Problem with ProxyPass

--=_samba3-31077-1286430706-0001-2
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Good morning,

I have to use a singel backup IP on a VHDSL and redirect the whole :80
traffic to a DMZ where I want to use "apache2" as proxy to redirect
traffic to some internal servers.

I tried to use

----[ '/etc/apache2/conf.d/apache_proxy' ]------------------------------
NameVirtualHost 192.168.0.69:80


ServerName www.tdipmedia.net
ProxyPass / http://192.168.0.208:80/
ProxyPassReverse / http://192.168.0.208:80/

Order deny,allow
Allow from all


------------------------------------------------------------ ------------

but the redirection to the IP 192.168.0.208 does not work.

What I am missing here?

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--=20
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix




Jabber linux4michelle@jabber.ccc.de

Linux-User #280138 with the Linux Counter, http://counter.li.org/

--=_samba3-31077-1286430706-0001-2
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMrV/wC0FPBMSS+BIRAruGAJ9BBig6/SK+5uvwjIURJpxrQJ7mKQCf RYvd
gXoGelh98WBI4hDgbEDwzOo=
=i0WK
-----END PGP SIGNATURE-----

--=_samba3-31077-1286430706-0001-2--

Re: Problem with ProxyPass

On Thu, Oct 7, 2010 at 6:51 AM, Michelle Konzack
wrote:
> Good morning,
>
> I have to use a singel backup IP on a VHDSL and redirect the  whole =
 :80
> traffic to a DMZ where I want to use  "apache2"  as  proxy=
 to  redirect
> traffic to some internal servers.
>
> I tried to use
>
> ----[ '/etc/apache2/conf.d/apache_proxy' ]------------------------------
> NameVirtualHost         192.168.0.69:80
>
>
>    ServerName          www.tdipmedia.n=
et
>    ProxyPass           / http://192.16=
8.0.208:80/
>    ProxyPassReverse    / http://192.168.0.208:80/
>    
>        Order           deny,=
allow
>        Allow           from =
all
>    
>
> ------------------------------------------------------------ ------------
>

Your config doesn't look right to me:

NameVirtualHost 192.168.0.69:80

This says 'When a request comes in on the socket listening on IP
192.168.0.69, port 80, use the Host header from the request to infer
the virtualhost to use'.


ServerName www.tdipmedia.net



This says: 'When a request comes in on 192.168.0.69:80, with Host
header 'www.tdipmedia.net', use this virtualhost to serve the request'

ProxyPass / http://192.168.0.208:80/
ProxyPassReverse / http://192.168.0.208:80/

This says: 'Proxy / to the website on http://192.168.0.208:80/'


Order deny,allow
Allow from all


This is nonsense. A refers to a disk location, nothing
else. If you wish to restrict who can access a reverse proxy, use a
directive or a directive.


> but the redirection to the IP 192.168.0.208 does not work.
>
> What I am missing here?
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>

Well, you haven't specified anything in your config that would result
in a redirect, you have configured a proxy. Apart from that...

So there are a couple of things you can check.

1) When you connect to the webserver, are you connecting to 192.168.0.69:80=
?
2) What Host header are you sending to the server? Typically a browser
will send the host portion of the URL you type in the address bar -
does that match 'www.tdipmedia.net'?
3) Where are your logs? What 'does not work' - explain what you've
tried, what the server does when you try that, and what error/info
messages are printed in the access and error logs.

Cheers

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Problem with ProxyPass

--=_samba3-31884-1286454460-0001-2
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello Tom Evans,

Am 2010-10-07 10:55:59, hacktest Du folgendes herunter:
> On Thu, Oct 7, 2010 at 6:51 AM, Michelle Konzack
> wrote:
> > ----[ '/etc/apache2/conf.d/apache_proxy' ]------------------------------
> > NameVirtualHost =A0 =A0 =A0 =A0 192.168.0.69:80
> >
> >
> > =A0 =A0ServerName =A0 =A0 =A0 =A0 =A0www.tdipmedia.net
> > =A0 =A0ProxyPass =A0 =A0 =A0 =A0 =A0 / http://192.168.0.208:80/
> > =A0 =A0ProxyPassReverse =A0 =A0/ http://192.168.0.208:80/
> > =A0 =A0
> > =A0 =A0 =A0 =A0Order =A0 =A0 =A0 =A0 =A0 deny,allow
> > =A0 =A0 =A0 =A0Allow =A0 =A0 =A0 =A0 =A0 from all
> > =A0 =A0
> >
> > ------------------------------------------------------------ ------------
> Your config doesn't look right to me:

