1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
|
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>An In-Depth Discussion of Virtual Host Matching - Apache HTTP Server</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.3</p>
<img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Virtual Hosts</a></div><div id="page-content"><div id="preamble"><h1>An In-Depth Discussion of Virtual Host Matching</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/vhosts/details.html" title="English"> en </a> |
<a href="../fr/vhosts/details.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
<a href="../ko/vhosts/details.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/vhosts/details.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p>
</div>
<p>This document attempts to explain
exactly what Apache HTTP Server does when deciding what virtual host to
serve a request from.</p>
<p>Most users should read about <a href="name-based.html#namevip">
Name-based vs. IP-based Virtual Hosts</a> to decide which type they
want to use, then read more about <a href="name-based.html">name-based</a>
or <a href="ip-based.html">IP-based</a> virtualhosts, and then see
<a href="examples.html">some examples</a>.</p>
<p>If you want to understand all the details, then you can
come back to this page.</p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#configparsing">Configuration File</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#hostmatching">Virtual Host Matching</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#tips">Tips</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><a href="ip-based.html">IP-based Virtual Host Support</a></li><li><a href="name-based.html">Name-based Virtual Hosts Support</a></li><li><a href="examples.html">Virtual Host examples for common setups</a></li><li><a href="mass.html">Dynamically configured mass virtual hosting</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="configparsing" id="configparsing">Configuration File</a></h2>
<p>There is a <em>main server</em> which consists of all the
definitions appearing outside of
<code><VirtualHost></code> sections.</p>
<p>There are virtual
servers, called <em>vhosts</em>, which are defined by
<code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>
sections.</p>
<p>Each <code>VirtualHost</code> directive includes one
or more addresses and optional ports.</p>
<p>Hostnames can be used in place of IP addresses in a virtual
host definition, but they are resolved at startup and if any name
resolutions fail, those virtual host definitions are ignored.
This is, therefore, not recommended.</p>
<p>If using IP-based vhosts, the address can be specified
as <code>_default_</code>, which will match a request if no
other vhost has the explicit address on which the request was
received.</p>
<p>If using name-based vhosts, the address can be specified as
<code>*</code>, which will match a request if no
other vhost has the explicit address on which the request was
received. The corresponding <code>NameVirtualHost</code>
directive must also use <code>*</code>.</p>
<p>The address appearing in the <code>VirtualHost</code>
directive can have an optional port. If the port is unspecified,
it is treated as a wildcard port, which can also be indicated
explicitly using <code>*</code>.
The wildcard port matches any port.</p>
<p>(Port numbers specified in the <code>VirtualHost</code> directive do
not influence what port numbers Apache will listen on, they only control
which <code>VirtualHost</code> will be selected to handle a request.
Use the <code class="directive"><a href="../mod/core.html#listen">Listen</a></code> directive to
control the addresses and ports on which the server listens.)
</p>
<p>Collectively the
entire set of addresses (including multiple
results from DNS lookups) are called the vhost's
<em>address set</em>.</p>
<p>If you want Apache to discriminate on the
basis of the HTTP <code>Host</code> header supplied by the client,
the <code>NameVirtualHost</code> directive <em>must</em> appear
with the exact IP address (or wildcard) and port pair used in a
corresponding set of <code>VirtualHost</code> directives.</p>
<p>The
<code class="directive"><a href="../mod/core.html#servername">ServerName</a></code> directive
may appear anywhere within the definition of a server. However,
each appearance overrides the previous appearance (within that
server). If no <code>ServerName</code> is specified, the server
attempts to deduce it from the server's IP address.</p>
<p>Multiple <code>NameVirtualHost</code> directives can be used,
each with a set of <code>VirtualHost</code> directives, but only
one <code>NameVirtualHost</code> directive should be used for
each specific IP:port pair.</p>
<p>The first name-based vhost in the configuration file for a
given IP:port pair is significant because it is used for all
requests received on that address and port for which no other
vhost for that IP:port pair has a matching ServerName or
ServerAlias. It is also used for all SSL connections if the
server does not support <a class="glossarylink" href="../glossary.html#servernameindication" title="see glossary">Server Name Indication</a>.</p>
<p>If there are no vhosts defined for an address in a
<code>NameVirtualHost</code> directive, the
<code>NameVirtualHost</code> directive is ignored at startup and an error is
logged.</p>
<p>The ordering of <code>NameVirtualHost</code> and
