Skip to content

Gotcha with Apache conf.d

Be careful if you’re using a conf.d directory with Apache. Your default site for visitors hitting the IP directly or with HTTP/1.0 will get whichever site is alphabetically first or perhaps even a random one on some platforms. If that’s an internal-only site that’s restricted with DNS views or the like you could be exposing data.

<p>I propose the following as best practices:  Create a conf.first directory in parallel with conf.d .  Move the file you’d like to be the default into conf.first.  Then modify the main httpd.conf to include:</p>
<p>Include conf.first/*.conf<br />

Include conf.d/*.conf

<p>There, you’ve maintained the ease of auto-configuration of hosts but now have explicit control over your default site.