details.xml revision 5f54f5b43c1ead4d85990835cb6a7e94da0085ac
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<!-- $Revision: 1.8 $ -->
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse Copyright 2002-2004 The Apache Software Foundation
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse Licensed under the Apache License, Version 2.0 (the "License");
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse you may not use this file except in compliance with the License.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse You may obtain a copy of the License at
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse Unless required by applicable law or agreed to in writing, software
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse distributed under the License is distributed on an "AS IS" BASIS,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse See the License for the specific language governing permissions and
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse limitations under the License.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <title>An In-Depth Discussion of Virtual Host Matching</title>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>The virtual host code was completely rewritten in
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse <strong>Apache 1.3</strong>. This document attempts to explain
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse exactly what Apache does when deciding what virtual host to
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse serve a hit from. With the help of the new
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse directive virtual host configuration should be a lot easier and
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse safer than with versions prior to 1.3.</p>
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse <p>If you just want to <cite>make it work</cite> without
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse understanding how, here are <a href="examples.html">some
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse<section id="configparsing"><title>Config File Parsing</title>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>There is a <em>main_server</em> which consists of all the
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse definitions appearing outside of
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse <code><VirtualHost></code> sections. There are virtual
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse <directive type="section" module="core">VirtualHost</directive>
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse sections.</p>
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse <p>The directives
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse can appear anywhere within the definition of a server. However,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse each appearance overrides the previous appearance (within that
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse server).</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>The default value of the <code>Listen</code> field for
a943533fd4d91d114af622731a405407990c4fb1rse main_server is 80. The main_server has no default
a943533fd4d91d114af622731a405407990c4fb1rse <code>ServerPath</code>, or <code>ServerAlias</code>. The
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse default <code>ServerName</code> is deduced from the server's IP
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse address.</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>The main_server Listen directive has two functions. One
7933d4a963def02417113b6798d87a36395053b0rse function is to determine the default network port Apache will
7933d4a963def02417113b6798d87a36395053b0rse bind to. The second function is to specify the port number
7933d4a963def02417113b6798d87a36395053b0rse which is used in absolute URIs during redirects.</p>
7933d4a963def02417113b6798d87a36395053b0rse <p>Unlike the main_server, vhost ports <em>do not</em> affect
7933d4a963def02417113b6798d87a36395053b0rse what ports Apache listens for connections on.</p>
7933d4a963def02417113b6798d87a36395053b0rse <p>Each address appearing in the <code>VirtualHost</code>
7933d4a963def02417113b6798d87a36395053b0rse directive can have an optional port. If the port is unspecified
d1bb6e2664788e0437acc18e877562c9a796d7cerse it defaults to the value of the main_server's most recent
7933d4a963def02417113b6798d87a36395053b0rse <code>Listen</code> statement. The special port <code>*</code>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse indicates a wildcard that matches any port. Collectively the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse entire set of addresses (including multiple <code>A</code>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse record results from DNS lookups) are called the vhost's
7933d4a963def02417113b6798d87a36395053b0rse <p>Unless a <directive module="core">NameVirtualHost</directive>
7933d4a963def02417113b6798d87a36395053b0rse directive is used for a specific IP address the first vhost
7933d4a963def02417113b6798d87a36395053b0rse with that address is treated as an IP-based vhost. The IP
7933d4a963def02417113b6798d87a36395053b0rse <p>If name-based vhosts should be used a
7933d4a963def02417113b6798d87a36395053b0rse <code>NameVirtualHost</code> directive <em>must</em> appear
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse with the IP address set to be used for the name-based vhosts.
