|Summary:||Binding to an interface instead of an address|
|Product:||Apache httpd-2||Reporter:||Alexandre Ferrieux <alexandre.ferrieux>|
|Component:||Core||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Alexandre Ferrieux 2012-03-23 13:20:59 UTC
Comment 1 Alexandre Ferrieux 2012-03-23 13:28:16 UTC
Are there any plans to make use of SO_BINDTODEVICE, as has been proposed by various patchers over the years, to allow Apache to bind to a specific device rather than address ? The typical use case is a VRRP-managed address that is *not* owned by the host at the time httpd starts. It then fails with the regular bind() syscall. With setsockopt(..., SO_BINDTODEVICE, "ethX", ...); on could simply bind to the device, and any floating IP subsequently attached to it (with VRRP or manual "ip addr add" commands) could receive requests. Of course, people usually don't care because INADDR_ANY satisfies most simple uses. However, there are real life setups where one wants to restrict to one interface for security reasons, or for modularity (because another service or Apache instance runs on the same port on another interface). The SO_BINDTODEVICE method could easily be triggered by a syntax extension to Listen, as has also been proposed by those who do it by hand.