Home / server / Questions / 114083
Accepted
Petah
Asked: 2010-02-18 17:27:36 +0800 CST

Apache configuration with virtual hosts and SSL on a local network

  • 772

I'm trying to setup my local Apache configuration like so:

http://localhost/ should serve ~/

http://development.somedomain.co.nz/ should serve ~/sites/development.somedomain.co.nz/

https://development.assldomain.co.nz/ should serve ~/sites/development.assldomain.co.nz/

I only want to allow connections from our local network (192.168.1.* range) and myself (127.0.0.1).

I have setup my hosts file with:

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost
127.0.0.1 development.somedomain.co.nz
127.0.0.1 development.assldomain.co.nz
127.0.0.1 development.anunuseddomain.co.nz

My Apache configuration looks like:

Listen 80

NameVirtualHost *:80

<VirtualHost development.somedomain.co.nz:80>
    ServerName development.somedomain.co.nz
    DocumentRoot "~/sites/development.somedomain.co.nz"
    DirectoryIndex index.php
    <Directory ~/sites/development.somedomain.co.nz>
        Options Indexes FollowSymLinks ExecCGI Includes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost localhost:80>
    DocumentRoot "~/"
    ServerName localhost
    <Directory "~/">
        Options Indexes FollowSymLinks ExecCGI Includes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
    Listen *:443
    NameVirtualHost *:443
    AcceptMutex flock
    <VirtualHost development.assldomain.co.nz:443>
        ServerName development.assldomain.co.nz
        DocumentRoot "~/sites/development.assldomain.co.nz"
        DirectoryIndex index.php
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
        SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
        BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
        <Directory ~/sites/development.assldomain.co.nz>
            SSLRequireSSL
            Options Indexes FollowSymLinks ExecCGI Includes
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    </VirtualHost>

</IfModule>

http://development.somedomain.co.nz/ http://localhost/ and https://development.assldomain.co.nz/ work fine.

The problem is when I request http://development.anunuseddomain.co.nz/ or http://development.assldomain.co.nz/ it responds with the same as http://development.somedomain.co.nz/

I want it to deny all requests that do not match a virtual host server name and all requests to a https host that are requested with http

PS I'm running XAMPP on Mac OS X 10.5.8

apache-2.2 virtualhost ssl https xampp

4 Answers

  1. Named virtual hosting isn't supported for SSL based virtual hosts.

    The problem stems from the fact that the ServerName is also encrypted in the SSL request. Thus, when the server receives a request for "somedomainname" or whatever, it's going to default to a named VHost that isn't on 443.

    Solution:

    • Put your liseners outside of your VHost definitions
    • Change :443 to an IP address. The server performs reverse DNS lookups automatically.

    Corrected:

    # Listen :80
Listen *:80
# Listen on IP Address for :443
Listen 127.0.0.1:443

<VirtualHost development.somedomain.co.nz:80>
   ServerName development.somedomain.co.nz
   DocumentRoot "~/sites/development.somedomain.co.nz"

   DirectoryIndex index.php

   # Stay consistent with your syntax definitions. This and the 443 Vhost Directory
   # were not Quoted. That's not to say it makes a difference guaranteed,
   # but it's always a good habit. 
   <Directory "~/sites/development.somedomain.co.nz">
       Options Indexes FollowSymLinks ExecCGI Includes
       AllowOverride All
       Order allow,deny
       Allow from all
   </Directory>
</VirtualHost>

<VirtualHost localhost:80>
   ServerName localhost
   DocumentRoot "~/"

   <Directory "~/">
      Options Indexes FollowSymLinks ExecCGI Includes
      AllowOverride All
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>

<IfModule mod_ssl.c>

   # Does this need to exist outside of the VHost Definition ?? 
   AcceptMutex flock

   <VirtualHost 127.0.0.1:443>
       ServerName development.assldomain.co.nz
       DocumentRoot "~/sites/development.assldomain.co.nz"
       DirectoryIndex index.php
       SSLEngine on
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
       SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
       SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
       BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

       <Directory "~/sites/development.assldomain.co.nz">
           SSLRequireSSL
           Options Indexes FollowSymLinks ExecCGI Includes
           AllowOverride All
           Order allow,deny
           Allow from all
       </Directory>
   </VirtualHost>

</IfModule>
    • 7
  2. Best Answer

    When apache cant mactch vhost it opens the default one. There is always a default, if not explicitly defined it is the first vhost definition in your config file.

    You can use httpd -S to check what are your default vhosts

    And you can define default and forbid access to it if you like as defraagh pointed

    • 2

  3. Add a default VirtualHost at the end of your file to catch requests directed to hosts you didn't explicitely specify :

     <VirtualHost _default_:*>
    DocumentRoot /~/void
    ...
 </VirtualHost>
    • 1

  4. In your virutal host directive:

    <VirtualHost localhost:80>

    Try using the IP instead.

    <VirtualHost 127.0.0.1:80>
    • 0