2

To avoid cache poisoning, I was asked to create a dummy virtual host on my Apache Web Server, so that all the forged requests(which are not actually related to my application) will go to the dummy virtual host.

Below is my current virtual host:

<VirtualHost *:*>
   DocumentRoot "cache location"
   ServerName myappname
</virtualHost>

I'm trying to create a dummy virtual host with Server name as * and with a different cache location. This is what I tried:

<VirtualHost *:*>
   DocumentRoot "another cache location"
   ServerName *
</virtualHost>

How can I test that my dummy virtual host configuration works, and do I need to modify my configuration?

Bill
  • 126
  • 12
balaji
  • 129
  • 7

1 Answers1

2

As far as I know setting * as the ServerName will only match a literal * as the hostname and that does not do not the intended wildcard matching...

Your dummy virtual host , the VirtualHost entry that will respond to any and all unqualified requests that don't match any of the specific domain names that are explicitly configured, should by the first VirtualHost entry in your configuration.

<VirtualHost *:80>
  # This is the first and will handle anything that is not example.[com | net | org] 
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.com
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.net
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.org
  ...
</VirtualHost>

The second part of this answer has a suitable setup for the default VirtualHOST: https://serverfault.com/a/662356/37681

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thanks for your answer :), may I know why we need to have instead of please – balaji Nov 07 '17 at 17:03
  • one more question please, can this be the last entry since major of the requests(if not all) would be legitimate and performance can be increased by pushing it lower since all legigimate requests will first hit the valid virtual host – balaji Nov 07 '17 at 19:00
  • Sorry it doesn't work that way, any request containing an unknown or no Host: header it is always served from the primary name-based vhost (the vhost for that address/port appearing first in the configuration file). https://httpd.apache.org/docs/2.4/vhosts/examples.html – HBruijn Nov 07 '17 at 20:23
  • also my apache server listens at port 8080, so I think it should be in my case – balaji Nov 07 '17 at 20:41