Apache VirtualHost: Key Differences Between _default_:* vs *:* in Host Configuration


2 views

In Apache HTTP Server configuration, both _default_:* and *:* serve as catch-all directives in VirtualHost contexts, but with crucial behavioral differences:

<VirtualHost _default_:*>
    # Catches ONLY requests not matched by other VirtualHosts
    ServerName fallback.example.com
</VirtualHost>

<VirtualHost *:*>
    # Catches ALL requests on ALL interfaces/ports
    ServerName catch-all.example.com
</VirtualHost>

_default_:* use cases:

  • Creating a fallback server for unmatched requests
  • Implementing maintenance pages for undefined domains
  • Handling legacy IP-based requests

*:* use cases:

  • When you want a VirtualHost to handle ALL traffic
  • For reverse proxy configurations
  • When running a single-site server

The _default_ virtual host only processes requests that:

  1. Don't match any other VirtualHost's ServerName/ServerAlias
  2. Arrive on ports not explicitly defined in other VirtualHosts

Sample port-specific default host:

<VirtualHost _default_:443>
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    # Will catch HTTPS requests for undefined domains
</VirtualHost>

Avoid these common pitfalls:

# DANGER: This makes *:* VirtualHost unreachable
<VirtualHost _default_:*>
    DocumentRoot /www/default
    # This will intercept ALL unmatched requests first
</VirtualHost>

<VirtualHost *:*>
    # This block will NEVER be reached
    DocumentRoot /www/primary
</VirtualHost>

For maximum control:

# 1. Explicit named hosts first
<VirtualHost 192.168.1.1:80>
    ServerName primary.example.com
    # ... 
</VirtualHost>

# 2. Default handlers last
<VirtualHost _default_:80>
    # Handles all other HTTP traffic
    RewriteEngine On
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>

# 3. Global fallback
<VirtualHost *:443>
    SSLEngine on
    # ... SSL config
    # Will handle ALL HTTPS traffic
</VirtualHost>

In Apache HTTP Server configuration, the <VirtualHost> directive is crucial for hosting multiple websites on a single server. The syntax variations between _default_:* and *:* serve distinct purposes:

# Default catch-all VirtualHost
<VirtualHost _default_:*>
    ServerName fallback.example.com
    DocumentRoot /var/www/html
</VirtualHost>

# Wildcard VirtualHost
<VirtualHost *:*>
    ServerName primary.example.com
    DocumentRoot /var/www/primary
</VirtualHost>

_default_:* acts as a fallback VirtualHost that catches:

  • Requests not matching any other VirtualHost
  • Requests coming via unspecified IP addresses
  • HTTPS connections when no matching SSL VirtualHost exists

*:* behaves differently:

  • Matches ALL requests regardless of IP or port
  • Takes precedence over _default_:* when both exist
  • Can cause conflicts if multiple *:* VirtualHosts exist

Sample configuration for different scenarios:

# Default HTTPS catch-all
<VirtualHost _default_:443>
    SSLEngine on
    SSLCertificateFile /path/to/default.crt
    SSLCertificateKeyFile /path/to/default.key
    DocumentRoot /var/www/ssl_default
</VirtualHost>

# HTTP-to-HTTPS redirector
<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</VirtualHost>

# Primary website configuration
<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    # SSL configuration...
    DocumentRoot /var/www/example
</VirtualHost>

When mixing these directives, watch for:

  1. Unexpected request handling due to precedence rules
  2. SSL certificate mismatches in default VirtualHosts
  3. Port conflicts when using wildcards

Debug using:

apachectl -S  # Shows which VirtualHost handles each request