Bug#775176: please don't open tcp/80 by default

To: 775176@bugs.debian.org
Subject: Bug#775176: please don't open tcp/80 by default
From: Harald Dunkel <harald.dunkel@aixigo.de>
Date: Thu, 15 Jan 2015 13:53:22 +0100
Message-id: <[🔎] 54B7B842.70602@aixigo.de>
Reply-to: Harald Dunkel <harald.dunkel@aixigo.de>, 775176@bugs.debian.org

> As said before... where Apache listens on and which (whether at all) you
> have vhosts, is in principle independent from each other.
> a2en/dissite should not change the listening behaviour.

Unfortunately the VirtualHost statement defines both IP address
and port for each virtual host. They don't work without the
appropriate Listen statements, so I cannot follow your "independent
from each other".

Can you confirm that the central Listen statement breaks the
modular approach of a2ensite?

> And wrt conf.d, this is IMHO rather other misc stuff, e.g. I put in
> files there which enforces httpOnly or secure on all cookies,... or
> things like that. But it doesn't seem to make much sense to make the
> port-listening such a config snippet which one can disable or enable -
> if you "disable" the port-listening than you effectively disable the
> daemon.

Thats my point: I want to disable apache2 for port 80/tcp without
the risk of loosing this setting on the next package upgrade.

This could be implemented by splitting ports.conf into 2 parts
conf-available/{port80.conf,port443.conf} and to create the symlinks
in conf-enabled (to keep Debian's default). Just a suggestion, of
course.


Regards
Harri

Reply to:

Follow-Ups:
- Bug#775176: please don't open tcp/80 by default
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#775176: please don't open tcp/80 by default
Next by Date: Bug#775176: please don't open tcp/80 by default
Previous by thread: Bug#775176: please don't open tcp/80 by default
Next by thread: Bug#775176: please don't open tcp/80 by default
Index(es):
- Date
- Thread