本地網路上具有虛擬主機和 SSL 的 Apache 配置
我正在嘗試像這樣設置我的本地 Apache 配置:
http://localhost/
應該服務~/
http://development.somedomain.co.nz/
應該服務~/sites/development.somedomain.co.nz/
https://development.assldomain.co.nz/
應該服務~/sites/development.assldomain.co.nz/
我只想允許來自我們的本地網路(192.168.1.* 範圍)和我自己(127.0.0.1)的連接。
我已經設置了我的主機文件:
127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost 127.0.0.1 development.somedomain.co.nz 127.0.0.1 development.assldomain.co.nz 127.0.0.1 development.anunuseddomain.co.nz
我的 Apache 配置如下所示:
Listen 80 NameVirtualHost *:80 <VirtualHost development.somedomain.co.nz:80> ServerName development.somedomain.co.nz DocumentRoot "~/sites/development.somedomain.co.nz" DirectoryIndex index.php <Directory ~/sites/development.somedomain.co.nz> Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost localhost:80> DocumentRoot "~/" ServerName localhost <Directory "~/"> Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> <IfModule mod_ssl.c> Listen *:443 NameVirtualHost *:443 AcceptMutex flock <VirtualHost development.assldomain.co.nz:443> ServerName development.assldomain.co.nz DocumentRoot "~/sites/development.assldomain.co.nz" DirectoryIndex index.php SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <Directory ~/sites/development.assldomain.co.nz> SSLRequireSSL Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> </IfModule>
http://development.somedomain.co.nz/
http://localhost/
並且https://development.assldomain.co.nz/
工作正常。問題是當我請求
http://development.anunuseddomain.co.nz/
或http://development.assldomain.co.nz/
它的響應與http://development.somedomain.co.nz/
我希望它拒絕所有與虛擬主機伺服器名稱不匹配的請求以及所有使用 http 請求的 https 主機請求
PS 我在 Mac OS X 10.5.8 上執行 XAMPP
當 apache 無法 mactch vhost 時,它會打開預設的虛擬主機。總是有一個預設值,如果沒有明確定義,它是配置文件中的第一個虛擬主機定義。
您可以使用 httpd -S 檢查您的預設虛擬主機是什麼
如果您願意,您可以定義預設值並禁止訪問它,正如 defraagh 指出的那樣
基於 SSL 的虛擬主機不支持命名虛擬主機。
問題源於 ServerName 在 SSL 請求中也被加密的事實。因此,當伺服器收到“somedomainname”或其他請求時,它將預設使用不在443 上的命名 VHost。
解決方案:
- 將您的 liseners 放在您的 VHost 定義之外
- 將 :443 更改為 IP 地址。伺服器自動執行反向 DNS 查找。
更正:
# Listen :80 Listen *:80 # Listen on IP Address for :443 Listen 127.0.0.1:443 <VirtualHost development.somedomain.co.nz:80> ServerName development.somedomain.co.nz DocumentRoot "~/sites/development.somedomain.co.nz" DirectoryIndex index.php # Stay consistent with your syntax definitions. This and the 443 Vhost Directory # were not Quoted. That's not to say it makes a difference guaranteed, # but it's always a good habit. <Directory "~/sites/development.somedomain.co.nz"> Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost localhost:80> ServerName localhost DocumentRoot "~/" <Directory "~/"> Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> <IfModule mod_ssl.c> # Does this need to exist outside of the VHost Definition ?? AcceptMutex flock <VirtualHost 127.0.0.1:443> ServerName development.assldomain.co.nz DocumentRoot "~/sites/development.assldomain.co.nz" DirectoryIndex index.php SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Applications/XAMPP/etc/ssl.crt/server.crt SSLCertificateKeyFile /Applications/XAMPP/etc/ssl.key/server.key BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <Directory "~/sites/development.assldomain.co.nz"> SSLRequireSSL Options Indexes FollowSymLinks ExecCGI Includes AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> </IfModule>