Forum Moderators: phranque
We have hosted multiple domains on the same code base on on the server(apache virtual host blocks pointing to same documentroot.) These websites are in PHP. We are using the $_SERVER['HTTP_HOST'] variable to findout out the domain name and show the corresponding content too the users. Ideally $_SERVER['HTTP_HOST'] should have the domain which user is visiting,but in few cases we are getting some other domains (domains which are not hosted on our server)in this variable.
When we checked this with hosting people they told us that this is due to how apache is self-referencing. They have suggested turning UseCanonicalName on in /etc/httpd/conf/httpd.conf.
When we turned UseCanonicalName on (on development environment because we cant take risk of making this change on production), all the sites are working fine, but we are not sure if it has resolved the issue becuae we are on able to drive similar traffic to development environment as we are getting on production (where domain name is coming different).
So I would like to following:
1. Will turning UseCanonicalName on in apache will have any other impact on the functionality (This is very important). if yes, Can i have an idea what will be the impact so that we can test that functioanlity.
2. Is there any way i can test it on development by driving traffic with different domain name to make sure issue is really resolved.
Thanks!
2. You can test it by setting up a fake domain name in local DNS (using the 'hosts' file on the client machine used for testing) and pointing that domain to the IP address of the server. Requests for that domain name will then resolve to the server locally, and carry the HTTP Host header with the fake domain name in it.
I strongly suggest using the 'hosts file' approach for testing, as any mistake if doing this using your 'real' DNS settings may cause problems if the fake domain name is subsequently registered -- You don't want to be responsible for causing someone else problems by intentionally tampering with the DNS system. I suppose you could also use a fake subdomain of your own real domain for an extra measure of safety.
Another approach is to include hostname validation in the same code that you use to force canonical redirects -- redirecting requests for "non-www" to "www" as indirectly-mentioned above. These 'bad hostname' requests you are receiving are likely successful only because your server has a unique IP address, the requestor is not using the DNS system but sending requests direct to your server's IP address, and therefore, the hostname sent with these bogus requests is irrelevant until the request actually arrives at your server (in other words, since the server is being accessed by IP address, the DNS system isn't being used for these requests).
Which brings up another issue, in that your server config could/should be used to make sure that only valid hostnames are resolved to virtual hosts, so that invalid ones resolve to the default server (the first vHost in the list) as they will due to Apache's hostname resolution rules. You might consider adding a new first vHost in the list -- one that will only be accessed if the requested hostname isn't valid (i.e. defined by a subsequent <VirtualHost> container).
Apologies for the disorganized answer... I haven't thought through this situation before in quite this way before.
Jim