Hmmm, since my three pootle instances where confliction with Apache, I
have setup last year the following config which is working:

----[ '/VServer_10/APACHE_available/pootle.tdwave.net' ]----------------

ServerAdmin linux4michelle@tamay-dogan.net
ServerName pootle.tdwave.net

ProxyPass /images !
ProxyPass /js !
ProxyPass /pootle.css !
ProxyPass /favicon.ico !
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/

Order deny,allow
Allow from all


DocumentRoot /usr/share/pootle/html/

Order deny,allow
Allow from all



Options FollowSymLinks Indexes
AllowOverride None
Order deny,allow
Allow from all


# debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
ErrorLog /VServer_10/CONFIG_pootle.tdwave.net/log/apache/err=
or.log

LogFormat "%{[%Y-%m-%d %H:%M:%S %z]}t %h [%V] %l %u \"%r\" %>=
s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost
CustomLog /VServer_10/CONFIG_pootle.tdwave.net/log/apache/acc=
ess.log vhost

ServerSignature On

------------------------------------------------------------ ------------

and now modified it. the only difference is, that the newServer is NOT
on but on IP <192.168.0.208>

> NameVirtualHost 192.168.0.69:80
>=20
> This says 'When a request comes in on the socket listening on IP
> 192.168.0.69, port 80, use the Host header from the request to infer
> the virtualhost to use'.

Right

>
> ServerName www.tdipmedia.net
>=20
>
>=20
> This says: 'When a request comes in on 192.168.0.69:80, with Host
> header 'www.tdipmedia.net', use this virtualhost to serve the request'

Right too.

> ProxyPass / http://192.168.0.208:80/
> ProxyPassReverse / http://192.168.0.208:80/
>=20
> This says: 'Proxy / to the website on http://192.168.0.208:80/'

Right too.

>
> Order deny,allow
> Allow from all
>
>=20
> This is nonsense. A refers to a disk location, nothing
> else. If you wish to restrict who can access a reverse proxy, use a
> directive or a directive.

Hmmm...

> Well, you haven't specified anything in your config that would result
> in a redirect, you have configured a proxy. Apart from that...
>=20
> So there are a couple of things you can check.
>=20
> 1) When you connect to the webserver, are you connecting to 192.168.0.69:=
80 ?

Yes, and I get:

----[ command 'wget -S -O /dev/null http://www.tdipmedia.net/' ]--------

--2010-10-07 14:26:26-- http://www.tdipmedia.net/
Resolving www.tdipmedia.net... 88.168.69.36
Connecting to www.tdipmedia.net|88.168.69.36|:80... connected.
HTTP request sent, awaiting response...=20
HTTP/1.1 403 Forbidden
Date: Thu, 07 Oct 2010 12:26:26 GMT
Content-Length: 390
Keep-Alive: timeout=3D15, max=3D100
Connection: Keep-Alive
Content-Type: text/html; charset=3Diso-8859-1
2010-10-07 14:26:26 ERROR 403: Forbidden.

------------------------------------------------------------ ------------

<88.168.69.36> is my fixed PUBLIC IP address and all :80 traffic is
redirected to my DMZ on <192.168.0.69> and some of the servers should be
proxyied to Servers behind it like the <192.168.0.208>.

> 2) What Host header are you sending to the server? Typically a browser
> will send the host portion of the URL you type in the address bar -
> does that match 'www.tdipmedia.net'?
> 3) Where are your logs? What 'does not work' - explain what you've
> tried, what the server does when you try that, and what error/info
> messages are printed in the access and error logs.

