Re: Ipv6 for the content provider

[Owen DeLong <owen () delong com>]

On Jan 26, 2011, at 3:13 PM, Valdis.Kletnieks () vt edu wrote:

> On Wed, 26 Jan 2011 12:56:01 -1000, Antonio Querubin said:
> > On Wed, 26 Jan 2011, Owen DeLong wrote:
> >
> > > > Listen a.b.c.d:80         ->  Listen 80
> > > > <Virtualhost a.b.c.d:80>  ->  <Virtualhost *:80>
> > > That only works if you have only one address on the machine and.
> >
> > Actually it works fine on machines with multiple IP addresses for both 
> > FreeBSD and CentOS.  And IPv6 enabled servers can easily have multiple 
> > IPv6 addresses.
>
> What Owen meant was that if you expect it to answer *only* for a.b.c.d:80,
> and *not* to answer for other addresses/interfaces, you may be in for a
> surprise (consider a DMZ host where you have:
>
> outside world -  128.257.12.2
> inside facing - 192.168.149.149
>
> VirtualHost 198.168.149.149:80 # super-sekrit corporate internal site
>
> Changing that VirtualHost to *:80 will probably cause some grief. ;)

Exactly... That is one of MANY examples of the kind of potential
for abuse I was attempting to describe.

Admittedly, if you put your Super-sekrit corporate internal site on a
DMZ host, you arguably deserve what happens, but...

Owen