Apache's mod_vhost_alias provides a neat little feature for easing up virtual host configurations:
This module creates dynamically configured virtual hosts, by allowing the IP address and/or the Host: header of the HTTP request to be used as part of the pathname to determine what files to serve.
Now suppose the following not so uncommon scenario: Two IP addresses share the same host - let's say 10.0.0.10 and 10.0.0.11. One IP is meant for production services, the other IP may be totally unrelated. However, both IPs are configured for named virtual hosts with overlapping wildcards and share the same VirtualDocumentRoot:
span style="color: #7f007f;">"/protected/"
Our second virtualhost beta.foo.bar blocks access to /protected/ - the first virtualhost has no such protection. Let's check out beta's protection manually:
span style="color: #ff0000;">"-//IETF//DTD HTML 2.0//EN"
Now, just for fun, the very same request goes to the other IP:
# telnet 10.0.0.10 80
"e8127-1c-4697bd6c57000"
Please, keep that in mind when rolling out VirtualDocumentRoots on more than one IP with overlapping wildcard hostnames.