I read the apache docs, but there is a lot of stuff, which is different in Debian [lenny, 5.0.6].
Apache ignores the host-header given by the browser:
http://x or http://x:81 or http://x.mbg.local are all served, but should be blocked, according to my definition.
The definition for x stems from my hosts file [which everyone could do this way].
I am new new to apache, but on my IIS this works as expected.
All browsers act equal [so no browser header problem].
I configured two VirtualHosts, an excerpt:
NameVirtualHost hugo:80
DocumentRoot /usr/share/doc
Alias /doc/ /usr/share/doc/
Options Indexes MultiViews FollowSymLinks
Allow from 192.168.24.0/24
The other VirtualHost is configured for port 81.
The I go to my hosts file on any box, and add hugo's ip-address under
the new name x. Then, x is served, although the host-header in apache
is hugo!! Every user coming from the internet could make the same!
I am out of hope now. Does anyone has any help for me?
Would really very good!
UPDATE
Now, I have just removed everything from httpd.conf and created two enabled sites to make things easier:
First, for nagios [should only serve on exact this:
http://thor:81
NameVirtualHost thor:81
<VirtualHost thor:81>
ServerName thor:81
ServerAlias thor:81
ServerPath /usr/share/nagios3
DocumentRoot /usr/share/nagios3
</VirtualHost>
but it answers on
http://thor.mbg.local:81
and even on
http://x:81
also!
Then, a test server:
NameVirtualHost thor.mbg.local:80 ServerName thor.mbg.local ServerAlias thor.mbg.local DocumentRoot /var/www/default Order Allow,Deny Allow From All
This too, answers on
http:thor/
and on
http://thor.mbg.local/
This complete configuration is accepted by apache. I could not find a default,
which would override the configuration.
Is there possible other http server software, which makes this right? (I am coming from IIS, where this works.)
Now:Got it!
Thanks for all the help! I have not recognized, that all properties,
like name/ip and ports must match everywhere. In my case, a fallback
to the default host occured!!!
I started a VM with a "play-debian" from scratch and worked it out.
If someone will see the final definition, here it is:
In debians port.conf, I have now:
NameVirtualHost 192.168.26.92:80
b) in httpd.conf:
<VirtualHost 192.168.26.92:80>
DocumentRoot /var/www/block
<Directory /var/www/block>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order Allow,Deny
Allow from All ##would just like to see, this is the end!!!
</Directory>
</VirtualHost>
<VirtualHost 192.168.26.92:80>
ServerName wl1
ServerAlias wl1
DocumentRoot /var/www/test80
<Directory /var/www/test80>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
LogLevel debug
ErrorLog /var/log/apache2/test80-error.log
CustomLog /var/log/apache2/test80-access.log vhost_combined
</VirtualHost>
<VirtualHost 192.168.26.92:80>
ServerName wl2
ServerAlias wl2
DocumentRoot /var/www/test81
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/test81>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
LogLevel info
ErrorLog /var/log/apache2/error-test81.log
CustomLog /var/log/apache2/test81-access.log vhost_combined
</VirtualHost>
For a debian beginner, I feel, it is bad to have too many configuration
files, you'll loosing the overview.
Much thanks for all the help!
br++mabra
Best Answer
In many configurations, one of the available virtual server definitions, usually the first in the file, acts as a default. The default is what Apache serves when the request headers do not match one of the virtual hosts.
If this doesn't answer your question, please give a more complete example of the config, the request URLs, what is served and what you expected to be served instead.
EDIT
So far as I recall, with your configuration, when apache receives a request with HTTP header Host:x it sees that there is no definition for what it should do. Nil desperandum, it thinks, I'll serve up some stuff from the first website that comes to hand, oh look, theres a website for Thor - I'll just serve up stuff from there!
See http://httpd.apache.org/docs/2.0/vhosts/details.html
If this bothers you, set up a virtualhost for unknown.server.name, point it at an empty directory and set up a custom 404 that says "someone has made a hostname point to our servers IP address without arranging with us for a web-site to be served for that hostname - sorry!"