stop apache/mod_ssl binding to all IP"s.

Hi,

I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.

The system has two IP's, and I only wish for apache to start on ports 80 and 443
on one of those IPs. I am using named based virtual hosting for many sites on
the system for http, and have just one virtual host setup for https on port 443.
The problem that I am having is that I cannot stop mod_ssl from binding to
port 443 on both the IP's on my system. I have tried every possible combination
of Listen, BindAddress, and Port, and have managed to prevent http from starting
on all IP's, but https still starts on all IPs. Is there any way to stop this?

Will I need to start two seperate servers, one serving http only, and one
serving https only? If I was to do this, I may as well go back to using
apache-ssl which is the default installation on debian anyway.

Thanks in advance

terry

--
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: stop apache/mod_ssl binding to all IP"s.

Hi Terry,

Perhaps your directives are being overridden in a "IfDefine SSL" or
"IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
have the following in your config ?

Listen my.ip.address:443
....
NameVirtualHost my.ip.address:443
....

....


Cheers,

Mark


On Thu, 6 Mar 2003, Terry Kerr wrote:

> Hi,
>
> I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>
> The system has two IP's, and I only wish for apache to start on ports 80 and 443
> on one of those IPs. I am using named based virtual hosting for many sites on
> the system for http, and have just one virtual host setup for https on port 443.
> The problem that I am having is that I cannot stop mod_ssl from binding to
> port 443 on both the IP's on my system. I have tried every possible combination
> of Listen, BindAddress, and Port, and have managed to prevent http from starting
> on all IP's, but https still starts on all IPs. Is there any way to stop this?
>
ddD> Will I need to start two seperate servers, one serving http only, and
one
> serving https only? If I was to do this, I may as well go back to using
> apache-ssl which is the default installation on debian anyway.
>
> Thanks in advance
>
> terry
>
> --
> Terry Kerr (terry@adroit.net)
> Adroit Internet Solutions (www.adroit.net)
> Phone: +61 3 9563 4461
> Fax: +61 3 9563 3856
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: stop apache/mod_ssl binding to all IP"s.

On Thu, 6 Mar 2003, Terry Kerr wrote:

> Hi,
>
> I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>
> The system has two IP's, and I only wish for apache to start on ports 80 and 443
> on one of those IPs. I am using named based virtual hosting for many sites on
> the system for http, and have just one virtual host setup for https on port 443.
> The problem that I am having is that I cannot stop mod_ssl from binding to
> port 443 on both the IP's on my system. I have tried every possible combination
> of Listen, BindAddress, and Port, and have managed to prevent http from starting
> on all IP's, but https still starts on all IPs. Is there any way to stop this?
>
> Will I need to start two seperate servers, one serving http only, and one
> serving https only? If I was to do this, I may as well go back to using
> apache-ssl which is the default installation on debian anyway.
>


add the IP address or FQDN to the port designation for the appropriate
listen paramater:


Listen someplace.com:80
Listen someplace.com:443



> Thanks in advance
>
> terry
>
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: stop apache/mod_ssl binding to all IP"s.

Mark,

Thanks for you suggestion, but whenever I try to put

Listen my.ip.address:443 (with the correct ip address ;-)

My http or https server does start at all on any port. The log error I get is

[crit] (98)Address already in use: make_sock: could not bind to address
203.89.254.243 port 443

But I don't get a similar error for port 80, so I don't know why it also doesn't
start.

I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address
defined. I have tried many different combinations of name based and ip based
virtual hosting, but https always binds to all IP's. As soon as I put the
Listen ip.address:443, I get the log error above and no servers start.

terry





Mark Boddington wrote:

> Hi Terry,
>
> Perhaps your directives are being overridden in a "IfDefine SSL" or
> "IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
> have the following in your config ?
>
> Listen my.ip.address:443
> ...
> NameVirtualHost my.ip.address:443
> ...
>
> ...
>
>
> Cheers,
>
> Mark
>
>
> On Thu, 6 Mar 2003, Terry Kerr wrote:
>
>
>>Hi,
>>
>>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
>>
>>The system has two IP's, and I only wish for apache to start on ports 80 and 443
>>on one of those IPs. I am using named based virtual hosting for many sites on
>>the system for http, and have just one virtual host setup for https on port 443.
>> The problem that I am having is that I cannot stop mod_ssl from binding to
>>port 443 on both the IP's on my system. I have tried every possible combination
>>of Listen, BindAddress, and Port, and have managed to prevent http from starting
>>on all IP's, but https still starts on all IPs. Is there any way to stop this?
>>
>>
> ddD> Will I need to start two seperate servers, one serving http only, and
> one
>
>>serving https only? If I was to do this, I may as well go back to using
>>apache-ssl which is the default installation on debian anyway.
>>
>>Thanks in advance
>>
>>terry
>>
>>--
>>Terry Kerr (terry@adroit.net)
>>Adroit Internet Solutions (www.adroit.net)
>>Phone: +61 3 9563 4461
>>Fax: +61 3 9563 3856
>>
>>__________________________________________________________ ____________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List modssl-users@modssl.org
>>Automated List Manager majordomo@modssl.org
>>
>>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>



--
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions (www.adroit.net)
Phone: +61 3 9563 4461
Fax: +61 3 9563 3856

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: stop apache/mod_ssl binding to all IP"s.

it sounds like perhaps yer http.conf file have perhaps more then one
listen directive, perhaps outside the directives. Might
try grepping the file for listen and see what comes up. or, better yet,
egrepping for bind|listen|etc...

thanks,

Ron DuFresne

On Fri, 7 Mar 2003, Terry Kerr wrote:

> Mark,
>
> Thanks for you suggestion, but whenever I try to put
>
> Listen my.ip.address:443 (with the correct ip address ;-)
>
> My http or https server does start at all on any port. The log error I get is
>
> [crit] (98)Address already in use: make_sock: could not bind to address
> 203.89.254.243 port 443
>
> But I don't get a similar error for port 80, so I don't know why it also doesn't
> start.
>
> I also have Listen ip.address:80 defined, and have a NameVirtualHost ip.address
> defined. I have tried many different combinations of name based and ip based
> virtual hosting, but https always binds to all IP's. As soon as I put the
> Listen ip.address:443, I get the log error above and no servers start.
>
> terry
>
>
>
>
>
> Mark Boddington wrote:
>
> > Hi Terry,
> >
> > Perhaps your directives are being overridden in a "IfDefine SSL" or
> > "IfModule SSL" block ? Listen IP:Port does work, works for me. Do you
> > have the following in your config ?
> >
> > Listen my.ip.address:443
> > ...
> > NameVirtualHost my.ip.address:443
> > ...
> >
> > ...
> >
> >
> > Cheers,
> >
> > Mark
> >
> >
> > On Thu, 6 Mar 2003, Terry Kerr wrote:
> >
> >
> >>Hi,
> >>
> >>I am running apache 1.3.26 and mod_ssl 2.8.9-2.1 on a debian linux system.
> >>
> >>The system has two IP's, and I only wish for apache to start on ports 80 and 443
> >>on one of those IPs. I am using named based virtual hosting for many sites on
> >>the system for http, and have just one virtual host setup for https on port 443.
> >> The problem that I am having is that I cannot stop mod_ssl from binding to
> >>port 443 on both the IP's on my system. I have tried every possible combination
> >>of Listen, BindAddress, and Port, and have managed to prevent http from starting
> >>on all IP's, but https still starts on all IPs. Is there any way to stop this?
> >>
> >>
> > ddD> Will I need to start two seperate servers, one serving http only, and
> > one
> >
> >>serving https only? If I was to do this, I may as well go back to using
> >>apache-ssl which is the default installation on debian anyway.
> >>
> >>Thanks in advance
> >>
> >>terry
> >>
> >>--
> >>Terry Kerr (terry@adroit.net)
> >>Adroit Internet Solutions (www.adroit.net)
> >>Phone: +61 3 9563 4461
> >>Fax: +61 3 9563 3856
> >>
> >>__________________________________________________________ ____________
> >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >>User Support Mailing List modssl-users@modssl.org
> >>Automated List Manager majordomo@modssl.org
> >>
> >>
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
>
>
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org