LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 07-31-2012, 11:34 AM   #1
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 499

Rep: Reputation: 46
Apache Virtual Directives


Apache 2.4 on RHEL5
if i include a ssl.conf from inside httpd.conf which limits the ciphers allowed, but then i also have vhostXYZ.conf files which have includes that load a "vhostXYZ-ssl.conf" which uses different ssl restrictions, does the vhostXYZ-ssl.conf take precedence??

and if the vhostXYZ.conf has no include for a ssl conf does the ssl.conf loaded via httpd.conf get applied?

Last edited by Linux_Kidd; 07-31-2012 at 11:35 AM.
 
Old 07-31-2012, 12:31 PM   #2
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,044

Rep: Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952Reputation: 952
You can specify which directives can and can't be used in a VHost, and which ones take precedence.

Obviously, you want to "get your act together." Figure out one way that you want to do these things, globally across the installation, and specify them globally. (Don't let them be specified locally.) A chain is only as strong as its weakest link, and every link in the chain should be identical in design.
 
Old 07-31-2012, 01:29 PM   #3
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 499

Original Poster
Rep: Reputation: 46
Quote:
Originally Posted by sundialsvcs View Post
You can specify which directives can and can't be used in a VHost, and which ones take precedence.

Obviously, you want to "get your act together." Figure out one way that you want to do these things, globally across the installation, and specify them globally. (Don't let them be specified locally.) A chain is only as strong as its weakest link, and every link in the chain should be identical in design.
well, to act on your advice i still need my Q's to have A's, etc
 
Old 07-31-2012, 04:29 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by Linux_Kidd
Apache 2.4 on RHEL5
if i include a ssl.conf from inside httpd.conf which limits the ciphers allowed, but then i also have vhostXYZ.conf files which have includes that load a "vhostXYZ-ssl.conf" which uses different ssl restrictions, does the vhostXYZ-ssl.conf take precedence??

and if the vhostXYZ.conf has no include for a ssl conf does the ssl.conf loaded via httpd.conf get applied?
Generally speaking, "yes" and "yes".

Read through the various directives at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html. The context for many of them is server, virtualhost (meaning that it is inherited from the former context if it isn't explicitly overridden in the latter).

Note that SSLCipherSuite supports even more contexts, down to the directory and .htaccess level.
 
Old 08-01-2012, 08:29 PM   #5
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 499

Original Poster
Rep: Reputation: 46
sundial,
so my reasoing in having SSL settings in httpd.conf and in virtual directives is so httpd.conf defines the weakest suite allowed if a virtual has no ssl settings, but if a virtual site needs more restrictions above what httpd.conf has we can do that. you may ask "why do such" and the answer has to do with the content being served and who the clients are we are serving the content to. not all browsers support the strongest cipher suites, yet for some of our content we will only serve it using the strongest cipher suites.

i am not 100% on the Apache hierarchy, specifically being able to include a conf in httpd.conf, then having a virtual directive which loads settings from a virtualXYZ.conf which in and of itself can have most of the directives/settings that httpd.conf can, etc.
 
Old 08-02-2012, 11:25 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by Linux_Kidd
i am not 100% on the Apache hierarchy, specifically being able to include a conf in httpd.conf, then having a virtual directive which loads settings from a virtualXYZ.conf which in and of itself can have most of the directives/settings that httpd.conf can, etc.
You're way overpaid if you can't read what I posted. Done replying to your inane questions after two bad experiences. Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache httpd.conf directives deeneyc09 Linux - Server 1 09-07-2011 07:10 PM
Trying to work with apache <Files> directives helptonewbie Linux - Newbie 0 03-27-2009 05:33 PM
Apache 2 Global public_html directives 0.o Linux - Server 1 10-01-2008 11:18 AM
Apache 1.3 configuration directives calissal Linux - Software 0 09-08-2003 01:47 PM
Apache 1.3 Configuration Directives Found calissal Linux - General 4 09-08-2003 08:47 AM


All times are GMT -5. The time now is 11:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration