www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: config/1927: Get full access to apache installation path by misusing https
Date Tue, 10 Mar 1998 15:30:00 GMT
The following reply was made to PR config/1927; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Andreas Heilwagen <hostmaster@netguru.org>
Cc: Apache bugs database <apbugs@apache.org>
Subject: Re: config/1927: Get full access to apache installation path by misusing https
Date: Tue, 10 Mar 1998 08:25:27 -0700 (MST)

 On Tue, 10 Mar 1998, Andreas Heilwagen wrote:
 
 > Marc Slemko wrote:
 > > 
 > > Well, that is the problem then.  You set the DocumentRoot explicitly to
 > > tell the server to serve files from that directory.  If the request
 > > doesn't match any vhost, it uses the main DocumentRoot.  I don't see any
 > > problems with Apache serving files from where you have told it to serve
 > > files...
 > 
 > Do you really think it should be correct behaviour that apache serves
 > files for servers which are not configured. Remember, you can get
 
 Yes.
 
 > files by https://www.<domain>.<tld> where only http://www.<domain>.<tld>
 > has been configured.
 > I think your answer is correct but too easy. There are enough reasons
 > to run apache with only virtual servers.
 
 If you don't want it to do that, add an explicit Listen statement for each
 IP address and port you want to listen on.  Otherwise, the only thing that
 makes sense is for it to serve files for "servers which aren't
 configured".  Think about what happens in the case of not having any
 virtualhosts.  All adding virtualhosts does is add specific host and/or IP
 and/or port combinations to treat differently.
 

Mime
View raw message