details.xml revision 15107611640cec4e666dd7e2e1dee15c270e9e98
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor<!-- $LastChangedRevision$ -->
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor Licensed to the Apache Software Foundation (ASF) under one or more
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor contributor license agreements. See the NOTICE file distributed with
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor this work for additional information regarding copyright ownership.
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor The ASF licenses this file to You under the Apache License, Version 2.0
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen (the "License"); you may not use this file except in compliance with
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen the License. You may obtain a copy of the License at
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor Unless required by applicable law or agreed to in writing, software
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor distributed under the License is distributed on an "AS IS" BASIS,
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3f08db06526d6901aa08c110b5bc7dde6bc39905nd See the License for the specific language governing permissions and
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor limitations under the License.
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor<parentdocument href="./">Virtual Hosts</parentdocument>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <title>An In-Depth Discussion of Virtual Host Matching</title>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>This document attempts to explain
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor exactly what Apache HTTP Server does when deciding what virtual host to
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor serve a request from.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If you just want to <cite>make it work</cite> without
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor understanding how, here are <a href="examples.html">some
c867dba1041640ecec7c8194d35a5b4ffce442earbowen<section id="configparsing"><title>Configuration File Parsing</title>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>There is a <em>main_server</em> which consists of all the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen definitions appearing outside of
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code><VirtualHost></code> sections. There are virtual
c867dba1041640ecec7c8194d35a5b4ffce442earbowen servers, called <em>vhosts</em>, which are defined by
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <directive type="section" module="core">VirtualHost</directive>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen sections.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <directive module="core">ServerName</directive> directive
c867dba1041640ecec7c8194d35a5b4ffce442earbowen may appear anywhere within the definition of a server. However,
c867dba1041640ecec7c8194d35a5b4ffce442earbowen each appearance overrides the previous appearance (within that
c867dba1041640ecec7c8194d35a5b4ffce442earbowen server).</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>The main_server has no default
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>ServerAlias</code>. The default <code>ServerName</code>,
c867dba1041640ecec7c8194d35a5b4ffce442earbowen if not specified, is deduced from the server's IP address.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>Port numbers specified in the <code>VirtualHost</code> directive do
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor not influence what port numbers Apache will listen on, they only discriminate between
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor which <code>VirtualHost</code> will be selected to handle a request.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>Each address appearing in the <code>VirtualHost</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor directive can have an optional port. If the port is unspecified
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor it is treated as a wildcard port. The special port <code>*</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor indicates a wildcard that matches any port. Collectively the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor entire set of addresses (including multiple <code>A</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor record results from DNS lookups) are called the vhost's
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>Unless a <directive module="core">NameVirtualHost</directive>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor directive is used for the exact IP address and port pair in the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <code>VirtualHost</code> directive, Apache selects the best match
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor only on the basis of the IP address (or wildcard) and port number.
