Apache-2.2

本地網路上具有虛擬主機和 SSL 的 Apache 配置

  • March 2, 2013

我正在嘗試像這樣設置我的本地 Apache 配置:

http://localhost/應該服務~/

http://development.somedomain.co.nz/應該服務~/sites/development.somedomain.co.nz/

https://development.assldomain.co.nz/應該服務~/sites/development.assldomain.co.nz/

我只想允許來自我們的本地網路(192.168.1.* 範圍)和我自己(127.0.0.1)的連接。

我已經設置了我的主機文件:

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost
127.0.0.1 development.somedomain.co.nz
127.0.0.1 development.assldomain.co.nz
127.0.0.1 development.anunuseddomain.co.nz

我的 Apache 配置如下所示:

Listen 80

NameVirtualHost *:80

<VirtualHost development.somedomain.co.nz:80>
   ServerName development.somedomain.co.nz
   DocumentRoot "~/sites/development.somedomain.co.nz"
   DirectoryIndex index.php
   <Directory ~/sites/development.somedomain.co.nz>
       Options Indexes FollowSymLinks ExecCGI Includes
       AllowOverride All
       Order allow,deny
       Allow from all
   </Directory>
</VirtualHost>

<VirtualHost localhost:80>
   DocumentRoot "~/"
   ServerName localhost
   <Directory "~/">
       Options Indexes FollowSymLinks ExecCGI Includes
       AllowOverride All
       Order allow,deny
       Allow from all
   </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
   Listen *:443
   NameVirtualHost *:443
   AcceptMutex flock
   <VirtualHost development.assldomain.co.nz:443>
       ServerName development.assldomain.co.nz
       DocumentRoot "~/sites/development.assldomain.co.nz"
       DirectoryIndex index.php
       SSLEngine on
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
       SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
       SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
       BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
       <Directory ~/sites/development.assldomain.co.nz>
           SSLRequireSSL
           Options Indexes FollowSymLinks ExecCGI Includes
           AllowOverride All
           Order allow,deny
           Allow from all
       </Directory>
   </VirtualHost>

</IfModule>

http://development.somedomain.co.nz/ http://localhost/並且https://development.assldomain.co.nz/工作正常。

問題是當我請求http://development.anunuseddomain.co.nz/http://development.assldomain.co.nz/它的響應與http://development.somedomain.co.nz/

我希望它拒絕所有與虛擬主機伺服器名稱不匹配的請求以及所有使用 http 請求的 https 主機請求

PS 我在 Mac OS X 10.5.8 上執行 XAMPP

當 apache 無法 mactch vhost 時,它會打開預設的虛擬主機。總是有一個預設值,如果沒有明確定義,它是配置文件中的第一個虛擬主機定義。

您可以使用 httpd -S 檢查您的預設虛擬主機是什麼

如果您願意,您可以定義預設值並禁止訪問它,正如 defraagh 指出的那樣

基於 SSL 的虛擬主機不支持命名虛擬主機。

問題源於 ServerName 在 SSL 請求中也被加密的事實。因此,當伺服器收到“somedomainname”或其他請求時,它將預設使用不在443 上的命名 VHost。

解決方案:

  • 將您的 liseners 放在您的 VHost 定義之外
  • 將 :443 更改為 IP 地址。伺服器自動執行反向 DNS 查找。

更正:

# Listen :80
Listen *:80
# Listen on IP Address for :443
Listen 127.0.0.1:443

<VirtualHost development.somedomain.co.nz:80>
  ServerName development.somedomain.co.nz
  DocumentRoot "~/sites/development.somedomain.co.nz"

  DirectoryIndex index.php

  # Stay consistent with your syntax definitions. This and the 443 Vhost Directory
  # were not Quoted. That's not to say it makes a difference guaranteed,
  # but it's always a good habit. 
  <Directory "~/sites/development.somedomain.co.nz">
      Options Indexes FollowSymLinks ExecCGI Includes
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
</VirtualHost>

<VirtualHost localhost:80>
  ServerName localhost
  DocumentRoot "~/"

  <Directory "~/">
     Options Indexes FollowSymLinks ExecCGI Includes
     AllowOverride All
     Order allow,deny
     Allow from all
  </Directory>
</VirtualHost>

<IfModule mod_ssl.c>

  # Does this need to exist outside of the VHost Definition ?? 
  AcceptMutex flock

  <VirtualHost 127.0.0.1:443>
      ServerName development.assldomain.co.nz
      DocumentRoot "~/sites/development.assldomain.co.nz"
      DirectoryIndex index.php
      SSLEngine on
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt
      SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key
      BrowserMatch ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0

      <Directory "~/sites/development.assldomain.co.nz">
          SSLRequireSSL
          Options Indexes FollowSymLinks ExecCGI Includes
          AllowOverride All
          Order allow,deny
          Allow from all
      </Directory>
  </VirtualHost>

</IfModule>

引用自:https://serverfault.com/questions/114083