Apache HTTP Server Version 2.4
This document attempts to explain exactly what Apache HTTP Server does when deciding what virtual host to serve a request from.
Most users should read about Name-based vs. IP-based Virtual Hosts to decide which type they want to use, then read more about name-based or IP-based virtualhosts, and then see some examples.
If you want to understand all the details, then you can come back to this page.
There is a main server which consists of all the
definitions appearing outside of
There are virtual
servers, called vhosts, which are defined by
VirtualHost directive includes one
or more addresses and optional ports.
Hostnames can be used in place of IP addresses in a virtual host definition, but they are resolved at startup and if any name resolutions fail, those virtual host definitions are ignored. This is, therefore, not recommended.
The address can be specified as
*, which will match a request if no
other vhost has the explicit address on which the request was
The address appearing in the
directive can have an optional port. If the port is unspecified,
it is treated as a wildcard port, which can also be indicated
The wildcard port matches any port.
(Port numbers specified in the
VirtualHost directive do
not influence what port numbers Apache will listen on, they only control
VirtualHost will be selected to handle a request.
Listen directive to
control the addresses and ports on which the server listens.)
Collectively the entire set of addresses (including multiple results from DNS lookups) are called the vhost's address set.
Apache automatically discriminates on the
basis of the HTTP
Host header supplied by the client
whenever the most specific match for an IP address and port combination
is listed in multiple virtual hosts.
may appear anywhere within the definition of a server. However,
each appearance overrides the previous appearance (within that
server). If no
ServerName is specified, the server
attempts to deduce it from the server's IP address.
The first name-based vhost in the configuration file for a given IP:port pair is significant because it is used for all requests received on that address and port for which no other vhost for that IP:port pair has a matching ServerName or ServerAlias. It is also used for all SSL connections if the server does not support Server Name Indication.
The complete list of names in the
directive are treated just like a (non wildcard)
(but are not overridden by any
For every vhost various default values are set. In particular:
SendBufferSizedirective then the respective value is inherited from the main server. (That is, inherited from whatever the final setting of that value is in the main server.)
Essentially, the main server is treated as "defaults" or a "base" on which to build each vhost. But the positioning of these main server definitions in the config file is largely irrelevant -- the entire config of the main server has been parsed when this final merging occurs. So even if a main server definition appears after a vhost definition it might affect the vhost definition.
If the main server has no
ServerName at this
point, then the hostname of the machine that
is running on is used instead. We will call the main server address
set those IP addresses returned by a DNS lookup on the
ServerName of the main server.
For any undefined
ServerName fields, a
name-based vhost defaults to the address given first in the
VirtualHost statement defining the vhost.
Any vhost that includes the magic
wildcard is given the same
ServerName as the
The server determines which vhost to use for a request as follows:
When the connection is first received on some address and port,
the server looks for all the
that have the same IP address and port.
If there are no exact matches for the address and port, then
*) matches are considered.
If no matches are found, the request is served by the main server.
If there are
VirtualHost definitions for
the IP address, the next step is to decide if we have to
deal with an IP-based or a name-based vhost.
If there is exactly one
listing the IP address and port combination that was determined
to be the best match, no further actions are performed and
the request is served from the matching vhost.
If there are multiple
VirtualHost directives listing
the IP address and port combination that was determined to be the
best match, the "list" in the remaining steps refers to the list of vhosts
that matched, in the order they were in the configuration file.
If the connection is using SSL, the server supports Server Name Indication, and
the SSL client handshake includes the TLS extension with the
requested hostname, then that hostname is used below just like the
Host: header would be used on a non-SSL connection.
Otherwise, the first name-based vhost whose address matched is
used for SSL connections. This is significant because the
vhost determines which certificate the server will use for the
If the request contains a
Host: header field, the
list is searched for the first vhost with a matching
ServerAlias, and the
request is served from that vhost. A
field can contain a port number, but Apache always ignores it and
matches against the real port to which the client sent the
The first vhost in the config
file with the specified IP address has the highest priority
and catches any request to an unknown server name, or a request
Host: header field (such as a HTTP/1.0
The IP lookup described above is only done once for a particular TCP/IP session while the name lookup is done on every request during a KeepAlive/persistent connection. In other words, a client may request pages from different name-based vhosts during a single persistent connection.
If the URI from the request is an absolute URI, and its hostname and port match the main server or one of the configured virtual hosts and match the address and port to which the client sent the request, then the scheme/hostname/port prefix is stripped off and the remaining relative URI is served by the corresponding main server or virtual host. If it does not match, then the URI remains untouched and the request is taken to be a proxy request.
ServerAliaschecks are never performed for an IP-based vhost.
Host:header field is never used during the matching process. Apache always uses the real port to which the client sent the request.
*vhost). In other words, the main server only catches a request for an unspecified address/port combination (unless there is a
_default_vhost which matches that port).
VirtualHostdirectives because it will force your server to rely on DNS to boot. Furthermore it poses a security threat if you do not control the DNS for all the domains listed. There's more information available on this and the next two topics.
ServerNameshould always be set for each vhost. Otherwise a DNS lookup is required for each vhost.
In addition to the tips on the DNS Issues page, here are some further tips:
VirtualHostdefinitions. (This is to aid the readability of the configuration -- the post-config merging process makes it non-obvious that definitions mixed in around virtual hosts might affect all virtual hosts.)