[Thu Oct 07 14:16:45 2010] [error] [client 192.168.0.65] client denied by s=
erver configuration: proxy:http://192.168.0.208:80/

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--=20
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix




Jabber linux4michelle@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

--=_samba3-31884-1286454460-0001-2
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMrby6C0FPBMSS+BIRAhPdAJ9oup4zs1VMIdCyWNw1wuZisvlI0gCf br5W
+1AOsrRIYbrEXXDk/1rErLM=
=yl4c
-----END PGP SIGNATURE-----

--=_samba3-31884-1286454460-0001-2--

Re: Problem with ProxyPass

--=_samba3-31203-1286457785-0001-2
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Forgotten one hing:

If I change the=20

to

I get

----[ command 'wget -S -O /dev/null http://www.tdipmedia.net/ 2>&1' ]---

--2010-10-07 15:20:26-- http://www.tdipmedia.net/
Resolving www.tdipmedia.net... 88.168.69.36
Connecting to www.tdipmedia.net|88.168.69.36|:80... connected.
HTTP request sent, awaiting response...=20
HTTP/1.1 302 Found
Date: Thu, 07 Oct 2010 13:20:26 GMT
Server: Apache/2.2.3 (Debian) Embperl/2.2.0 DAV/2 PHP/5.2.0-8+etch16 mod_=
perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/5.2.0-8+etch16
Location: /?what=3Dindex
Content-Length: 0
Keep-Alive: timeout=3D15, max=3D100
Connection: Keep-Alive
Content-Type: text/html; charset=3DUTF-8
Location: /?what=3Dindex [following]
--2010-10-07 15:20:27-- http://www.tdipmedia.net/?what=3Dindex
Reusing existing connection to www.tdipmedia.net:80.
HTTP request sent, awaiting response...=20
HTTP/1.1 200 OK
Date: Thu, 07 Oct 2010 13:20:27 GMT
Server: Apache/2.2.3 (Debian) Embperl/2.2.0 DAV/2 PHP/5.2.0-8+etch16 mod_=
perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/5.2.0-8+etch16
Connection: close
Content-Type: text/html; charset=3DUTF-8
Length: unspecified [text/html]
Saving to: `/dev/null'

0K ...... 241K=3D0.03s

2010-10-07 15:20:27 (241 KB/s) - `/dev/null' saved [6343]

------------------------------------------------------------ ------------

which mean, it has hit the DEFAULT VHost and never arrived at the config
of which mean, the is
required.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--=20
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix




Jabber linux4michelle@jabber.ccc.de
ICQ #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

--=_samba3-31203-1286457785-0001-2
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Transfer-Encoding: 7bit
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMrcm3C0FPBMSS+BIRAi5JAKDUhYsVt5QzdNB9qQa9Ng0B73i6UgCg jE9J
4gJ2bZGhNAUeZjOrOLFHTqE=
=oQQX
-----END PGP SIGNATURE-----