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor If there are multiple identical best matches, the first <code>VirtualHost</code>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen appearing in the configuration file will be selected.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If you want Apache to <em>further</em> discriminate on the basis of the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor HTTP <code>Host</code> header supplied by the client, the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>NameVirtualHost</code> directive <em>must</em> appear
c867dba1041640ecec7c8194d35a5b4ffce442earbowen with the exact IP address (or wildcard) and port pair used in a correspnding
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>The name-based virtual host selection occurs only after the a single IP-based
c867dba1041640ecec7c8194d35a5b4ffce442earbowen virtual host has been selected, and only considers the set of virtual hosts
c867dba1041640ecec7c8194d35a5b4ffce442earbowen the carry an identical IP address and port pair.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>Hostnames can be used in place of IP addresses in a virtual host definition,
c867dba1041640ecec7c8194d35a5b4ffce442earbowen but it is resolved at startup and is not recommended.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>Multiple <code>NameVirtualHost</code> directives can be used
c867dba1041640ecec7c8194d35a5b4ffce442earbowen each with a set of <code>VirtualHost</code> directives but only
c867dba1041640ecec7c8194d35a5b4ffce442earbowen one <code>NameVirtualHost</code> directive should be used for
c867dba1041640ecec7c8194d35a5b4ffce442earbowen each specific IP:port pair.</p>
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh <p>The ordering of <code>NameVirtualHost</code> and
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>VirtualHost</code> directives is not important which
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh makes the following two examples identical (only the order of
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh the <code>VirtualHost</code> directives for <em>one</em>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen address set is important, see below):</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen NameVirtualHost 111.22.33.44<br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <VirtualHost 111.22.33.44><br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen # server A<br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen </VirtualHost><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <VirtualHost 111.22.33.44><br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen # server B<br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen </VirtualHost><br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen NameVirtualHost 111.22.33.55<br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <VirtualHost 111.22.33.55><br />
c867dba1041640ecec7c8194d35a5b4ffce442earbowen # server C<br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor </VirtualHost><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <VirtualHost 111.22.33.55><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor # server D<br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor </VirtualHost>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <VirtualHost 111.22.33.44><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor # server A<br />
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen </VirtualHost><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <VirtualHost 111.22.33.55><br />
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor # server C<br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd </VirtualHost><br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <VirtualHost 111.22.33.44><br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd # server B<br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd </VirtualHost><br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <VirtualHost 111.22.33.55><br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd # server D<br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd </VirtualHost><br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd NameVirtualHost 111.22.33.44<br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd NameVirtualHost 111.22.33.55<br />
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <p>(To aid the readability of your configuration you should
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd prefer the left variant.)</p>
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <p>During initialization a list for each IP address is
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd generated and inserted into an hash table. If the IP address is
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd used in a <code>NameVirtualHost</code> directive the list
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd contains all name-based vhosts for the given IP address. If
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd there are no vhosts defined for that address the
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <code>NameVirtualHost</code> directive is ignored and an error
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf is logged. For an IP-based vhost the list in the hash table is
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <p>Due to a fast hashing function the overhead of hashing an IP
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd address during a request is minimal and almost not existent.
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh Additionally the table is optimized for IP addresses which vary
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh in the last octet.</p>
16055ce2030d5a9ab3b1797dfe4ba2c1177a6af9nd <p>For every vhost various default values are set. In
fe2be2903c65e2f99f04199655ea5f97a75825d0humbedooh particular:</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>If a vhost has no <directive module="core">ServerAdmin</directive>,
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <directive module="core">KeepAliveTimeout</directive>,
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <directive module="core">MaxKeepAliveRequests</directive>,
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <directive module="core">ReceiveBufferSize</directive>,
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor or <directive module="core">SendBufferSize</directive>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor directive then the respective value is inherited from the
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen main_server. (That is, inherited from whatever the final
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor setting of that value is in the main_server.)</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>The "lookup defaults" that define the default directory
c867dba1041640ecec7c8194d35a5b4ffce442earbowen permissions for a vhost are merged with those of the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen main_server. This includes any per-directory configuration
c867dba1041640ecec7c8194d35a5b4ffce442earbowen information for any module.</li>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <li>The per-server configs for each module from the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen main_server are merged into the vhost server.</li>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>Essentially, the main_server is treated as "defaults" or a
c867dba1041640ecec7c8194d35a5b4ffce442earbowen "base" on which to build each vhost. But the positioning of
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf these main_server definitions in the config file is largely
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor irrelevant -- the entire config of the main_server has been
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor parsed when this final merging occurs. So even if a main_server
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor definition appears after a vhost definition it might affect the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhost definition.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>If the main_server has no <code>ServerName</code> at this
c867dba1041640ecec7c8194d35a5b4ffce442earbowen point, then the hostname of the machine that <program>httpd</program>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen is running on is used instead. We will call the <em>main_server address
c867dba1041640ecec7c8194d35a5b4ffce442earbowen set</em> those IP addresses returned by a DNS lookup on the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>For any undefined <code>ServerName</code> fields, a
