Were looking to get temporary addresses set up such as accountname.domain.tld for people waiting for DNS changes to take effect. Yes I could make a quick change to the Apache configs to do this, but will the changes be nuked? Where can I safely make changes (for any InterWorx controld service) if I don’t want them to get nuked during upgrades and such.
I’d edit the /etc/httpd/conf.d/domain.conf files directly CMI, they won’t get nuked on upgrades (we try to not nuke any file that a user could edit as a general rule). Almost any file in /home/interworx is ours to nuke (beyond a few files like iworx.ini etc) so as long as you don’t touch those files you should be fine :).
Do you have a slicker way of doing this? Its going to be a pain to edit that file each time by hand.
I was thinking of UserDir and AliasMatch, but both present problems. Usint VirtualDocumentRoot makes for some long URLs, but the work. The problem is the domain under which it is used doesn’t work without much trickery (which I haven’t pulled off yet).
Actually, a ‘pointer domain’ created in siteworx should do the trick. I noticed some weirdness in the pointer domain interface that we’re going to address (I think it prepends www. to whatever you input), but give it a shot. If it does prepend you can just edit the .conf file (which sucks I know) for now until we get a fix.
I tried adding a pointer domain to the new account as well as the “main” account just to test that. Neither worked for me. (And I didn’t see www. prepended in the pointer domain list after I added it).
Of course, this does present a possible problem. If I have domain1.tld and domain2.tld on the same box, and domain2.tld adds a pointer domain such as pointer.domain1.tld, wouldn’t this screw with domain1.tld? It would be a fairly good fake since the imposter would have the same IP address as the target.
I tried adding a pointer domain to the new account as well as the “main” account just to test that. Neither worked for me. (And I didn’t see www. prepended in the pointer domain list after I added it).
This is part of the bug, I believe in teh .conf file there is a www prepended.
Of course, this does present a possible problem. If I have domain1.tld and domain2.tld on the same box, and domain2.tld adds a pointer domain such as pointer.domain1.tld, wouldn’t this screw with domain1.tld? It would be a fairly good fake since the imposter would have the same IP address as the target.
The short answer is yes, this could be bad. It comes down to the order in which the .conf files in /etc/httpd/conf.d are parsed by apache as to which site would be seen. Longer term we’ll probably add checks for this after I think about it a bit more, but in the short term it’s not really a problem because domain1.tld has to know domain2.tld exists, and is on the same server (or vice versa).
You’re right, but it’s even easier to do much worse things :). Snooping DB passwords, member area passowords, hacking boards/sites/galleries based on this info. Don’t get me wrong, I agree CMI, checks need to be added in, but remember that shared server = insecure neighborhood :(.