7933d4a963def02417113b6798d87a36395053b0rse In other words, you must specify the IP address that holds the
7933d4a963def02417113b6798d87a36395053b0rse hostname aliases (CNAMEs) for your name-based vhosts via a
7933d4a963def02417113b6798d87a36395053b0rse <code>NameVirtualHost</code> directive in your configuration
7933d4a963def02417113b6798d87a36395053b0rse <p>Multiple <code>NameVirtualHost</code> directives can be used
7933d4a963def02417113b6798d87a36395053b0rse each with a set of <code>VirtualHost</code> directives but only
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse one <code>NameVirtualHost</code> directive should be used for
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse each specific IP:port pair.</p>
7933d4a963def02417113b6798d87a36395053b0rse <code>VirtualHost</code> directives is not important which
7933d4a963def02417113b6798d87a36395053b0rse makes the following two examples identical (only the order of
7933d4a963def02417113b6798d87a36395053b0rse the <code>VirtualHost</code> directives for <em>one</em>
7933d4a963def02417113b6798d87a36395053b0rse address set is important, see below):</p>
7933d4a963def02417113b6798d87a36395053b0rse NameVirtualHost 111.22.33.44<br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.44><br />
7933d4a963def02417113b6798d87a36395053b0rse # server A<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.44><br />
7933d4a963def02417113b6798d87a36395053b0rse # server B<br />
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse NameVirtualHost 111.22.33.55<br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.55><br />
7933d4a963def02417113b6798d87a36395053b0rse # server C<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <VirtualHost 111.22.33.55><br />
7933d4a963def02417113b6798d87a36395053b0rse # server D<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost>
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.44><br />
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse # server A<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.55><br />
7933d4a963def02417113b6798d87a36395053b0rse # server C<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.44><br />
7933d4a963def02417113b6798d87a36395053b0rse # server B<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse <VirtualHost 111.22.33.55><br />
7933d4a963def02417113b6798d87a36395053b0rse # server D<br />
7933d4a963def02417113b6798d87a36395053b0rse </VirtualHost><br />
7933d4a963def02417113b6798d87a36395053b0rse NameVirtualHost 111.22.33.44<br />
7933d4a963def02417113b6798d87a36395053b0rse NameVirtualHost 111.22.33.55<br />
7933d4a963def02417113b6798d87a36395053b0rse <p>(To aid the readability of your configuration you should
7933d4a963def02417113b6798d87a36395053b0rse prefer the left variant.)</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>After parsing the <code>VirtualHost</code> directive, the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse vhost server is given a default <code>Listen</code> equal to the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse port assigned to the first name in its <code>VirtualHost</code>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse directive.</p>
7933d4a963def02417113b6798d87a36395053b0rse <p>The complete list of names in the <code>VirtualHost</code>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse directive are treated just like a <code>ServerAlias</code> (but
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse are not overridden by any <code>ServerAlias</code> statement)
7933d4a963def02417113b6798d87a36395053b0rse if all names resolve to the same address set. Note that
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse subsequent <code>Listen</code> statements for this vhost will not
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse affect the ports assigned in the address set.</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>During initialization a list for each IP address is
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse generated and inserted into an hash table. If the IP address is
7933d4a963def02417113b6798d87a36395053b0rse used in a <code>NameVirtualHost</code> directive the list
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse contains all name-based vhosts for the given IP address. If
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse there are no vhosts defined for that address the
7933d4a963def02417113b6798d87a36395053b0rse <code>NameVirtualHost</code> directive is ignored and an error
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse is logged. For an IP-based vhost the list in the hash table is
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse empty.</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <p>Due to a fast hashing function the overhead of hashing an IP
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse address during a request is minimal and almost not existent.
7933d4a963def02417113b6798d87a36395053b0rse Additionally the table is optimized for IP addresses which vary
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse in the last octet.</p>
7933d4a963def02417113b6798d87a36395053b0rse <p>For every vhost various default values are set. In
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse particular:</p>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <li>If a vhost has no <directive module="core">ServerAdmin</directive>,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <directive module="core">MaxKeepAliveRequests</directive>,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse directive then the respective value is inherited from the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse main_server. (That is, inherited from whatever the final
