On Dec 10, 2008, at 12:27 PM, Lisa Kachold wrote:

> Trust is the basis for all security.
>
> The "evil" /etc/hosts file would look like this:
>
> # /etc/hosts
> 127.0.0.1   hostname localhost localhost.localdomain
>
> # end
>
> A good /etc/hosts file appears:
>
> # /etc/hosts
> 127.0.0.1   localhost localhost.localdomain
> 192.168.6.66   hostname
>
> # end

BTW, an /etc/hosts file like the first one will also mess up an Apache  
SSL virtual host for hostname.

Given something like this:
<VirtualHost *:443>
   ServerName hostname
</VirtualHost>

Apache will resolve 'hostname' to 127.0.0.1 when it starts up.  When a  
new SSL request comes in for 192.168.6.66, you've got breakage.

  sudo httpd -t -D DUMP_VHOSTS

will let you see how Apache has parsed your virtual hosts, and you  
would be able to see an SSL site reported as 127.0.0.1 in this  
situation.