Bug#172597: marked as done (apache: UseCanonicalName has troublesome default value)
Your message dated Thu, 14 Aug 2003 08:47:19 -0400
with message-id <E19nHVf-0005nq-00@auric.debian.org>
and subject line Bug#172597: fixed in apache 1.3.27.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Dec 2002 04:34:08 +0000
>From toomim@cory.eecs.berkeley.edu Tue Dec 10 22:34:07 2002
Return-path: <toomim@cory.eecs.berkeley.edu>
Received: from front1.mail.megapathdsl.net [66.80.60.31]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18LyZT-0000Mu-00; Tue, 10 Dec 2002 22:34:07 -0600
Received: from [216.36.77.18] (HELO cheeseskin)
by front1.mail.megapathdsl.net (CommuniGate Pro SMTP 3.5.8)
with ESMTP id 53736005 for submit@bugs.debian.org; Tue, 10 Dec 2002 20:33:11 -0800
Received: from toomim by cheeseskin with local (Exim 3.36 #1 (Debian))
id 18LyaO-0004a2-00; Tue, 10 Dec 2002 20:35:04 -0800
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Michael Toomim <toomim@cory.eecs.berkeley.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache: UseCanonicalName has troublesome default value
X-Mailer: reportbug 2.9
Date: Tue, 10 Dec 2002 20:35:04 -0800
Message-Id: <E18LyaO-0004a2-00@cheeseskin>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=1.7 required=5.0
tests=NORMAL_HTTP_TO_IP,SPAM_PHRASE_02_03
version=2.41
X-Spam-Level: *
Package: apache
Version: 1.3.26-1.1
Severity: normal
I think UseCanonicalName should default to Off instead of On. Here's
why:
The default configuration causes problems for basic webserver usage.
Unless your server has a valid fully-qualified name (ie., has a public
ip and is part of an organization with a name server that assigned it
a name such that all clients can reach the server via that DNS name),
apache is completely useless out of the box -- you can't connect to a
debian apache server from any other computer, because the server will
always redirect your request to 127.0.0.1.
So, say I have a couple of computers (A, and B) on a local network. I
want to serve some files from computer A to computer B. So I put the
files into ~foobar/public_html on computer A, and look up
http://192.168.1.30/~foobar/files on computer B. But computer A tries
to reform the URL to a "canonical name", and immediately redirects the
client's request to http://127.0.0.1/~foobar/files -- which obviously
doesn't work. This is really bad behavior -- apache is completely
useless as a web server if it always redirects client requests to
127.0.0.1!
It takes a lot of work reading documentation in order for a user to
figure out that the problem is that UseCanonicalName is set to "On",
and needs to be "Off". This option might be (dubiously) beneficial if
you are running a commercial server and want your client's URLS to be
automatically changed to some canonical name that you've created for
your server, but the benefit is insignificant at best, and completely
incapacitates 80% of the servers that either don't have a static,
public IP and global DNS entry or aren't always accessed by the same
mechanism. Furthermore, there are often cases where a server DOES
have a fully-qualified name, but where the admin doesn't want people
to access the computer by that name. An admin might set up a specific
DNS entry (like "www") for a server, but /etc/hosts might call the
server death.carnage.company.com. UseCanonicalName would redirect all
requests from www.company.com to death.carnage.company.com. Thus, the
tradeoff involved with UseCanonicalName is between a dubious and
fragile improvement in the aesthetics of the server's web URL, and a
web server that can perform its basic function -- to serve documents.
There are many more examples of cases where UseCanonicalName causes
the server to fail. For example, you can't connect to a server behind
a firewall through a port-redirecting ssh tunnel, because the server
will redirect the working ip+port used to access it to some useless
address that's only visible from behind the firewall (at best). In
general, I think that it really is the strict minority of apache
installations that have it such that the computer's fully-qualified
name (as specified in /etc/hosts) is a better address than the one the
client used in order to reach the computer in the first place.
This is particularly true because UseCanonicalName will try to use a
fully-qualified name even if it's unable to find one! If you don't
specify a full-qualified name in /etc/hosts (maybe you have a line
like the common "127.0.0.1 localhost" or "127.0.0.1 thisahostname"
without a third parameter), apache will STILL try to convert URL's to
a fully-qualified host name! There's no way that 127.0.0.1 can be
visible beyond the local machine, so there's no reason that apache
should attempt to use it.
