
> :) https behave naturally.
> :)
> :) That is ... the server that is listening on port 80 is non-secure and
> :) will respond to requests from 'http' while your server listening on port
> :) 443 will be secure and will respond to requests from 'https'.
> :)
> :) However, I don't think this precludes your ability to specify ports and
> :) thus force http or https on different port values.
> :)
> :) I do not know if this will help you and I invite someone to correct me
> :) for the benefit of us both.
> :)
> :) chris
> :)
> :)
>
> i understand what you are saying and i prob should of phrased my email
> differently. i have http/https working fine, but the problem is i only have
> 1 https client and a lot of http clients. but if someone accidently types
> https for an http client it brings up the one https web page. if a client
> isn't configured for https and someone tries to use https i would assume you
> should get a network error message.
>
> thanks ann

I assume you are using name based hosts on a single IP for HTTP.

Unfortunately since HTTPS is one-site-per-IP only (rather than virtual
name hosts), it will respond on that IP regardless of the DNS domain
name supplied to it.

There is an unofficial hack which can allow name-based virtual hosts,
but it obviously isn't something you'd want to use in a production
environment.

Regards,

L

--
Louis Sabet
http://www.webtedium.com/


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: virtual host port 443

Amazing words from Louis Sabet(louis):
:) > i understand what you are saying and i prob should of phrased my email
:) > differently. i have http/https working fine, but the problem is i only have
:) > 1 https client and a lot of http clients. but if someone accidently types
:) > https for an http client it brings up the one https web page. if a client
:) > isn't configured for https and someone tries to use https i would assume you
:) > should get a network error message.
:) >
:) > thanks ann
:)
:) I assume you are using name based hosts on a single IP for HTTP.
:)
:) Unfortunately since HTTPS is one-site-per-IP only (rather than virtual
:) name hosts), it will respond on that IP regardless of the DNS domain
:) name supplied to it.
:)
:) There is an unofficial hack which can allow name-based virtual hosts,
:) but it obviously isn't something you'd want to use in a production
:) environment.
:)
:) Regards,
:)
:) L
:)

yea i an using the same ip address. thanks for the info.

cheers..

ann
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: virtual host port 443

>From: ann wallace [mailto:anners@allevil.net]
>
>i have one virtualhost set up to use port 443, but for some
>reason if you go
>to any of the virtualhost set up on port 80, via https it
>defaults to the
>one host set up on port 443.

Of course it does. Your statement:

"if you go to any of the virtualhost set up on port 80, via https"

is mistaken. If you say "https://www.blah.blah/" then the browser will assume port 443 because you said "https". At this stage, the browser doesn't yet know that the server has a virtual host on port 80 called "www.blah.blah". So it makes a request to the server ip address on port 443 and so you get the SSL site.

The problem is that your statement isn't true. You could actually do what you say by entering https://www.blah.blah:80/ in your browser. Now your browser will try to establish an SSL connection on port 80. This will fail with a server error because your server does not speak SSL on that port.

rgds,

Owen Boyle
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org