diff options
author | Rich Bowen <rbowen@apache.org> | 2010-03-14 02:19:17 +0100 |
---|---|---|
committer | Rich Bowen <rbowen@apache.org> | 2010-03-14 02:19:17 +0100 |
commit | 82f39b4808010f98e3cbbcf8c3ace5eb4e8bf32f (patch) | |
tree | 6ca5677d458802e138c7ddb61a334fd45ba5d81f /docs/manual/dns-caveats.xml | |
parent | Rebuild transformations. (diff) | |
download | apache2-82f39b4808010f98e3cbbcf8c3ace5eb4e8bf32f.tar.xz apache2-82f39b4808010f98e3cbbcf8c3ace5eb4e8bf32f.zip |
Apache -> Apache HTTPD or HTTPD.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@922709 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | docs/manual/dns-caveats.xml | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/docs/manual/dns-caveats.xml b/docs/manual/dns-caveats.xml index 41aea7fa3e..7250ba10d4 100644 --- a/docs/manual/dns-caveats.xml +++ b/docs/manual/dns-caveats.xml @@ -22,12 +22,12 @@ <manualpage metafile="dns-caveats.xml.meta"> - <title>Issues Regarding DNS and Apache</title> + <title>Issues Regarding DNS and Apache HTTPD</title> <summary> <p>This page could be summarized with the statement: don't - configure Apache in such a way that it relies on DNS resolution - for parsing of the configuration files. If Apache requires DNS + configure Apache HTTPD in such a way that it relies on DNS resolution + for parsing of the configuration files. If HTTPD requires DNS resolution to parse the configuration files then your server may be subject to reliability problems (ie. it might not boot), or denial and theft of service attacks (including users able @@ -45,16 +45,16 @@ </VirtualHost> </example> - <p>In order for Apache to function properly, it absolutely needs + <p>In order for HTTPD to function properly, it absolutely needs to have two pieces of information about each virtual host: the <directive module="core">ServerName</directive> and at least one IP address that the server will bind and respond to. The above - example does not include the IP address, so Apache must use DNS + example does not include the IP address, so HTTPD must use DNS to find the address of <code>www.abc.dom</code>. If for some reason DNS is not available at the time your server is parsing its config file, then this virtual host <strong>will not be configured</strong>. It won't be able to respond to any hits - to this virtual host (prior to Apache version 1.2 the server + to this virtual host (prior to HTTPD version 1.2 the server would not even boot).</p> <p>Suppose that <code>www.abc.dom</code> has address 192.0.2.1. @@ -68,13 +68,12 @@ </VirtualHost> </example> - <p>This time Apache needs to use reverse DNS to find the + <p>This time HTTPD needs to use reverse DNS to find the <code>ServerName</code> for this virtualhost. If that reverse - lookup fails then it will partially disable the virtualhost - (prior to Apache version 1.2 the server would not even boot). + lookup fails then it will partially disable the virtualhost. If the virtual host is name-based then it will effectively be totally disabled, but if it is IP-based then it will mostly - work. However, if Apache should ever have to generate a full + work. However, if HTTPD should ever have to generate a full URL for the server which includes the server name, then it will fail to generate a valid URL.</p> @@ -93,7 +92,7 @@ <title>Denial of Service</title> <p>There are (at least) two forms that denial of service - can come in. If you are running a version of Apache prior to + can come in. If you are running a version of HTTPD prior to version 1.2 then your server will not even boot if one of the two DNS lookups mentioned above fails for any of your virtual hosts. In some cases this DNS lookup may not even be under your @@ -136,7 +135,7 @@ users typed in URLs of the form <code>http://www.abc.dom/whatever</code>) will all be served by the <code>def.dom</code> virtual host. To better understand why - this happens requires a more in-depth discussion of how Apache + this happens requires a more in-depth discussion of how HTTPD matches up incoming requests with the virtual host that will serve it. A rough document describing this <a href="vhosts/details.html">is available</a>.</p> @@ -145,8 +144,8 @@ <section id="main"> <title>The "main server" Address</title> - <p>The addition of <a href="vhosts/name-based.html">name-based - virtual host support</a> in Apache 1.1 requires Apache to know + <p><a href="vhosts/name-based.html">Name-based + virtual host support</a> requires HTTPD to know the IP address(es) of the host that <program>httpd</program> is running on. To get this address it uses either the global <directive module="core">ServerName</directive> @@ -165,7 +164,7 @@ or maybe <code>/etc/nsswitch.conf</code>.</p> <p>If your server doesn't have to perform DNS for any other - reason then you might be able to get away with running Apache + reason then you might be able to get away with running HTTPD with the <code>HOSTRESORDER</code> environment variable set to "local". This all depends on what OS and resolver libraries you are using. It also affects CGIs unless you use @@ -200,9 +199,9 @@ <section id="appendix"> <title>Appendix: Future Directions</title> - <p>The situation regarding DNS is highly undesirable. For - Apache 1.2 we've attempted to make the server at least continue - booting in the event of failed DNS, but it might not be the + <p>The situation regarding DNS is highly undesirable. Although + we've attempted to make the server at least continue + booting in the event of failed DNS, it might not be the best we can do. In any event, requiring the use of explicit IP addresses in configuration files is highly undesirable in today's Internet where renumbering is a necessity.</p> |