This document attempts to explain exactly what Apache HTTP Server does when deciding what virtual host to serve a request from.
Most users should read about Name-based vs. IP-based Virtual Hosts to decide which type they want to use, then read more about name-based or IP-based virtualhosts, and then see some examples.
If you want to understand all the details, then you can come back to this page.
There is a main server which consists of all the
definitions appearing outside of
<VirtualHost>
sections.
There are virtual
servers, called vhosts, which are defined by
Each VirtualHost
directive includes one
or more addresses and optional ports.
Hostnames can be used in place of IP addresses in a virtual host definition, but they are resolved at startup and if any name resolutions fail, those virtual host definitions are ignored. This is, therefore, not recommended.
The address can be specified as
*
, which will match a request if no
other vhost has the explicit address on which the request was
received.
The address appearing in the VirtualHost
directive can have an optional port. If the port is unspecified,
it is treated as a wildcard port, which can also be indicated
explicitly using *
.
The wildcard port matches any port.
(Port numbers specified in the VirtualHost
directive do
not influence what port numbers Apache will listen on, they only control
which VirtualHost
will be selected to handle a request.
Use the
Collectively the entire set of addresses (including multiple results from DNS lookups) are called the vhost's address set.
Apache automatically discriminates on the
basis of the HTTP Host
header supplied by the client
whenever the most specific match for an IP address and port combination
is listed in multiple virtual hosts.
The
ServerName
is specified, the server
attempts to deduce it from the server's IP address.
The first name-based vhost in the configuration file for a
given IP:port pair is significant because it is used for all
requests received on that address and port for which no other
vhost for that IP:port pair has a matching ServerName or
ServerAlias. It is also used for all SSL connections if the
server does not support
The complete list of names in the VirtualHost
directive are treated just like a (non wildcard) ServerAlias
(but are not overridden by any ServerAlias
statement).
For every vhost various default values are set. In particular:
Essentially, the main server is treated as "defaults" or a "base" on which to build each vhost. But the positioning of these main server definitions in the config file is largely irrelevant -- the entire config of the main server has been parsed when this final merging occurs. So even if a main server definition appears after a vhost definition it might affect the vhost definition.
If the main server has no ServerName
at this
point, then the hostname of the machine that ServerName
of the main server.
For any undefined ServerName
fields, a
name-based vhost defaults to the address given first in the
VirtualHost
statement defining the vhost.
Any vhost that includes the magic _default_
wildcard is given the same ServerName
as the
main server.
The server determines which vhost to use for a request as follows:
When the connection is first received on some address and port,
the server looks for all the VirtualHost
definitions
that have the same IP address and port.
If there are no exact matches for the address and port, then
wildcard (*
) matches are considered.
If no matches are found, the request is served by the main server.
If there are VirtualHost
definitions for
the IP address, the next step is to decide if we have to
deal with an IP-based or a name-based vhost.
If there is exactly one VirtualHost
directive
listing the IP address and port combination that was determined
to be the best match, no further actions are performed and
the request is served from the matching vhost.
If there are multiple VirtualHost
directives listing
the IP address and port combination that was determined to be the
best match, the "list" in the remaining steps refers to the list of vhosts
that matched, in the order they were in the configuration file.
If the connection is using SSL, the server supports Host:
header would be used on a non-SSL connection.
Otherwise, the first name-based vhost whose address matched is
used for SSL connections. This is significant because the
vhost determines which certificate the server will use for the
connection.
If the request contains a Host:
header field, the
list is searched for the first vhost with a matching
ServerName
or ServerAlias
, and the
request is served from that vhost. A Host:
header
field can contain a port number, but Apache always ignores it and
matches against the real port to which the client sent the
request.
The first vhost in the config
file with the specified IP address has the highest priority
and catches any request to an unknown server name, or a request
without a Host:
header field (such as a HTTP/1.0
request).
The IP lookup described above is only done once for a particular TCP/IP session while the name lookup is done on every request during a KeepAlive/persistent connection. In other words, a client may request pages from different name-based vhosts during a single persistent connection.
If the URI from the request is an absolute URI, and its hostname and port match the main server or one of the configured virtual hosts and match the address and port to which the client sent the request, then the scheme/hostname/port prefix is stripped off and the remaining relative URI is served by the corresponding main server or virtual host. If it does not match, then the URI remains untouched and the request is taken to be a proxy request.
ServerName
and ServerAlias
checks are never performed for an IP-based vhost.Host:
header field is never used during the
matching process. Apache always uses the real port to which
the client sent the request.*
vhost). In other words, the main server
only catches a request for an unspecified address/port
combination (unless there is a _default_
vhost
which matches that port).VirtualHost
directives because it will force
your server to rely on DNS to boot. Furthermore it poses a
security threat if you do not control the DNS for all the
domains listed. There's more
information available on this and the next two
topics.ServerName
should always be set for each
vhost. Otherwise a DNS lookup is required for each
vhost.In addition to the tips on the DNS Issues page, here are some further tips:
VirtualHost
definitions. (This is to aid the
readability of the configuration -- the post-config merging
process makes it non-obvious that definitions mixed in around
virtual hosts might affect all virtual hosts.)