This document provides longer-form configuration examples that have no simple solutions.
Provide feedback on the IBM HTTP Server forum on IBM developerWorks.
By default, IHS responds to requests with any hostname in the HTTP/1.1 Host: header. When no virtual hosts are used, the main server configuration responds to any request. When virtual hosts are used, the first-listed virtual host matching the interface and port of the underlying connection becomes the default.
To prevent this, we must either check the requested hostnames with mod_rewrite or setup "catch-all" virtual hosts that match all unrecognized hostnames.
Add the following stanza to the end of httpd.conf. If you have other RewriteRules, this recipe should precede them.
RewriteEngine ON RewriteCond %{HTTP_HOST} !=www.example.com RewriteCond %{HTTP_HOST} !=example.com ... RewriteRule .* - [F]
apachectl -S
to see a summary of all existing virtual hosts. Each address and port
combination is listed along the left side.
VirtualHost configuration: *:443 is a NameVirtualHost default server 127.0.1.1 (/opt/IHS/conf/httpd.conf:951) port 443 namevhost 127.0.1.1 (/opt/IHS/conf/httpd.conf:951) port 443 namevhost 127.0.1.1 (/opt/IHS/conf/httpd.conf:958) *:80 127.0.1.1 (/opt/IHS/conf/httpd.conf:965)
RewriteEngine ON
RewriteRule .* - [F]
NameVirtualHost
parameter before the newly duplicated VirtualHost. The argument to NameVirtualHost
should match exactly the arguments inside of <VirtualHost>.
NameVirtualHost *:80
Listen
directives in httpd.conf and make sure each address:port
combinations is covered by the apachectl -S output. If a combination is not covered,
requests for any hostname will still be handled by the base server configuration.
You must either add additional virtual hosts, or use the recipe in the preceding section for "Limiting requested hostnames without virtual hosts".
Allowing specific file types to be displayed in a generated directory index can be done by blocking access to all files and then allowing access to the desired types. In addition to allowing access to the desired types, it is necessary to allow access to both the directory itself and to whatever DirectoryIndex is set to (index.html by default and index.html.var). Access to the file specified by DirectoryIndex is necessary because mod_dir will bail if a 403 (access forbidden) is found instead of a 404 (not found) or 200 (OK). Later releases of Apache have an option "DirectoryIndex disabled" to disable the directory index instead. Unfortunately, this option is not available in IHS 8.5 and below.
# A sample configuration to allow access to only certain image files
<Directory "/path/to/directory/">
Options +Indexes
IndexOptions FancyIndexing NameWidth=*
IndexIgnore ..
# Deny all files
<Files "*">
Order allow,deny
Deny from all
</Files>
# Allow root folder
<Files ".">
Order deny,allow
Allow from all
</Files>
# Need DirectoryIndex to fail with a 404 rather than a 403.
# Later Apache releases have "DirectoryIndex disabled" to avoid
# searching altogehter.
<Files "index.html*">
Order deny,allow
Allow from all
</Files>
# Allow access to image files
<FilesMatch "\.(jpg|gif|png)$">
Order deny,allow
Allow from all
</FilesMatch>
</Directory>