7933d4a963def02417113b6798d87a36395053b0rse setting of that value is in the main_server.)</li>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse <li>The "lookup defaults" that define the default directory
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse permissions for a vhost are merged with those of the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse main_server. This includes any per-directory configuration
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse information for any module.</li>
7933d4a963def02417113b6798d87a36395053b0rse <li>The per-server configs for each module from the
7933d4a963def02417113b6798d87a36395053b0rse main_server are merged into the vhost server.</li>
417f504d4d11631c0d062be85347f82a26c88677aaron <p>Essentially, the main_server is treated as "defaults" or a
7933d4a963def02417113b6798d87a36395053b0rse "base" on which to build each vhost. But the positioning of
7933d4a963def02417113b6798d87a36395053b0rse these main_server definitions in the config file is largely
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe irrelevant -- the entire config of the main_server has been
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe parsed when this final merging occurs. So even if a main_server
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe definition appears after a vhost definition it might affect the
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe vhost definition.</p>
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe <p>If the main_server has no <code>ServerName</code> at this
b79b480213d7452db127eec054e52eb2b4fa6153wrowe point, then the hostname of the machine that httpd is running
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe on is used instead. We will call the <em>main_server address
417f504d4d11631c0d062be85347f82a26c88677aaron set</em> those IP addresses returned by a DNS lookup on the
affe4f2ea22fca7ce90166044af0c5fdba608ec3rbb name-based vhost defaults to the address given first in the
7933d4a963def02417113b6798d87a36395053b0rse <code>VirtualHost</code> statement defining the vhost.</p>
a943533fd4d91d114af622731a405407990c4fb1rse <p>Any vhost that includes the magic <code>_default_</code>
a943533fd4d91d114af622731a405407990c4fb1rse wildcard is given the same <code>ServerName</code> as the
2e79bb3add3d91814269824f948945d45b2b3260dougm main_server.</p>
a943533fd4d91d114af622731a405407990c4fb1rse<section id="hostmatching"><title>Virtual Host Matching</title>
a943533fd4d91d114af622731a405407990c4fb1rse <p>The server determines which vhost to use for a request as
a943533fd4d91d114af622731a405407990c4fb1rse follows:</p>
2e79bb3add3d91814269824f948945d45b2b3260dougm <section id="hashtable"><title>Hash table lookup</title>
2e79bb3add3d91814269824f948945d45b2b3260dougm <p>When the connection is first made by a client, the IP
2e79bb3add3d91814269824f948945d45b2b3260dougm address to which the client connected is looked up in the
2e79bb3add3d91814269824f948945d45b2b3260dougm internal IP hash table.</p>
a943533fd4d91d114af622731a405407990c4fb1rse <p>If the lookup fails (the IP address wasn't found) the
a943533fd4d91d114af622731a405407990c4fb1rse request is served from the <code>_default_</code> vhost if
a943533fd4d91d114af622731a405407990c4fb1rse there is such a vhost for the port to which the client sent the
a943533fd4d91d114af622731a405407990c4fb1rse request. If there is no matching <code>_default_</code> vhost
72d7c23997c59e4195fe3ebc8ef48895773be0bcdougm the request is served from the main_server.</p>
72d7c23997c59e4195fe3ebc8ef48895773be0bcdougm <p>If the IP address is not found in the hash table then the
a943533fd4d91d114af622731a405407990c4fb1rse match against the port number may also result in an entry
a943533fd4d91d114af622731a405407990c4fb1rse corresponding to a <code>NameVirtualHost *</code>, which is
a943533fd4d91d114af622731a405407990c4fb1rse subsequently handled like other name-based vhosts.</p>
a943533fd4d91d114af622731a405407990c4fb1rse <p>If the lookup succeeded (a corresponding list for the IP
a943533fd4d91d114af622731a405407990c4fb1rse address was found) the next step is to decide if we have to
a943533fd4d91d114af622731a405407990c4fb1rse deal with an IP-based or a name-base vhost.</p>
a943533fd4d91d114af622731a405407990c4fb1rse </section>
a943533fd4d91d114af622731a405407990c4fb1rse <p>If the entry we found has an empty name list then we have
a943533fd4d91d114af622731a405407990c4fb1rse found an IP-based vhost, no further actions are performed and
a943533fd4d91d114af622731a405407990c4fb1rse the request is served from that vhost.</p>
a943533fd4d91d114af622731a405407990c4fb1rse </section>
6d7efb8c76b56eaebd6032096771c9e44b247f3fdougm <section id="namebased"><title>Name-based vhost</title>
a943533fd4d91d114af622731a405407990c4fb1rse <p>If the entry corresponds to a name-based vhost the name list
e822d7a17076adc11a72b647028aa9755a035cf5dougm contains one or more vhost structures. This list contains the
a943533fd4d91d114af622731a405407990c4fb1rse vhosts in the same order as the <code>VirtualHost</code>
a943533fd4d91d114af622731a405407990c4fb1rse directives appear in the config file.</p>
a943533fd4d91d114af622731a405407990c4fb1rse <p>The first vhost on this list (the first vhost in the config
a943533fd4d91d114af622731a405407990c4fb1rse file with the specified IP address) has the highest priority
a943533fd4d91d114af622731a405407990c4fb1rse and catches any request to an unknown server name or a request