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor name-based vhost defaults to the address given first in the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>VirtualHost</code> statement defining the vhost.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>Any vhost that includes the magic <code>_default_</code>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen wildcard is given the same <code>ServerName</code> as the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen main_server.</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen<section id="hostmatching"><title>Virtual Host Matching</title>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>The server determines which vhost to use for a request as
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor follows:</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <section id="hashtable"><title>Hash table lookup</title>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <p>When the connection is first made by a client, the IP
c867dba1041640ecec7c8194d35a5b4ffce442earbowen address to which the client connected is looked up in the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor internal IP hash table.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the lookup fails (the IP address wasn't found) the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor request is served from the <code>_default_</code> vhost if
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor there is such a vhost for the port to which the client sent the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor request. If there is no matching <code>_default_</code> vhost
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor the request is served from the main_server.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the IP address is not found in the hash table then the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor match against the port number may also result in an entry
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor corresponding to a <code>NameVirtualHost *</code>, which is
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor subsequently handled like other name-based vhosts.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the lookup succeeded (a corresponding list for the IP
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor address was found) the next step is to decide if we have to
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor deal with an IP-based or a name-base vhost.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the entry we found has an empty name list then we have
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor found an IP-based vhost, no further actions are performed and
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor the request is served from that vhost.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <section id="namebased"><title>Name-based vhost</title>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the entry corresponds to a name-based vhost the name list
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor contains one or more vhost structures. This list contains the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhosts in the same order as the <code>VirtualHost</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor directives appear in the config file.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>The first vhost on this list (the first vhost in the config
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor file with the specified IP address) has the highest priority
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor and catches any request to an unknown server name or a request
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the client provided a <code>Host:</code> header field the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor list is searched for a matching vhost and the first hit on a
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <code>ServerName</code> or <code>ServerAlias</code> is taken
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor and the request is served from that vhost. A <code>Host:</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor header field can contain a port number, but Apache always
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor matches against the real port to which the client sent the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor request.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the client submitted a HTTP/1.0 request without
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <code>Host:</code> header field we don't know to what server
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor the client tried to connect to. In this case, the first virtual host
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor (that is, the one listed first in the server configuration file) for
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor the IP address and port to which the client connected, is
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor used to serve this request.</p>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <section id="persistent"><title>Persistent connections</title>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>The IP lookup described above is only done <em>once</em> for a
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor particular TCP/IP session while the name lookup is done on
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor connection. In other words a client may request pages from
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor different name-based vhosts during a single persistent
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor connection.</p>
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic <section id="absoluteURI"><title>Absolute URI</title>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <p>If the URI from the request is an absolute URI, and its
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor hostname and port match the main server or one of the
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf configured virtual hosts <em>and</em> match the address and
c867dba1041640ecec7c8194d35a5b4ffce442earbowen port to which the client sent the request, then the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen scheme/hostname/port prefix is stripped off and the remaining
c867dba1041640ecec7c8194d35a5b4ffce442earbowen relative URI is served by the corresponding main server or
c867dba1041640ecec7c8194d35a5b4ffce442earbowen virtual host. If it does not match, then the URI remains
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic untouched and the request is taken to be a proxy request.</p>
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic<section id="observations"><title>Observations</title>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <li>A name-based vhost can never interfere with an IP-base
c867dba1041640ecec7c8194d35a5b4ffce442earbowen vhost and vice versa. IP-based vhosts can only be reached
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor through an IP address of its own address set and never
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor through any other address. The same applies to name-based
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhosts, they can only be reached through an IP address of the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen corresponding address set which must be defined with a
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor checks are never performed for an IP-based vhost.</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>The order of name-/IP-based, the <code>_default_</code>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhost and the <code>NameVirtualHost</code> directive within
c867dba1041640ecec7c8194d35a5b4ffce442earbowen the config file is not important. Only the ordering of
c867dba1041640ecec7c8194d35a5b4ffce442earbowen name-based vhosts for a specific address set is significant.
c867dba1041640ecec7c8194d35a5b4ffce442earbowen The one name-based vhosts that comes first in the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen configuration file has the highest priority for its
c867dba1041640ecec7c8194d35a5b4ffce442earbowen corresponding address set.</li>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <li>The <code>Host:</code> header field is never used during the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen matching process. Apache always uses the real port to which
c867dba1041640ecec7c8194d35a5b4ffce442earbowen the client sent the request.</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>If two IP-based vhosts have an address in common, the
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhost appearing first in the config file is always matched.
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor Such a thing might happen inadvertently. The server will give
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor a warning in the error logfile when it detects this.</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>A <code>_default_</code> vhost catches a request only if
53cf0034f617fdca55a345580e13afd88000e9ccjim there is no other vhost with a matching IP address
53cf0034f617fdca55a345580e13afd88000e9ccjim <em>and</em> a matching port number for the request. The
53cf0034f617fdca55a345580e13afd88000e9ccjim request is only caught if the port number to which the client
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor sent the request matches the port number of your
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <code>Listen</code> by default. A wildcard port can be
2b6565aedca9e9c10691b12fd2f3689bf4c85bc7jim specified (<em>i.e.</em>, <code>_default_:*</code>) to catch
2b6565aedca9e9c10691b12fd2f3689bf4c85bc7jim requests to any available port. This also applies to
2b6565aedca9e9c10691b12fd2f3689bf4c85bc7jim <code>NameVirtualHost *</code> vhosts. Note that this is simply an
2b6565aedca9e9c10691b12fd2f3689bf4c85bc7jim extension of the "best match" principle, as a specific and exact match
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor is favored over a wildcard.</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>The main_server is only used to serve a request if the IP
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor address and port number to which the client connected is
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor unspecified and does not match any other vhost (including a
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>_default_</code> vhost). In other words the main_server
c867dba1041640ecec7c8194d35a5b4ffce442earbowen only catches a request for an unspecified address/port
c867dba1041640ecec7c8194d35a5b4ffce442earbowen combination (unless there is a <code>_default_</code> vhost
c867dba1041640ecec7c8194d35a5b4ffce442earbowen which matches that port).</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>A <code>_default_</code> vhost or the main_server is
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <em>never</em> matched for a request with an unknown or
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor missing <code>Host:</code> header field if the client
c867dba1041640ecec7c8194d35a5b4ffce442earbowen connected to an address (and port) which is used for
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>You should never specify DNS names in
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic <code>VirtualHost</code> directives because it will force
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic your server to rely on DNS to boot. Furthermore it poses a
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic security threat if you do not control the DNS for all the
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic domains listed. There's <a href="/dns-caveats.html">more
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic information</a> available on this and the next two
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic topics.</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li><code>ServerName</code> should always be set for each
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhost. Otherwise A DNS lookup is required for each
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor vhost.</li>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen href="/dns-caveats.html#tips">DNS Issues</a> page, here are
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor some further tips:</p>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <li>Place all main_server definitions before any
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>VirtualHost</code> definitions. (This is to aid the
c867dba1041640ecec7c8194d35a5b4ffce442earbowen readability of the configuration -- the post-config merging
c867dba1041640ecec7c8194d35a5b4ffce442earbowen process makes it non-obvious that definitions mixed in around
c867dba1041640ecec7c8194d35a5b4ffce442earbowen virtual hosts might affect all virtual hosts.)</li>
dc3a272f8afcbc137adcfee4c3aa052d2bdf4df7gryzor <li>Group corresponding <code>NameVirtualHost</code> and
c867dba1041640ecec7c8194d35a5b4ffce442earbowen <code>VirtualHost</code> definitions in your configuration to
c867dba1041640ecec7c8194d35a5b4ffce442earbowen ensure better readability.</li>
c867dba1041640ecec7c8194d35a5b4ffce442earbowen</manualpage>