www.foobar.com works but foobar.com results in a 'Server not found' error

Posted by Homunculus Reticulli on Pro Webmasters See other posts from Pro Webmasters or by Homunculus Reticulli
Published on 2012-03-28T09:48:30Z Indexed on 2012/03/28 11:42 UTC
Read the original article Hit count: 481

Filed under:
|
|

I have just setup a minimal (hopefully secure? - comments welcome) apache website using the following configuration file:

<VirtualHost *:80>
        ServerName foobar.com
        ServerAlias www.foobar.com
        ServerAdmin [email protected]
        DocumentRoot /path/to/websites/foobar/web
        DirectoryIndex index.php

        # CustomLog with format nickname
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        CustomLog "|/usr/bin/cronolog /var/log/apache2/%Y%m.foobar.access.log" common

        LogLevel notice
        ErrorLog "|/usr/bin/cronolog /var/log/apache2/%Y%m.foobar.errors.log"

        <Directory />
                AllowOverride None
                Order Deny,Allow
                Deny from all
        </Directory>

        <Directory /path/to/websites/>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

I am able to access the website by using www.foobar.com, however when I type foobar.com, I get the error 'Server not found' - why is this?

My second question concerns the security implications of the directive:

<Directory /path/to/websites/>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
</Directory>

in the configuration above. What exactly is it doing, and is it necessary?. From my (admitedly limited) understanding of Apache configuration files, this means that anyone will be able to access (write to?) the /path/to/websites/ folder. Is my understanding correct? - and if yes, how is this not a security risk?

© Pro Webmasters or respective owner

Related posts about apache

Related posts about security