Bug 52978

Summary: Binding to an interface instead of an address
Product: Apache httpd-2 Reporter: Alexandre Ferrieux <alexandre.ferrieux>
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Alexandre Ferrieux 2012-03-23 13:20:59 UTC

Comment 1 Alexandre Ferrieux 2012-03-23 13:28:16 UTC
Are there any plans to make use of SO_BINDTODEVICE, as has been proposed by various patchers over the years, to allow Apache to bind to a specific device rather than address ?

The typical use case is a VRRP-managed address that  is *not* owned by the host at the time httpd starts. It then fails with the regular bind() syscall.

With     setsockopt(..., SO_BINDTODEVICE, "ethX", ...); on could simply bind to the device, and any floating IP subsequently attached to it (with VRRP or manual "ip addr add" commands) could receive requests.

Of course, people usually don't care because INADDR_ANY satisfies most simple uses. However, there are real life setups where one wants to restrict to one interface for security reasons, or for modularity (because another service or Apache instance runs on the same port on another interface).

The SO_BINDTODEVICE method could easily be triggered by a syntax extension to Listen, as has also been proposed by those who do it by hand.