In any case, it doesn't make sense to have UseCanonicalName default to
On. If a client tries to connect to a server via the URL
http://XXX.YYY.ZZZ:WWWW/~foo/bar, the *default* should be to use that
URL! An admin should have to take an extra step if he/she wants the
server to redirect all requests to something he considers prettier.
This option breaks most apache installations with the current default.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cheeseskin 2.4.18-k7 #1 Sun Apr 14 13:19:11 EST 2002 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages apache depends on:
ii apache-common 1.3.26-1.1 Support files for all Apache webse
ii dpkg 1.10.9 Package maintenance system for Deb
ii libc6 2.3.1-5 GNU C Library: Shared libraries an
ii libdb2 2:2.7.7.0-8 The Berkeley database routines (ru
ii libexpat1 1.95.2-9 XML parsing C library - runtime li
ii logrotate 3.6.5-2 Log rotation utility
ii mime-support 3.20-1 MIME files 'mime.types' & 'mailcap
ii perl [perl5] 5.8.0-14 Larry Wall's Practical Extraction
-- no debconf information
---------------------------------------
Received: (at 172597-close) by bugs.debian.org; 14 Aug 2003 12:53:17 +0000
>From katie@auric.debian.org Thu Aug 14 07:53:17 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19nHbQ-0004Og-00; Thu, 14 Aug 2003 07:53:16 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
id 19nHVf-0005nq-00; Thu, 14 Aug 2003 08:47:19 -0400
From: fabbione@fabbione.net (Fabio M. Di Nitto)
To: 172597-close@bugs.debian.org
X-Katie: $Revision: 1.35 $
Subject: Bug#172597: fixed in apache 1.3.27.1-1
Message-Id: <E19nHVf-0005nq-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Thu, 14 Aug 2003 08:47:19 -0400
Delivered-To: 172597-close@bugs.debian.org
We believe that the bug you reported is fixed in the latest version of
apache, which is due to be installed in the Debian FTP archive:
apache-common_1.3.27.1-1_m68k.deb
to pool/main/a/apache/apache-common_1.3.27.1-1_m68k.deb
apache-dev_1.3.27.1-1_m68k.deb
to pool/main/a/apache/apache-dev_1.3.27.1-1_m68k.deb
apache-doc_1.3.27.1-1_all.deb
to pool/main/a/apache/apache-doc_1.3.27.1-1_all.deb
apache-perl_1.3.27.1-1_m68k.deb
to pool/main/a/apache/apache-perl_1.3.27.1-1_m68k.deb
apache-ssl_1.3.27.1-1_m68k.deb
to pool/main/a/apache/apache-ssl_1.3.27.1-1_m68k.deb
apache_1.3.27.1-1.diff.gz
to pool/main/a/apache/apache_1.3.27.1-1.diff.gz
apache_1.3.27.1-1.dsc
to pool/main/a/apache/apache_1.3.27.1-1.dsc
apache_1.3.27.1-1_m68k.deb
to pool/main/a/apache/apache_1.3.27.1-1_m68k.deb
apache_1.3.27.1.orig.tar.gz
to pool/main/a/apache/apache_1.3.27.1.orig.tar.gz
libapache-mod-perl_1.27-5_m68k.deb
to pool/main/a/apache/libapache-mod-perl_1.27-5_m68k.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 172597@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabio M. Di Nitto <fabbione@fabbione.net> (supplier of updated apache package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 13 Aug 2003 18:05:38 +0200
Source: apache
Binary: apache-dev apache apache-common apache-doc apache-perl libapache-mod-perl apache-ssl
Architecture: source m68k all
Version: 1.3.27.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Fabio M. Di Nitto <fabbione@fabbione.net>
Description:
apache - Versatile, high-performance HTTP server
apache-common - Support files for all Apache webservers
apache-dev - Apache webserver development kit
apache-doc - Apache webserver docs
apache-perl - Versatile, high-performance HTTP server with Perl support
apache-ssl - Versatile, high-performance HTTP server with SSL support
libapache-mod-perl - Integration of perl with the Apache web server
Closes: 31592 32429 57316 63202 96859 114472 126632 132296 136260 139848 142213 142737 143806 144457 150853 151384 153104 165573 169104 170732 170759 172597 172883 187867 194334 199001 199059 199355 199964 200698 201087 201545 202812 202929 203095 203715 204016
Changes:
apache (1.3.27.1-1) unstable; urgency=low
.
* The "Yes, we know there is a new upstream release" upload.
