3

Apache/2.4.6 (CentOS)

For a while now, I've had a catchall page setup for my Apache server so bots would not crawl my main site unless they had my domain name.

Recently however, I noticed this no longer works with my config. When loading the page by IP address (let's say 10.20.20.10), I get the main site (let's say mysite.net) instead of the catchall.

The config looks like this:

<VirtualHost _default_:80>
        ServerName default
        # More config ...
</VirtualHost>

<VirtualHost _default_:443>
        ServerName default
        # More config ...
</VirtualHost>

<VirtualHost 10.20.20.10:80>
        ServerName mysite.net
        # More config ...
</VirtualHost>

<VirtualHost 10.20.20.10:443>
        ServerName mysite.net
        # More config ...
</VirtualHost>

Running apachectl -S revealed to me that it is not being loaded as the default:

10.20.20.10:443       is a NameVirtualHost
     default server mysite.net (/etc/httpd/sites-enabled/01-mysite.conf:24)
     port 443 namevhost mysite.net (/etc/httpd/sites-enabled/01-mysite.conf:24)
*:80                   localhost (/etc/httpd/sites-enabled/00-catchall.conf:2)
*:443                  localhost (/etc/httpd/sites-enabled/00-catchall.conf:16)

I was able to find a way to have my catchall load by default, but it required that I changed my catchall to the same listen IP as my main virtual host. Not the most ideal solution. I'd imagine changing all vhosts to * would also do it, but that's not ideal either.

Based on observation, it appeared like httpd prefers a closer match and takes an IP match over "*". Can anyone shed light on why Apache does not load the first vhost and what might fix this?

Datus
  • 41

1 Answers1

0

I'm just wondering here, doesn't it make sense that since mysite.net is the first vhost for VirtualHost 10.20.20.10:80 that it would become the default site?

I have no idea why _default_ isn't working for you. But maybe something like this could work instead. Is this what you say you've tried already? What's not ideal about it?

<VirtualHost 10.20.20.10:80>
        ServerName default
        # More config ...
</VirtualHost>

<VirtualHost 10.20.20.10:443>
        ServerName default
        # More config ...
</VirtualHost>

<VirtualHost 10.20.20.10:80>
        ServerName mysite.net
        # More config ...
</VirtualHost>

<VirtualHost 10.20.20.10:443>
        ServerName mysite.net
        # More config ...
</VirtualHost>

This question/answer would explain your problem if you were using Apache 2.2. But you're not. Honestly it's not something I'm overly familiar with. Apparently, you're not supposed to use _default_ with name based virtual hosting, rather *:* or *:port.

difference between _default_:* and *:* in VirtualHost Context

So with a named based virtualhosting configuration:

<Virtualhost *:80> with ServerName foo.com means "on all IPs managed on this host", "on port 80", "if the request host header is foo.com" I'll use this virtualhost
<Virtualhost *:*> with Servername foo.com means "on all IPs managed on this host", "on all ports", "if the request host header is foo.com" I'll use this virtualhost
<Virtualhost 10.0.0.2:*> with Servername foo.com means "for request incoming from my network interface 10.0.0.2", "on all ports", "if the request host header is foo.com" I'll use this virtualhost
<Virtualhost _default_:*> with Servername foo.com : should not be used with name based virtualhosting
And on an IP based Virtualhosting:

<Virtualhost 10.0.0.2:*> means "I'll use this virtualhost for request coming on my 10.0.0.2 interface"
<Virtualhost _default_:443> means "I'll use this virtualhost for all other network interface on my host for request coming on port 443"
<Virtualhost _default_:*> means "I'll use this virtualhost for all other network interface on my host, if it is not matched by a previous rule, and if the request host header is not matched by a named based virtualhost"

Ubuntu same as you I tried assigning an IP to one of the vhosts (example2.com) rather than <VirtualHost *:80> and it now overrides the default vhost. Seems this is just how Apache works. A * cannot override an IP address. curl 192.168.1.143 now gives me example2.com instead of the catchall page.

$ sudo apachectl -S
VirtualHost configuration:
192.168.1.143:80       example2.com (/etc/apache2/sites-enabled/example2.com.conf:1)
*:80                   is a NameVirtualHost
         default server www1.swass (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost www1.swass (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.conf:1)
                 wild alias *.example.com

Best of luck

Community
  • 1
Ryan Babchishin
  • 6,320
  • 2
  • 18
  • 37
  • Funny, I was actually using * before then switched to _default_ since it was more symbolic. In both cases though the same result happened. As you said, I feel Apache is treating mysite.net as the first vhost for 10.20.20.10. – Datus Aug 19 '16 at 01:17
  • @Datus I'm gonna test this – Ryan Babchishin Aug 19 '16 at 01:19
  • @Datus I use Ubuntu. Each vhost is in a separate file in /etc/apache2/sites-enabled. There's a file called 000-default.conf that contains the catchall default site. It gets loaded when I connect via IP (verified). Each vhost is defined with <VirtualHost *:80>. I'm assuming 000-default.conf loads first due to it's filename and that's the only reason it's default. It's Apache 2.4.18. Does any of this help you? – Ryan Babchishin Aug 19 '16 at 01:25
  • Appreciate your help on this. The load order should be correct with 00-catchall.conf being my desired default and 01-insertsite.conf being my main site. For the sake of trying things I included the file explicitly in the main httpd.conf with the same effect.

    I'm running this on a CentOS 7 host. The structure looks like Ubuntu on my server because I liked how they organized it. ;-)

     – Datus Aug 19 '16 at 01:37
  • @Datus My apache behaves the same as yours. Once I gave an IP address to one of the vhosts, it overrode the default host... – Ryan Babchishin Aug 19 '16 at 01:38
  • Oh sorry, misread there. Definitely strange because I feel like 2 months ago I was showing a friend this configuration and it was working. My only other thought is maybe I should dig through the patch notes. – Datus Aug 19 '16 at 01:43
  • @Things happen :). I've updated my answer at the bottom so you can see the output of apachectl -S. – Ryan Babchishin Aug 19 '16 at 01:45
  • It blows my mind. It is getting a bit late over here, but I will need to do a full dive into my config tomorrow and see what's up in my config. Again, I appreciate the help on this :-) – Datus Aug 19 '16 at 01:55