Security Question

Posted on 2006-04-24
Last Modified: 2010-03-04
Hey Experts,

I have a question about security here.
Here is a little background:

I have a dedicated server with 1 dedicated IP address.
I run one website from that server

Ok. (main domain) (alias domain) (alias domain)

^ they are my domains (examples)

I have turned on VIRTUAL HOSTS in apache, and have these settings:

<VirtualHost *:80>
DocumentRoot /home/xxx/public_html
ServerName localhost
# Other directives here

<VirtualHost *:80>
DocumentRoot /home/phpmyadmin/public_html
ServerName phpmyadmin
# Other directives here

Now in the servers HOSTS file I have added: phpmyadmin

Which means if at home, I point my HOSTS file to my server IP.
If I open:
It loads my server, and it loads the phpmyadmin/public_html
(which is PHPMYADMIN of course)

All of the real domains and alias domains work great, they point to xxxx/public_html

How secure is this? (I have got different values, I don't use "phpmyadmin" etc...)
Can someone query my Apache and get a list of all my hosts/virtual hosts?
As far as I know, unless they know what the "ServerName" is - they WONT be able to load it, apache will assume Localhost.
I dont know if this is a common method for doing things...
I kind of just stumbled across it when configuring Apache and liked it, so I stuck with it.

Question by:neester
    LVL 15

    Accepted Solution

    This is what's called "security by obscurity". No, there is no way to query and get all your hosts and virtual hosts. However, consider how much time would it take for someone who knows you and possibly your servers and who finds this question of yours while googling you up to put 2 and 2 together? :))

    There is however is a much better way to secure your virtualhost - with passwords;)

    LVL 11

    Author Comment

    Yeah I have already passworded it with htpasswd etc...

    But yeah - thanks!
    I was really just wondering if apache ever gave information about the virtual hosts etc.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting ( to http…
    Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now