Re: https vhosts
> Am 24.05.2018 um 14:22 schrieb Yann Ylavic <ylavic.dev@xxxxxxxxx>:
> On Thu, May 24, 2018 at 2:09 PM, Eric Covener <covener@xxxxxxxxx> wrote:
>> Thinking about base server and how scanners report it the "vulnerability"...
> The one or the other is probably a better name than UseDefaultVHost,
> it allows to specify it by vhost (really meaningful on base servers
> though) OR globally to avoid using fake base servers in the whole
> configuration (when relevant).
> Looks good to me.
Like it. For simplicity, I think it should only be global.
Using it in the first vhost has the same effect. Using it
in a subsequent vhost will have no effect. Does not really make sense, or?
RejectUnknownHosts [ on | off ] (Default: off)
as core directive.
For mod_ssl, it would be good to move its "ssl_find_vhost()" partially
into the core. We could add a method
AP_DECLARE(server_rec *) ap_vhost_find_server(conn_rec *c, const char *hostname);
that returns the match, the base or NULL if rejected. That would remove
parts of the vhost matching implementation in mod_ssl and we would not
need to expose the core config.