<code>VirtualHost</code> directives is not important, which
makes the following two examples identical (only the order of
the <code>VirtualHost</code> directives for <em>one</em>
address set is important, see below):</p>
<table><tr>
<td><div class="example"><p><code>
NameVirtualHost 111.22.33.44<br />
<VirtualHost 111.22.33.44><br />
# server A<br />
...<br />
</VirtualHost><br />
<VirtualHost 111.22.33.44><br />
# server B<br />
...<br />
</VirtualHost><br />
<br />
NameVirtualHost 111.22.33.55<br />
<VirtualHost 111.22.33.55><br />
# server C<br />
...<br />
</VirtualHost><br />
<VirtualHost 111.22.33.55><br />
# server D<br />
...<br />
</VirtualHost>
</code></p></div></td>
<td><div class="example"><p><code>
<VirtualHost 111.22.33.44><br />
# server A<br />
</VirtualHost><br />
<VirtualHost 111.22.33.55><br />
# server C<br />
...<br />
</VirtualHost><br />
<VirtualHost 111.22.33.44><br />
# server B<br />
...<br />
</VirtualHost><br />
<VirtualHost 111.22.33.55><br />
# server D<br />
...<br />
</VirtualHost><br />
<br />
NameVirtualHost 111.22.33.44<br />
NameVirtualHost 111.22.33.55<br />
<br />
</code></p></div></td>
</tr></table>
<p>(To aid the readability of your configuration you should
prefer the left variant.)</p>
<p>For every vhost various default values are set. In
particular:</p>
<ol>
<li>If a vhost has no <code class="directive"><a href="../mod/core.html#serveradmin">ServerAdmin</a></code>,
<code class="directive"><a href="../mod/core.html#resourceconfig">ResourceConfig</a></code>,
<code class="directive"><a href="../mod/core.html#accessconfig">AccessConfig</a></code>,
<code class="directive"><a href="../mod/core.html#timeout">Timeout</a></code>,
<code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code>,
<code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code>,
<code class="directive"><a href="../mod/core.html#maxkeepaliverequests">MaxKeepAliveRequests</a></code>,
<code class="directive"><a href="../mod/core.html#receivebuffersize">ReceiveBufferSize</a></code>,
or <code class="directive"><a href="../mod/core.html#sendbuffersize">SendBufferSize</a></code>
directive then the respective value is inherited from the
main server. (That is, inherited from whatever the final
setting of that value is in the main server.)</li>
<li>The "lookup defaults" that define the default directory
permissions for a vhost are merged with those of the
main server. This includes any per-directory configuration
information for any module.</li>
<li>The per-server configs for each module from the
main server are merged into the vhost server.</li>
</ol>
<p>Essentially, the main server is treated as "defaults" or a
"base" on which to build each vhost. But the positioning of
these main server definitions in the config file is largely
irrelevant -- the entire config of the main server has been
parsed when this final merging occurs. So even if a main server
definition appears after a vhost definition it might affect the
vhost definition.</p>
<p>If the main server has no <code>ServerName</code> at this
point, then the hostname of the machine that <code class="program"><a href="../programs/httpd.html">httpd</a></code>
is running on is used instead. We will call the <em>main server address
set</em> those IP addresses returned by a DNS lookup on the
<code>ServerName</code> of the main server.</p>
<p>For any undefined <code>ServerName</code> fields, a
name-based vhost defaults to the address given first in the
<code>VirtualHost</code> statement defining the vhost.</p>
<p>Any vhost that includes the magic <code>_default_</code>
wildcard is given the same <code>ServerName</code> as the
main server.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="hostmatching" id="hostmatching">Virtual Host Matching</a></h2>
<p>The server determines which vhost to use for a request as
follows:</p>
<h3><a name="hashtable" id="hashtable">IP address lookup</a></h3>
<p>When the connection is first received on some address and port,
the server looks for all the <code>VirtualHost</code> definitions
that have the same IP address and port.</p>
<p>If there are no exact matches for the address and port, then
wildcard (<code>*</code>) matches are considered.</p>
<p>If there are still no matches, then vhosts with IP
address specified as <code>_default_</code> that match the
port are considered.</p>
<p>If no matches are found, the request is served by the
main server.</p>
<p>If there are <code>VirtualHost</code> definitions for
the IP address, the next step is to decide if we have to
deal with an IP-based or a name-based vhost.</p>
<h3><a name="ipbased" id="ipbased">IP-based vhost</a></h3>
<p>If there is no <code>NameVirtualHost</code> directive
matching the vhost, no further actions are performed and
the request is served from the first matching vhost.</p>
<h3><a name="namebased" id="namebased">Name-based vhost</a></h3>
<p>If the entry corresponds to a name-based vhost, the "list" in
the remaining steps refers to the list of vhosts that matched, in
the order they were in the configuration file.</p>
<p>If the connection is using SSL, the server supports <a class="glossarylink" href="../glossary.html#servernameindication" title="see glossary">Server Name Indication</a>, and
the SSL client handshake includes the TLS extension with the
requested hostname, then that hostname is used below just like the
<code>Host:</code> header would be used on a non-SSL connection.
