Apache Virtual Host Server Alias matching using Redirect

0
votes

Apache 2.4.6 is hosting four domains using name based Virtual Hosts. Calls to port 80 for http are redirected to port 443. Each virtual server has two ServerAlias args for the directive to redirect calls to http://domain-example.com/ or http://www.domain-example.com/ to https://domain-example.com/.

The problem is that the call to http://example2.com/ gets redirected by the default Virtual Host (first in order) https://example1.com/. Even further head scratching is that http://example2.com/somepath properly redirects to https://example2.com/somepath.

Summary of calls & results:

http://example1.com/    ==> https://example1.com/
http://www.example1.com/    ==> https://example1.com/
https://example1.com/   ==> https://example1.com/
https://www.example1.com/   ==> https://example1.com/

http://example2.com/    ==> https://example1.com/ (<== THIS ONE!)
http://www.example2.com/    ==> https://example2.com/
https://example2.com/   ==> https://example2.com/
https://www.example2.com/   ==> https://example2.com/

http://example3.us/ ==> https://example3.us/
http://www.example3.us/ ==> https://example3.us/
https://example3.us/    ==> https://example3.us/
https://www.example3.us/    ==> https://example3.us/

http://example4.com/    ==> https://example4.com/
http://www.example4.com/    ==> https://example4.com/
https://example4.com/   ==> https://example4.com/
https://www.example4.com/   ==> https://example4.com/

http://example2.com/    ==> https://example1.com/
http://example2.com/somepath    ==> https://example2.com/somepath

virtualhost.conf (firewalled ports replaced by [value])

NameVirtualHost *:80
NameVirtualHost *:443
SSLStrictSNIVHostCheck off

<VirtualHost *:80>
  Serverexample www.example1.com
  ServerAlias example1.com *.example1.com
  Redirect permanent / https://example1.com/
</VirtualHost>

<VirtualHost *:443>
  Serverexample www.example1.com
  ServerAlias example1.com *.example1.com
  ProxyRequests off
  ProxyPreserveHost on
  CustomLog "/path/to/logs/example1ssl.log" "%h %l %u %t \"%r\" %>s %b"
  ErrorLog "/path/to/logs/example1ssl_error.log"
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /path/to/certs/example1.com.crt
  SSLCertificateKeyFile /path/to/private/example1.key
  SSLCertificateChainFile /path/to/certs/ca-bundle-example1.crt
  ProxyPass / http://example1.com:[internal port 1]/
  ProxyPassReverse / http://example1.com:[internal port 1]/
</VirtualHost>

<VirtualHost *:80>
  Serverexample www.example2.com
  ServerAlias example2.com *.example2.com
  Redirect permanent / https://example2.com/
</VirtualHost>

<VirtualHost *:443>
  Serverexample www.example2.com
  ServerAlias example2.com *.example2.com
  SSLEngine on
  SSLProxyEngine on
  CustomLog "/path/to/logs/example2_ssl.log" "%h %l %u %t \"%r\" %>s %b"
  ErrorLog "/path/to/logs/example2_ssl_error.log"
  SSLCertificateFile /path/to/certs/web-01.example2.com.crt
  SSLCertificateKeyFile /path/to/private/example2.com.key
  SSLCertificateChainFile /path/to/certs/example2.com.crt
  ProxyPreserveHost On
  ProxyRequests off
  ProxyPass / http://example2.com:[internal port 3]/
  ProxyPassReverse / http://example2.com:[internal port 3]/
</VirtualHost>

<VirtualHost *:80>
  Serverexample www.example3.us
  ServerAlias example3.us *.example3.us
  Redirect permanent / https://example3.us/
</VirtualHost>

<VirtualHost *:443>
  Serverexample www.example3.us
  ServerAlias example3.us *.example3.us
  ProxyRequests off
  ProxyPreserveHost on
  CustomLog "/path/to/logs/example3ssl.log" "%h %l %u %t \"%r\" %>s %b"
  ErrorLog "/path/to/logs/example3ssl_error.log"
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /path/to/certs/example3.us.crt
  SSLCertificateKeyFile /path/to/private/example3.key
  SSLCertificateChainFile /path/to/certs/auth_bundle-example3.crt
  ProxyPass / http://example3.us:[internal port 2]/
  ProxyPassReverse / http://example3.us:[internal port 2]/
</VirtualHost>



<VirtualHost *:80>
  Serverexample www.example4.com
  ServerAlias example4.com *.example4.com
  Redirect permanent / https://example4.com/
</VirtualHost>

<VirtualHost *:443>
  Serverexample www.example4.com
  ServerAlias example4.com *.example4.com
  ProxyRequests off
  ProxyPreserveHost on
  CustomLog "/path/to/logs/example4ssl.log" "%h %l %u %t \"%r\" %>s %b"
  ErrorLog "/path/to/logs/example4ssl_error.log"
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /path/to/certs/example4.com.crt
  SSLCertificateKeyFile /path/to/private/example4.key
  SSLCertificateChainFile /path/to/certs/ca-bundle-example4.crt
  ProxyPass / http://example4.com:[internal port 4]/
  ProxyPassReverse / http://example4.com:[internal port 4]/
</VirtualHost>

From apachectl -S

VirtualHost configuration:

    *:80                   is a NameVirtualHost
             default server www.example1.com (/etc/httpd/conf.d/virtualhosts.conf:12)
             port 80 namevhost www.example1.com (/etc/httpd/conf.d/virtualhosts.conf:12)
                     alias example1.com
                     wild alias *.example1.com
             port 80 namevhost www.example2.com (/etc/httpd/conf.d/virtualhosts.conf:36)
                     alias example2.com
                     wild alias *.example2.com
             port 80 namevhost www.example3.us (/etc/httpd/conf.d/virtualhosts.conf:84)
                     alias example3.us
                     wild alias *.example3.us
             port 80 namevhost www.example4.com (/etc/httpd/conf.d/virtualhosts.conf:108)
                     alias example4.com
                     wild alias *.example4.com
    *:443                  is a NameVirtualHost
             default server www.example1.com (/etc/httpd/conf.d/virtualhosts.conf:19)
             port 443 namevhost www.example1.com (/etc/httpd/conf.d/virtualhosts.conf:19)
                     alias example1.com
                     wild alias *.example1.com
             port 443 namevhost www.example2.com (/etc/httpd/conf.d/virtualhosts.conf:43)
                     alias example2.com
                     wild alias *.example2.com
             port 443 namevhost www.example3.us (/etc/httpd/conf.d/virtualhosts.conf:90)
                     alias example3.us
                     wild alias *.example3.us
             port 443 namevhost www.example4.com (/etc/httpd/conf.d/virtualhosts.conf:114)
                     alias example4.com
                     wild alias *.example4.com

Thank you

1
apache2virtualhost
What's with "Serverexample" instead of "ServerName"? Bad obfuscation? The main cause of mystery use of the default vhost, beyond the name/alias not showing up anywhere else, is when the ServerName is omitted from the default vhost and the request matches the servers own underlying hostname. - covener
Good catch. Unintentional search & replace. You are correct. Certainly not in the actual file. - Ted Spradley

1 Answers

0
votes

This appears to be a local (not server related) Chrome browser dns cache issue. All calls result in the expected url using Safari and Firefox. Only using Chrome does the above described issue occur. I will update further if I find the cause.