931b4fd1cc9dd3da096c45f4bf7ddcc14e0985c1dougm <p>If the client provided a <code>Host:</code> header field the
a943533fd4d91d114af622731a405407990c4fb1rse list is searched for a matching vhost and the first hit on a
a943533fd4d91d114af622731a405407990c4fb1rse <code>ServerName</code> or <code>ServerAlias</code> is taken
a943533fd4d91d114af622731a405407990c4fb1rse and the request is served from that vhost. A <code>Host:</code>
a943533fd4d91d114af622731a405407990c4fb1rse header field can contain a port number, but Apache always
a943533fd4d91d114af622731a405407990c4fb1rse matches against the real port to which the client sent the
a943533fd4d91d114af622731a405407990c4fb1rse request.</p>
a943533fd4d91d114af622731a405407990c4fb1rse <code>Host:</code> header field we don't know to what server
a943533fd4d91d114af622731a405407990c4fb1rse the client tried to connect and any existing
a943533fd4d91d114af622731a405407990c4fb1rse <code>ServerPath</code> is matched against the URI from the
a943533fd4d91d114af622731a405407990c4fb1rse request. The first matching path on the list is used and the
7933d4a963def02417113b6798d87a36395053b0rse request is served from that vhost.</p>
caaa9b08da1d1cc30fe9160109b883561e574932dougm <p>If no matching vhost could be found the request is served
caaa9b08da1d1cc30fe9160109b883561e574932dougm from the first vhost with a matching port number that is on the
931b4fd1cc9dd3da096c45f4bf7ddcc14e0985c1dougm list for the IP to which the client connected (as already
caaa9b08da1d1cc30fe9160109b883561e574932dougm mentioned before).</p>
caaa9b08da1d1cc30fe9160109b883561e574932dougm <section id="persistent"><title>Persistent connections</title>
caaa9b08da1d1cc30fe9160109b883561e574932dougm <p>The IP lookup described above is only done <em>once</em> for a
caaa9b08da1d1cc30fe9160109b883561e574932dougm particular TCP/IP session while the name lookup is done on
caaa9b08da1d1cc30fe9160109b883561e574932dougm connection. In other words a client may request pages from
caaa9b08da1d1cc30fe9160109b883561e574932dougm different name-based vhosts during a single persistent
caaa9b08da1d1cc30fe9160109b883561e574932dougm connection.</p>
caaa9b08da1d1cc30fe9160109b883561e574932dougm <p>If the URI from the request is an absolute URI, and its
a943533fd4d91d114af622731a405407990c4fb1rse hostname and port match the main server or one of the
a943533fd4d91d114af622731a405407990c4fb1rse configured virtual hosts <em>and</em> match the address and
a943533fd4d91d114af622731a405407990c4fb1rse port to which the client sent the request, then the
a943533fd4d91d114af622731a405407990c4fb1rse scheme/hostname/port prefix is stripped off and the remaining
a943533fd4d91d114af622731a405407990c4fb1rse relative URI is served by the corresponding main server or
a943533fd4d91d114af622731a405407990c4fb1rse virtual host. If it does not match, then the URI remains
a943533fd4d91d114af622731a405407990c4fb1rse untouched and the request is taken to be a proxy request.</p>
d572c96f3a1c0f6b712bf2522352b929872a607edougm <li>A name-based vhost can never interfere with an IP-base
6b025bd5a034790b2bb31236092265e154d6a565dougm vhost and vice versa. IP-based vhosts can only be reached
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm through an IP address of its own address set and never
a943533fd4d91d114af622731a405407990c4fb1rse through any other address. The same applies to name-based
a943533fd4d91d114af622731a405407990c4fb1rse vhosts, they can only be reached through an IP address of the
a943533fd4d91d114af622731a405407990c4fb1rse corresponding address set which must be defined with a
a943533fd4d91d114af622731a405407990c4fb1rse <li><code>ServerAlias</code> and <code>ServerPath</code>
a943533fd4d91d114af622731a405407990c4fb1rse checks are never performed for an IP-based vhost.</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>The order of name-/IP-based, the <code>_default_</code>
a943533fd4d91d114af622731a405407990c4fb1rse vhost and the <code>NameVirtualHost</code> directive within
a943533fd4d91d114af622731a405407990c4fb1rse the config file is not important. Only the ordering of
a943533fd4d91d114af622731a405407990c4fb1rse name-based vhosts for a specific address set is significant.
a943533fd4d91d114af622731a405407990c4fb1rse The one name-based vhosts that comes first in the
a943533fd4d91d114af622731a405407990c4fb1rse configuration file has the highest priority for its
a943533fd4d91d114af622731a405407990c4fb1rse corresponding address set.</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>For security reasons the port number given in a
a943533fd4d91d114af622731a405407990c4fb1rse <code>Host:</code> header field is never used during the
a943533fd4d91d114af622731a405407990c4fb1rse matching process. Apache always uses the real port to which
a943533fd4d91d114af622731a405407990c4fb1rse the client sent the request.</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>If a <code>ServerPath</code> directive exists which is a
a943533fd4d91d114af622731a405407990c4fb1rse prefix of another <code>ServerPath</code> directive that
a943533fd4d91d114af622731a405407990c4fb1rse appears later in the configuration file, then the former will
a943533fd4d91d114af622731a405407990c4fb1rse always be matched and the latter will never be matched. (That
574f6ff9ee80ef4f772649c5c8319b764a8abe42jerenkrantz available to disambiguate the two.)</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>If two IP-based vhosts have an address in common, the
13bac43a0f21d8c6401debc1baa76be984474074rbb vhost appearing first in the config file is always matched.
13bac43a0f21d8c6401debc1baa76be984474074rbb Such a thing might happen inadvertently. The server will give
a943533fd4d91d114af622731a405407990c4fb1rse a warning in the error logfile when it detects this.</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>A <code>_default_</code> vhost catches a request only if
a943533fd4d91d114af622731a405407990c4fb1rse there is no other vhost with a matching IP address
a943533fd4d91d114af622731a405407990c4fb1rse <em>and</em> a matching port number for the request. The
a943533fd4d91d114af622731a405407990c4fb1rse request is only caught if the port number to which the client
a943533fd4d91d114af622731a405407990c4fb1rse sent the request matches the port number of your
a943533fd4d91d114af622731a405407990c4fb1rse specified (<em>i.e.</em>, <code>_default_:*</code>) to catch
a943533fd4d91d114af622731a405407990c4fb1rse requests to any available port. This also applies to
a943533fd4d91d114af622731a405407990c4fb1rse <li>The main_server is only used to serve a request if the IP
a943533fd4d91d114af622731a405407990c4fb1rse address and port number to which the client connected is
a943533fd4d91d114af622731a405407990c4fb1rse unspecified and does not match any other vhost (including a
a943533fd4d91d114af622731a405407990c4fb1rse <code>_default_</code> vhost). In other words the main_server
a943533fd4d91d114af622731a405407990c4fb1rse combination (unless there is a <code>_default_</code> vhost
a943533fd4d91d114af622731a405407990c4fb1rse which matches that port).</li>
a943533fd4d91d114af622731a405407990c4fb1rse <li>A <code>_default_</code> vhost or the main_server is
caaa9b08da1d1cc30fe9160109b883561e574932dougm connected to an address (and port) which is used for
6b025bd5a034790b2bb31236092265e154d6a565dougm <li>You should never specify DNS names in
6b025bd5a034790b2bb31236092265e154d6a565dougm <code>VirtualHost</code> directives because it will force
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm your server to rely on DNS to boot. Furthermore it poses a
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm security threat if you do not control the DNS for all the
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm domains listed. There's <a href="/dns-caveats.html">more
34e35f19305a307db17a3e42beba8a7311525907dougm information</a> available on this and the next two
eecdc3ce360b93883329706f0e50705c2b9bf0cbdougm topics.</li>
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm <li><code>ServerName</code> should always be set for each
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm vhost. Otherwise A DNS lookup is required for each
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm vhost.</li>
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm href="/dns-caveats.html#tips">DNS Issues</a> page, here are
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm some further tips:</p>
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm <li>Place all main_server definitions before any
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm <code>VirtualHost</code> definitions. (This is to aid the
34e35f19305a307db17a3e42beba8a7311525907dougm readability of the configuration -- the post-config merging
34e35f19305a307db17a3e42beba8a7311525907dougm process makes it non-obvious that definitions mixed in around
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm virtual hosts might affect all virtual hosts.)</li>
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm <li>Group corresponding <code>NameVirtualHost</code> and
34e35f19305a307db17a3e42beba8a7311525907dougm <code>VirtualHost</code> definitions in your configuration to
08e685922fbfb1742c65c85a3a1d8688bc826aeedougm ensure better readability.</li>
6b025bd5a034790b2bb31236092265e154d6a565dougm <li>Avoid <code>ServerPaths</code> which are prefixes of
6b025bd5a034790b2bb31236092265e154d6a565dougm other <code>ServerPaths</code>. If you cannot avoid this then
6b025bd5a034790b2bb31236092265e154d6a565dougm you have to ensure that the longer (more specific) prefix
6b025bd5a034790b2bb31236092265e154d6a565dougm vhost appears earlier in the configuration file than the
6b025bd5a034790b2bb31236092265e154d6a565dougm shorter (less specific) prefix (<em>i.e.</em>, "ServerPath
6b025bd5a034790b2bb31236092265e154d6a565dougm /abc" should appear after "ServerPath /abc/def").</li>
6b025bd5a034790b2bb31236092265e154d6a565dougm</manualpage>