Otherwise, the first name-based vhost whose address matched is
used for SSL connections. This is significant because the
vhost determines which certificate the server will use for the
connection.</p>
<p>If the request contains a <code>Host:</code> header field, the
list is searched for the first vhost with a matching
<code>ServerName</code> or <code>ServerAlias</code>, and the
request is served from that vhost. A <code>Host:</code> header
field can contain a port number, but Apache always ignores it and
matches against the real port to which the client sent the
request.</p>
<p>The first vhost in the config
file with the specified IP address has the highest priority
and catches any request to an unknown server name, or a request
without a <code>Host:</code> header field (such as a HTTP/1.0
request).</p>
<h3><a name="persistent" id="persistent">Persistent connections</a></h3>
<p>The <em>IP lookup</em> described above is only done <em>once</em> for a
particular TCP/IP session while the <em>name lookup</em> is done on
<em>every</em> request during a KeepAlive/persistent
connection. In other words, a client may request pages from
different name-based vhosts during a single persistent
connection.</p>
<h3><a name="absoluteURI" id="absoluteURI">Absolute URI</a></h3>
<p>If the URI from the request is an absolute URI, and its
hostname and port match the main server or one of the
configured virtual hosts <em>and</em> match the address and
port to which the client sent the request, then the
scheme/hostname/port prefix is stripped off and the remaining
relative URI is served by the corresponding main server or
virtual host. If it does not match, then the URI remains
untouched and the request is taken to be a proxy request.</p>
<h3><a name="observations" id="observations">Observations</a></h3>
<ul>
<li>A name-based vhost can never interfere with an IP-base
vhost and vice versa. IP-based vhosts can only be reached
through an IP address of its own address set and never
through any other address. The same applies to name-based
vhosts, they can only be reached through an IP address of the
corresponding address set which must be defined with a
<code>NameVirtualHost</code> directive.</li>
<li><code>ServerAlias</code>
checks are never performed for an IP-based vhost.</li>
<li>The order of name-/IP-based, the <code>_default_</code>
vhost and the <code>NameVirtualHost</code> directive within
the config file is not important. Only the ordering of
name-based vhosts for a specific address set is significant.
The one name-based vhosts that comes first in the
configuration file has the highest priority for its
corresponding address set.</li>
<li>Any port in the <code>Host:</code> header field is never used during the
matching process. Apache always uses the real port to which
the client sent the request.</li>
<li>If two IP-based vhosts have an address in common, the
vhost appearing first in the config file is always matched.
Such a thing might happen inadvertently. The server will give
a warning in the error logfile when it detects this.</li>
<li>A <code>_default_</code> vhost catches a request only if
there is no other vhost with a matching IP address
<em>and</em> a matching port number for the request. The
request is only caught if the port number to which the client
sent the request matches the port number of your
<code>_default_</code> vhost which is your standard
<code>Listen</code> by default. A wildcard port can be
specified (<em>i.e.</em>, <code>_default_:*</code>) to catch
requests to any available port. This also applies to
<code>NameVirtualHost *</code> vhosts. Note that this is simply an
extension of the "best match" principle, as a specific and exact match
is favored over a wildcard.</li>
<li>The main server is only used to serve a request if the IP
address and port number to which the client connected
does not match any vhost (including a
<code>_default_</code> vhost). In other words, the main server
only catches a request for an unspecified address/port
combination (unless there is a <code>_default_</code> vhost
which matches that port).</li>
<li>A <code>_default_</code> vhost or the main server is
<em>never</em> matched for a request with an unknown or
missing <code>Host:</code> header field if the client
connected to an address (and port) which is used for
name-based vhosts, <em>e.g.</em>, in a
<code>NameVirtualHost</code> directive.</li>
<li>You should never specify DNS names in
<code>VirtualHost</code> directives because it will force
your server to rely on DNS to boot. Furthermore it poses a
security threat if you do not control the DNS for all the
domains listed. There's <a href="../dns-caveats.html">more
information</a> available on this and the next two
topics.</li>
<li><code>ServerName</code> should always be set for each
vhost. Otherwise A DNS lookup is required for each
vhost.</li>
</ul>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="tips" id="tips">Tips</a></h2>
<p>In addition to the tips on the <a href="../dns-caveats.html#tips">DNS Issues</a> page, here are
some further tips:</p>
<ul>
<li>Place all main server definitions before any
<code>VirtualHost</code> definitions. (This is to aid the
readability of the configuration -- the post-config merging
process makes it non-obvious that definitions mixed in around
virtual hosts might affect all virtual hosts.)</li>
<li>Group corresponding <code>NameVirtualHost</code> and
<code>VirtualHost</code> definitions in your configuration to
ensure better readability.</li>
</ul>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/vhosts/details.html" title="English"> en </a> |
<a href="../fr/vhosts/details.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
<a href="../ko/vhosts/details.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/vhosts/details.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p>
</div><div id="footer">
<p class="apache">Copyright 2010 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>
|
