Slashdot Mirror

← Back to Stories (view on slashdot.org)

ARIN: No More IP's For IP-Based Virtual Hosts

Posted by ryuzaki0 on from the I-will-call-mine-eclaire dept.

Mike writes: "ARIN (the guys who hand out IP addresses) has a policy change where they will no longer allocate IP addresses for IP-based virtual hosting. They are expecting everyone to move to name-based hosting now. ARIN is solicting comments to their public policy mailing list: ppml@arin.net. What do you guys think? Is name based virtual hosting ready for prime time?"

3 of 249 comments (clear)

  1. Yes and no. by Skorpion · · Score: 5
    For normal (http) virtual web sites, hostname based virtuality is OK. But it isn't OK for https (SSL secured) web servers. A web server certificate is issued for name and IP and you can't have two of those on one IP.

    I think moving to name-based virtual servers is a good idea in general, but the https problem needs to be resolved first.

    Alex

  2. No, because of SSL by kinkie · · Score: 5

    Secure sites can't move to name-based virtual hosting, as site and key selection takes place before a single HTTP header line is sent.
    In other words, a secure site requires an unique IP address.
    So as a general policy it's pretty dumb, unless exceptions are made for secure sites, and from the announcement it doesn't seem so.

    --
    /kinkie
  3. Re:Does this work with old clients? by Ed+Random · · Score: 5

    In the HTTP/1.0 spec, sending a "Host:" header with your GET request was optional. In HTTP/1.1, it became mandatory.

    This means that all requests from your browser to websites will look something like this:

    GET /index.html HTTP/1.1
    Host: mydomain.dom
    <nl>

    This is kind of similar to using a proxy; you need to tell your browser to use a proxy. The browser will then send 'absolute URLs' instead of 'relative URLs' as in my example above. That way, the proxy knows which server you are really trying to reach.

    I think that name-based virtual hosting is a great thing (I run 3 domains off my single IP).

    Unfortunately, I can only run 1 SSL-capable secure website on that same IP address since the SSL handshake needs to complete before the request is interpreted at the HTTP level.

    And I have another issue: I want to run a "reverse proxy" (multiple physical webservers, possibly running different OS's) with name-based virtual hosting. I haven't found a way of doing that [with Apache] yet.

    --
    Greetings,
    Ed.

    --
    -- Gxis! Ed.