You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/07/01 03:50:40 UTC

hostname lookups

You mean a patch like this Brian?

But this is sounding close to a feature.  I'd like to keep HostnameLookups
off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
in the examples a bit more...

at any rate, here's the patch.

Dean

? out
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.81.2.2
diff -u -r1.81.2.2 http_core.c
--- http_core.c	1997/06/29 18:08:36	1.81.2.2
+++ http_core.c	1997/07/01 01:48:49
@@ -338,7 +338,9 @@
     if (dir_config) 
 	dir_conf = (core_dir_config *)get_module_config(dir_config, &core_module);
 
-   if ((!dir_conf) || (type != REMOTE_NOLOOKUP && conn->remote_host == NULL && dir_conf->hostname_lookups))
+   if ((!dir_conf) || (type == REMOTE_FORCE_HOST && conn->remote_host == NULL)
+	|| (type != REMOTE_NOLOOKUP
+	    && conn->remote_host == NULL && dir_conf->hostname_lookups))
     {
 #ifdef STATUS
 	int old_stat = update_child_status(conn->child_num,
@@ -383,7 +385,7 @@
 	return conn->remote_host;
     else
     {
-	if (type == REMOTE_HOST) return NULL;
+	if (type == REMOTE_HOST || type == REMOTE_FORCE_HOST) return NULL;
 	else return conn->remote_ip;
     }
 }
Index: http_core.h
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.h,v
retrieving revision 1.20
diff -u -r1.20 http_core.h
--- http_core.h	1997/02/17 10:46:07	1.20
+++ http_core.h	1997/07/01 01:48:49
@@ -77,6 +77,7 @@
 #define REMOTE_HOST (0)
 #define REMOTE_NAME (1)
 #define REMOTE_NOLOOKUP (2)
+#define REMOTE_FORCE_HOST (3)
 
 #define SATISFY_ALL 0
 #define SATISFY_ANY 1
Index: mod_access.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_access.c,v
retrieving revision 1.16
diff -u -r1.16 mod_access.c
--- mod_access.c	1997/03/07 14:15:36	1.16
+++ mod_access.c	1997/07/01 01:48:50
@@ -206,7 +206,7 @@
 
 	if (!gothost) {
 	    remotehost = get_remote_host(r->connection, r->per_dir_config,
-	                                 REMOTE_HOST);
+	                                 REMOTE_FORCE_HOST);
 
 	    if ((remotehost == NULL) || is_ip(remotehost))
 	        gothost = 1;

Re: hostname lookups

Posted by Brian Behlendorf <br...@organic.com>.

At 07:07 PM 6/30/97 -0700, Roy T. Fielding wrote:
>>But this is sounding close to a feature.  I'd like to keep HostnameLookups
>>off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
>>in the examples a bit more...
>
>Feature or not, I'd expect to see it in before any change to the default
>is released.  I should not have to search through our department's 900
>potential user directories and their subdirectories for any existing
.htaccess
>files that might depend on HostnameLookups being on by default.  The fix
>makes sense, even for sites that already turn off HostnameLookups.

Yup.  

There are other ways where changing the default can bite people in the ass,
though; such as the myriad of cgi/xssi/php/etc programs that may rely upon
REMOTE_HOST being there by default.  Perhaps not a security problem, but
definitely a count against 1.2.1 being a drop-in replacement requiring no
configuration changes.  Were it to be made it'd have to be noted very
strongly; and if that's the case we might as well just note strongly that
we recommend turning HostnameLookups off.  So what about this:

1.2.1: srm.conf contains a "HostnameLookups off" directive by default, with
          note saying it's a Good Idea Dammit.  Also list it in the various
          performance tuning pages.
1.3:   Default HostnameLookups to off, force lookups when used for auth.

I'm curious as to why people thought it made sense for 1.2.1 in the first
place - it's certainly not a bug, and not /really/ a performance enhancement.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL                brian@organic.com - hyperreal.org - apache.org

Re: hostname lookups

Posted by Marc Slemko <ma...@worldgate.com>.

On Mon, 30 Jun 1997, Dean Gaudet wrote:

> You mean a patch like this Brian?
> 
> But this is sounding close to a feature.  I'd like to keep HostnameLookups
> off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
> in the examples a bit more...
> 
> at any rate, here's the patch.

I do not agree with a 1.2.1 release with Hostnamelookups turned off by
default without a patch similar to this one.

Can't comment on the patch until I have time to look at it...