On Dec 10, 2008, at 12:27 PM, Lisa Kachold wrote:
> Trust is the basis for all security.
>
> The "evil" /etc/hosts file would look like this:
>
> # /etc/hosts
> 127.0.0.1 hostname localhost localhost.localdomain
>
> # end
>
> A good /etc/hosts file appears:
>
> # /etc/hosts
> 127.0.0.1 localhost localhost.localdomain
> 192.168.6.66 hostname
>
> # end
BTW, an /etc/hosts file like the first one will also mess up an Apache
SSL virtual host for hostname.
Given something like this:
<VirtualHost *:443>
ServerName hostname
</VirtualHost>
Apache will resolve 'hostname' to 127.0.0.1 when it starts up. When a
new SSL request comes in for 192.168.6.66, you've got breakage.
sudo httpd -t -D DUMP_VHOSTS
will let you see how Apache has parsed your virtual hosts, and you
would be able to see an SSL site reported as 127.0.0.1 in this
situation.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss 
(text/plain)
