httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Security using alias directive in a https vhost
Date Fri, 17 May 2013 08:58:06 GMT
On Fri, May 17, 2013 at 7:26 AM, Roland Wegmann <go4unkwn@gmx.net> wrote:
> Dear apache2 experts
>
> I run three name-based apache2 vhosts on an Ubuntu 12.04 LTS server.
> I can reach all three vhosts from the internet using https and FQDN.
> My CA is CACert and I adapted the original default-ssl (in sites-available)
> config file for my three vhosts.
>
> So lets the three name-based vhost call
>
> example.com
> foo1.example.com
> foo2.example.com
>
> for example. I can reach them from the internet using
>
> https://example.com
> https://foo1.example.com
> https://foo2.example.com
>
> Now I have added to alias directives in the vhost config file of example.com
>
> Alias /foo1 "/var/www/foo1.example.com/public"
> <Directory "/var/www/foo1.example.com/public/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride all
> Order allow,deny
> Allow from all
> </Directory>
>
> Alias /foo2 "/var/www/foo2.example.com/public"
> <Directory "/var/www/foo2.example.com/public/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride all
> Order allow,deny
> Allow from all
> </Directory>
>
> so I can reach the three vohosts using
>
> https://example.com
> https://example.com/foo1
> https://example.com/foo2


No you cannot. You can reach exactly one vhost, 'example.com'. You can
access the files that are served from the other vhosts in this
'example.com' vhost, but they are not served from the other vhost,
they are served from the 'example.com' vhost - nothing in the vhost
configuration is looked at or considered.

>
> Now my question is: when I use the alias directives for foo1 and foo2, what
> happens whit the ssl encription in relation to foo1 and foo2? Does foo1 and
> foo2 use the ssl encription from example.com? Or are logins and the data
> excange from and to foo1 and foo2 unencrypted?
>

There is no exchange from example.com to/from foo1/foo2. The files are
served from example.com vhost, and so only directives that apply to
the example.com vhost are relevant.

Cheers

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message