httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy D Legg" <>
Subject Re: [users@httpd] Best practice for restricting access to exact IP addresses
Date Mon, 04 Dec 2017 07:20:17 GMT
I will modify my HOWTO documents to reflect the DocumentRoot location
concern today.

As far as the semi-configured 443, I have to confess I cheated.  I copied
a 443-enabled virtual machine to a new VM to experiment with some-web
based dashboard tools on an air-gapped system.  I forgot to disable the
443 instance of the server.

Well, I'm grateful for this experience.  I love it when a simple forum
post results in a development towards improved practices.  I first posted
on this list some 16 or 17 years ago and even after all this time, the
culture of the mailing list is as proactive and progressive as it's always

Timothy D Legg

> On 01/12/17 18:36, Timothy D Legg wrote:
>> and then believes that running a2dissite on all these, perhaps to make a
>> backup of a php-encrusted website (such as mine) that the document root
>> will default to the top level of all these sites and perhaps reveal SQL
>> passwords in the process.
>> I hope this is not true...
> As far as I understand it will work exactly as you described, although
> keeping virtual hosts under default document root is not a good
> practice. Also, leaving Apache listen to some port without configuring
> site on that port does not look like good practice too.
> I personally favour creating default virtualhost with dummy name which
> (among other things) will get shown to bots that don't provide host name
> or SNI. For instance, it may always return 403.
> --
> With Best Regards,
> Marat Khalili
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message