--=_samba3-31203-1286457785-0001-2--

Re: Re: Problem with ProxyPass

On Thu, Oct 7, 2010 at 1:27 PM, Michelle Konzack
wrote:
> Hello Tom Evans,
>
> Am 2010-10-07 10:55:59, hacktest Du folgendes herunter:
>> On Thu, Oct 7, 2010 at 6:51 AM, Michelle Konzack
>> wrote:
>> > ----[ '/etc/apache2/conf.d/apache_proxy' ]----------------------------=
--
>> > NameVirtualHost         192.168.0.69:80
>> >
>> >
>> >    ServerName          www.tdipmedi=
a.net
>> >    ProxyPass           / http://192=
..168.0.208:80/
>> >    ProxyPassReverse    / http://192.168.0.208:80/
>> >    
>> >        Order           de=
ny,allow
>> >        Allow           fr=
om all
>> >    
>> >
>> > ------------------------------------------------------------ ----------=
--
>> Your config doesn't look right to me:
>
> Hmmm, since my three pootle instances where confliction with  Apache=
,  I
> have setup last year the following config which is working:
>
> ----[ '/VServer_10/APACHE_available/pootle.tdwave.net' ]----------------
>
>    ServerAdmin         linux4michelle@tamay=
-dogan.net
>    ServerName          pootle.tdwave.n=
et
>
>    ProxyPass          /images !
>    ProxyPass          /js !
>    ProxyPass          /pootle.css !
>    ProxyPass          /favicon.ico !
>    ProxyPass          / http://localho=
st:8888/
>    ProxyPassReverse   / http://localhost:8888/
>    
>        Order          deny,a=
llow
>        Allow          from a=
ll
>    
>
>    DocumentRoot        /usr/share/pootle/ht=
ml/
>    
>        Order           deny,=
allow
>        Allow           from =
all
>    
>
>    
>        Options         FollowSymL=
inks Indexes
>        AllowOverride   None
>        Order           deny,=
allow
>        Allow           from =
all
>    
>
>    # debug, info, notice, warn, error, crit, alert, emerg.
>    LogLevel            warn
>    ErrorLog            /VServer_1=
0/CONFIG_pootle.tdwave.net/log/apache/error.log
>
>    LogFormat           "%{[%Y-%m-%d %H=
:%M:%S %z]}t %h [%V] %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"=
" vhost
>    CustomLog           /VServer_10/CON=
FIG_pootle.tdwave.net/log/apache/access.log vhost
>
>    ServerSignature     On
>
> ------------------------------------------------------------ ------------
>
> and now modified it.  the only difference is, that the newServer is =
 NOT
> on but on IP <192.168.0.208>
>
>>     NameVirtualHost         192.168.0.69:8=
0
>>
>> This says 'When a request comes in on the socket listening on IP
>> 192.168.0.69, port 80, use the Host header from the request to infer
>> the virtualhost to use'.
>
> Right
>
>>
>>    ServerName          www.tdipmedia.=
net
>>
>>
>>
>> This says: 'When a request comes in on 192.168.0.69:80, with Host
>> header 'www.tdipmedia.net', use this virtualhost to serve the request'
>
> Right too.
>
>>    ProxyPass           / http://192.1=
68.0.208:80/
>>    ProxyPassReverse    / http://192.168.0.208:80/
>>
>> This says: 'Proxy / to the website on http://192.168.0.208:80/'
>
> Right too.
>
>>    
>>        Order           deny=
,allow
>>        Allow           from=
all
>>    
>>
>> This is nonsense. A refers to a disk location, nothing
>> else. If you wish to restrict who can access a reverse proxy, use a
>> directive or a directive.
>
> Hmmm...
>
>> Well, you haven't specified anything in your config that would result
>> in a redirect, you have configured a proxy. Apart from that...
>>
>> So there are a couple of things you can check.
>>
>> 1) When you connect to the webserver, are you connecting to 192.168.0.69=
:80 ?
>
> Yes, and I get:
>
> ----[ command 'wget -S -O /dev/null http://www.tdipmedia.net/' ]--------
>
> --2010-10-07 14:26:26--  http://www.tdipmedia.net/
> Resolving www.tdipmedia.net... 88.168.69.36
> Connecting to www.tdipmedia.net|88.168.69.36|:80... connected.
> HTTP request sent, awaiting response...
>  HTTP/1.1 403 Forbidden
>  Date: Thu, 07 Oct 2010 12:26:26 GMT
>  Content-Length: 390
>  Keep-Alive: timeout=3D15, max=3D100
>  Connection: Keep-Alive
>  Content-Type: text/html; charset=3Diso-8859-1
> 2010-10-07 14:26:26 ERROR 403: Forbidden.
>
> ------------------------------------------------------------ ------------
>
> <88.168.69.36> is my fixed PUBLIC IP address  and  all  :8=
0  traffic  is
> redirected to my DMZ on <192.168.0.69> and some of the servers should be
> proxyied to Servers behind it like the <192.168.0.208>.
>
>> 2) What Host header are you sending to the server? Typically a browser
>> will send the host portion of the URL you type in the address bar -
>> does that match 'www.tdipmedia.net'?
>> 3) Where are your logs? What 'does not work' - explain what you've
>> tried, what the server does when you try that, and what error/info
>> messages are printed in the access and error logs.
>
> [Thu Oct 07 14:16:45 2010] [error] [client 192.168.0.65] client denied by=
server configuration: proxy:http://192.168.0.208:80/
>
> Thanks, Greetings and nice Day/Evening
>    Michelle Konzack
>
> --

Can you spot the difference, or shall I point it out? :)

In your working vhost, you have specified a documentroot, and have
granted access to it. In your non working vhost, you haven't done
either, and your block doesn't ever get applied, thus
requests are denied.

Either replace your block with an appropriate
block, or give your vhost an empty document root, and change your
Directory block to point at that (/var/empty is where I usually use).

Cheers

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re: Problem with ProxyPass

On Thu, Oct 7, 2010 at 2:23 PM, Michelle Konzack
wrote:
> Forgotten one hing:
>
> If I change the
>    
> to
>    
> I get
>
>
>
> which mean, it has hit the DEFAULT VHost and never arrived at the config
> of which mean, the =C2=
=A0is
> required.
>
> Thanks, Greetings and nice Day/Evening
>    Michelle Konzack
>

If you did not also add a NameVirtualHost for *:80, then that is to be
expected. If you don't do any IP/port based virtual hosting, then it
is usually easiest to do:

NameVirtualHost *



Cheers

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re: Problem with ProxyPass

----- Tom Evans wrote:
> On Thu, Oct 7, 2010 at 2:23 PM, Michelle Konzack
> wrote:
> > Forgotten one hing:
> >
> > If I change the
> >    
> > to
> >    
> > I get

what does apachectl -S say?

> >
> >
> > which mean, it has hit the DEFAULT VHost and never arrived at the confi=
g
> > of which mean, the =
 is
> > required.
> >
> > Thanks, Greetings and nice Day/Evening
> >    Michelle Konzack
> >
>=20
> If you did not also add a NameVirtualHost for *:80, then that is to be
> expected. If you don't do any IP/port based virtual hosting, then it
> is usually easiest to do:
>=20
> NameVirtualHost *
>=20
>

that's ambigous. a better practice is to use *:80 (when Listen-ing on port =
80)

> Cheers
>=20
> Tom
>=20
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>=20
--=20
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re: Problem with ProxyPass

2010/10/8 Igor Galić :
> ----- Tom Evans wrote:
>> If you did not also add a NameVirtualHost for *:80, then that is to be
>> expected. If you don't do any IP/port based virtual hosting, then it
>> is usually easiest to do:
>>
>> NameVirtualHost *
>>
>>
>
> that's ambigous. a better practice is to use *:80 (when Listen-ing on por=
t 80)
>

(I call FUD)

What is ambiguous about it? Is it open to more than one
interpretation? What is better about using *:80, in your opinion
(since you seem to have one about it)?

It's two less characters to type, and means that however I configure
the Listen directives, or how I connect to the server, my list of
configured vhosts is applied correctly.

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re: Problem with ProxyPass

----- "Tom Evans" wrote:

> 2010/10/8 Igor Galić :
> > ----- Tom Evans wrote:
> >> If you did not also add a NameVirtualHost for *:80, then that is to
> be
> >> expected. If you don't do any IP/port based virtual hosting, then
> it
> >> is usually easiest to do:
> >>
> >> NameVirtualHost *
> >>
> >>
> >
> > that's ambigous. a better practice is to use *:80 (when Listen-ing
> on port 80)
> >
>=20
> (I call FUD)
>=20
> What is ambiguous about it? Is it open to more than one
> interpretation? What is better about using *:80, in your opinion
> (since you seem to have one about it)?

I quote fajita, #httpd's bot:

17:04 namevirtualhost *
17:04 Consider using NameVirtualHost *:80 instead, to avoid port o=
verlap.
17:04 virtualhost *
17:04 BAD because it makes things confused when making apache list=
en on multiple sockets/ports. Try to use , for instance, =
unless one knows what they are doing.
=20
> It's two less characters to type, and means that however I configure
> the Listen directives, or how I connect to the server, my list of
> configured vhosts is applied correctly.

The last part ``unless one knows what they are doing'' is important here.

We see too many people who are incapable of configuring their vhosts,
apachectl -S shows overlapping most of the time, so we're preaching
this good practice wherever we can.

I think a better long term solution would be to not allow a start of
a server if apachectl -S returns warnings ;)

> Tom

i

--=20
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org