Ipv6 for the content provider
owen at delong.com
Wed Jan 26 18:49:33 CST 2011
On Jan 26, 2011, at 3:13 PM, Valdis.Kletnieks at vt.edu wrote:
> On Wed, 26 Jan 2011 12:56:01 -1000, Antonio Querubin said:
>> On Wed, 26 Jan 2011, Owen DeLong wrote:
>>>> Listen a.b.c.d:80 -> Listen 80
>>>> <Virtualhost a.b.c.d:80> -> <Virtualhost *:80>
>>> That only works if you have only one address on the machine and.
>> Actually it works fine on machines with multiple IP addresses for both
>> FreeBSD and CentOS. And IPv6 enabled servers can easily have multiple
>> IPv6 addresses.
> What Owen meant was that if you expect it to answer *only* for a.b.c.d:80,
> and *not* to answer for other addresses/interfaces, you may be in for a
> surprise (consider a DMZ host where you have:
> outside world - 128.257.12.2
> inside facing - 192.168.149.149
> VirtualHost 22.214.171.124:80 # super-sekrit corporate internal site
> Changing that VirtualHost to *:80 will probably cause some grief. ;)
Exactly... That is one of MANY examples of the kind of potential
for abuse I was attempting to describe.
Admittedly, if you put your Super-sekrit corporate internal site on a
DMZ host, you arguably deserve what happens, but...
More information about the NANOG