From 05dce833d281151471c47f71edeed6556b4f923a Mon Sep 17 00:00:00 2001 From: Rich Bowen Date: Wed, 17 Mar 2010 20:26:42 +0000 Subject: Remove mentions of HTTPD. Mea culpa. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@924467 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/dns-caveats.xml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'docs/manual/dns-caveats.xml') diff --git a/docs/manual/dns-caveats.xml b/docs/manual/dns-caveats.xml index e47c0b32ed..56d8d02319 100644 --- a/docs/manual/dns-caveats.xml +++ b/docs/manual/dns-caveats.xml @@ -27,7 +27,7 @@

This page could be summarized with the statement: don't configure Apache HTTP Server in such a way that it relies on DNS resolution - for parsing of the configuration files. If HTTPD requires DNS + for parsing of the configuration files. If httpd requires DNS resolution to parse the configuration files then your server may be subject to reliability problems (ie. it might not boot), or denial and theft of service attacks (including users able @@ -45,16 +45,16 @@ </VirtualHost> -

In order for HTTPD to function properly, it absolutely needs +

In order for the server to function properly, it absolutely needs to have two pieces of information about each virtual host: the ServerName and at least one IP address that the server will bind and respond to. The above - example does not include the IP address, so HTTPD must use DNS + example does not include the IP address, so httpd must use DNS to find the address of www.abc.dom. If for some reason DNS is not available at the time your server is parsing its config file, then this virtual host will not be configured. It won't be able to respond to any hits - to this virtual host (prior to HTTPD version 1.2 the server + to this virtual host (prior to httpd version 1.2 the server would not even boot).

Suppose that www.abc.dom has address 192.0.2.1. @@ -68,12 +68,12 @@ </VirtualHost> -

This time HTTPD needs to use reverse DNS to find the +

This time httpd needs to use reverse DNS to find the ServerName for this virtualhost. If that reverse lookup fails then it will partially disable the virtualhost. If the virtual host is name-based then it will effectively be totally disabled, but if it is IP-based then it will mostly - work. However, if HTTPD should ever have to generate a full + work. However, if httpd should ever have to generate a full URL for the server which includes the server name, then it will fail to generate a valid URL.

@@ -92,7 +92,7 @@ Denial of Service

There are (at least) two forms that denial of service - can come in. If you are running a version of HTTPD prior to + can come in. If you are running a version of httpd prior to version 1.2 then your server will not even boot if one of the two DNS lookups mentioned above fails for any of your virtual hosts. In some cases this DNS lookup may not even be under your @@ -135,7 +135,7 @@ users typed in URLs of the form http://www.abc.dom/whatever) will all be served by the def.dom virtual host. To better understand why - this happens requires a more in-depth discussion of how HTTPD + this happens requires a more in-depth discussion of how httpd matches up incoming requests with the virtual host that will serve it. A rough document describing this is available.

@@ -145,7 +145,7 @@ The "main server" Address

Name-based - virtual host support requires HTTPD to know + virtual host support requires httpd to know the IP address(es) of the host that httpd is running on. To get this address it uses either the global ServerName @@ -164,7 +164,7 @@ or maybe /etc/nsswitch.conf.

If your server doesn't have to perform DNS for any other - reason then you might be able to get away with running HTTPD + reason then you might be able to get away with running httpd with the HOSTRESORDER environment variable set to "local". This all depends on what OS and resolver libraries you are using. It also affects CGIs unless you use -- cgit v1.2.3