* (Fabio M. Di Nitto)
- Applied patch to fix libperl debug path (Closes: #203715)
- Switched templates to use po-debconf (Closes: #187867)
Thanks to all the translators that have been so fast and responsive!
- Added ServerTokens directive in the default config (Closes: #170732)
- Nullified output of /etc/init.d/apache-ssl (Closes: #153104)
- Added --norestart option to apacheconfig* (Closes: #126632)
- Moved examples to apache-common
- New Standard-Version: 3.6.0
- lintian cleanup (only 2 overrides left)
- We now link against libpthread (Closes: #199001, #203095)
- Fixed the documentation hell (Closes: #144457, #139848, #143806)
- More strict dependencies against apache-common
(Closes: #199355, #199964, #202812, #202929, #204016)
- Updated contrib tarball
- Fixed apachessl.postinst (Closes: #199059)
- libapache-mod-perl is now shipped with apache to be able to build
all the apache-* packages in sync
- apache-perl merge: now it will be built in sync with apache
(Closes: #142737)
- libapache-mod-perl now suggests apache-dev (Closes: #96859)
- apache-perl now uses logrotate.d
- apache-perl is now a standalone package
- apache-perl-ctl shipped as a symlink to apache-perlctl
to maintain a coherent name scheme
- Fixed init scripts for apache, apache-ssl and apache-perl
(Closes: #201545)
- apache-ssl source is shipped in a proper and sane way
* (Tollef Fog Heen)
- Bump email_max in apache-ssl.ssleay.cnf to 255 (Closes: #150853)
- Only remove the old conffiles in /etc/apache and /etc/cron.d if
they are unchanged. (Closes: #194334, #169104)
- Start debhelperizing a little, includes using debhelper for the
restart stuff, so close the bugs related to apache not restarting
properly. (Closes: #136260, #172883, #142213)
- Run apachectl configtest before restarting. (Closes: #114472, #63202)
- s/Handlers/Handles/ in 500mod_roaming.info (Closes: #165573)
- Uncrackify proxy_ftp.c (Closes: #57316)
* (Thom May)
- Set LockFile for Apache-SSL so it doesn't conflict with Apache's
(Closes: #170759)
- Fix segfault on ia64 (Thanks to dann frazier <dannf@hp.com>)
(Closes: #200698)
- Make logrotate rotate log files with 644 permissions. (Closes: #132296)
- Add notes to Readme.Debian regarding to the change of rotation perms,
and also about how to make mod_auth_system work right. (Closes: #32429)
- Add SymLinksIfOwnerMatch for cgi-bin (Closes: #201087)
- Fixup apxs to detect how it's called and modify the correct config
(Closes: #31592)
- Fix up apache to respect a SHOULD in 2616 (Closes: #151384)
- Turn off UseCanonicalName - it's a fairly advanced option and most
users will not need it, or will only need it for certain VirtualHosts at
worse. (Closes: #172597)
Files:
2f49dfb8efe2341fd6992e9d0841a5d6 990 web optional apache_1.3.27.1-1.dsc
6ed3ad678b6b9518d24178eec1a78894 2990444 web optional apache_1.3.27.1.orig.tar.gz
d4a75af740b3ac30799e8baf280a98f6 407621 web optional apache_1.3.27.1-1.diff.gz
522de38abea8310c6477dde913b6f449 1040462 doc optional apache-doc_1.3.27.1-1_all.deb
6e04a163b8e5684ee90a645aca9df275 344114 web optional apache_1.3.27.1-1_m68k.deb
496ee971c40d1b11f2317dd425b8ef21 390548 web optional apache-ssl_1.3.27.1-1_m68k.deb
8d819c7b29457b68666f843b84427e52 400390 web extra apache-perl_1.3.27.1-1_m68k.deb
f15c37f2cdb8b3536d297079428962da 1595820 devel extra apache-dev_1.3.27.1-1_m68k.deb
dfda14a7f1925527b59fbe893d5685af 820036 web optional apache-common_1.3.27.1-1_m68k.deb
20e3e5fda759b20936fc85f17a97dd32 468162 web optional libapache-mod-perl_1.27-5_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/O316hCzbekR3nhgRAsfkAJwPaxdy+EU5Q3n+TmkFBbcjJfRFfwCdHMx4
53G7nMTmsadR6FM8jAF3q88=
=cafO
-----END PGP SIGNATURE-----
Reply to: