Apache2 VirtualHosts 403 Oddity

Question

I'm sure this is something I should already understand, but I'm finding myself confused.

The configs in play add up to this:

NameVirtualHost *:80
Listen 80

<VirtualHost *:80>
    <Directory />
        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin admin@domain.tld
    ServerName domain.tld
    ServerAlias *.domain.tld
    DocumentRoot /var/www/domain.tld
    <Directory /var/www/domain.tld>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

DNS is working correctly.

The issue is, every variant of http://*.domain.tld/ (including http://domain.tld/) works correctly, except http://www.domain.tld/ which throws a 403.

The logs state: client denied by server configuration: /etc/apache2/htdocs

If I remove the first VirtualHost block from play, everything works as expected including http://www.domain.tld. This leads me to believe that for some reason, Apache is not considering www.domain.tld to match the second VirtualHost block, and is thereby falling back to deny all.

This seems wrong. Shouldn't the second block match www.domain.tld?

I've been able to resolve this, but I still don't understand why. In my original configs, I was using the real ip address of the server instead of *. Switching all instances to * as shown above made everything work as expected.

Does this have something to do with the way browsers request resources?

`In my original configs, I was using the real ip address of the server instead of *` - That sounds like the server had multiple IP addresses, and the dns record for www.example.com pointed to a different IP than *.example.com. — AD7six, May 31 '14 at 08:57

score 0 · Answer 1 · answered Mar 28 '11 at 16:49

0

I would avoid the wildcard for the www record.

Change this:

ServerName domain.tld

ServerAlias *.domain.tld

To this:

ServerName www.domain.tld

ServerAlias domain.tld subdomain.domain.tld etc.domain.tld

to see if that works. calling the Server name www.domain.tld for testing the wildcard to see if it's causing the problems.

answered Mar 28 '11 at 16:49

Jonathan Ross

2,173
11
14

I changed to just ServerName www.domain.tld ServerAlias domain.tld to simplify things. Same results unfortunately. As in, domain.tld works, www.domain.tld 403. – Carson C. Mar 28 '11 at 17:11
What does "host www.domain.tld" give back as an IP address. Is it correct ? – Jonathan Ross Mar 29 '11 at 06:16
Yes, all DNS resolution is correct, including reverse DNS. Please see my edit above. – Carson C. Mar 29 '11 at 13:08
I haven't used wildcards like that in my Apache builds so I'm not sure but needless to say Apache can be a black art at times :-) (I've have some highly strange URL redirect issues in the past) Glad it's fixed anyway. – Jonathan Ross Mar 29 '11 at 13:18
www is just another subdomain - there's no special meaning to it as far as a webserver is concerned. Changing the config to use explicitly named domains instead of a wildcard might indirectly fix things but would almost be a coincidence. – AD7six May 31 '14 at 08:58

Apache2 VirtualHosts 403 Oddity

1 Answers1