You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/07/01 03:50:40 UTC
hostname lookups
You mean a patch like this Brian?
But this is sounding close to a feature. I'd like to keep HostnameLookups
off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
in the examples a bit more...
at any rate, here's the patch.
Dean
? out
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.81.2.2
diff -u -r1.81.2.2 http_core.c
--- http_core.c 1997/06/29 18:08:36 1.81.2.2
+++ http_core.c 1997/07/01 01:48:49
@@ -338,7 +338,9 @@
if (dir_config)
dir_conf = (core_dir_config *)get_module_config(dir_config, &core_module);
- if ((!dir_conf) || (type != REMOTE_NOLOOKUP && conn->remote_host == NULL && dir_conf->hostname_lookups))
+ if ((!dir_conf) || (type == REMOTE_FORCE_HOST && conn->remote_host == NULL)
+ || (type != REMOTE_NOLOOKUP
+ && conn->remote_host == NULL && dir_conf->hostname_lookups))
{
#ifdef STATUS
int old_stat = update_child_status(conn->child_num,
@@ -383,7 +385,7 @@
return conn->remote_host;
else
{
- if (type == REMOTE_HOST) return NULL;
+ if (type == REMOTE_HOST || type == REMOTE_FORCE_HOST) return NULL;
else return conn->remote_ip;
}
}
Index: http_core.h
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.h,v
retrieving revision 1.20
diff -u -r1.20 http_core.h
--- http_core.h 1997/02/17 10:46:07 1.20
+++ http_core.h 1997/07/01 01:48:49
@@ -77,6 +77,7 @@
#define REMOTE_HOST (0)
#define REMOTE_NAME (1)
#define REMOTE_NOLOOKUP (2)
+#define REMOTE_FORCE_HOST (3)
#define SATISFY_ALL 0
#define SATISFY_ANY 1
Index: mod_access.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_access.c,v
retrieving revision 1.16
diff -u -r1.16 mod_access.c
--- mod_access.c 1997/03/07 14:15:36 1.16
+++ mod_access.c 1997/07/01 01:48:50
@@ -206,7 +206,7 @@
if (!gothost) {
remotehost = get_remote_host(r->connection, r->per_dir_config,
- REMOTE_HOST);
+ REMOTE_FORCE_HOST);
if ((remotehost == NULL) || is_ip(remotehost))
gothost = 1;
Re: hostname lookups
Posted by Brian Behlendorf <br...@organic.com>.
At 07:07 PM 6/30/97 -0700, Roy T. Fielding wrote:
>>But this is sounding close to a feature. I'd like to keep HostnameLookups
>>off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
>>in the examples a bit more...
>
>Feature or not, I'd expect to see it in before any change to the default
>is released. I should not have to search through our department's 900
>potential user directories and their subdirectories for any existing
.htaccess
>files that might depend on HostnameLookups being on by default. The fix
>makes sense, even for sites that already turn off HostnameLookups.
Yup.
There are other ways where changing the default can bite people in the ass,
though; such as the myriad of cgi/xssi/php/etc programs that may rely upon
REMOTE_HOST being there by default. Perhaps not a security problem, but
definitely a count against 1.2.1 being a drop-in replacement requiring no
configuration changes. Were it to be made it'd have to be noted very
strongly; and if that's the case we might as well just note strongly that
we recommend turning HostnameLookups off. So what about this:
1.2.1: srm.conf contains a "HostnameLookups off" directive by default, with
note saying it's a Good Idea Dammit. Also list it in the various
performance tuning pages.
1.3: Default HostnameLookups to off, force lookups when used for auth.
I'm curious as to why people thought it made sense for 1.2.1 in the first
place - it's certainly not a bug, and not /really/ a performance enhancement.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL brian@organic.com - hyperreal.org - apache.org
Re: hostname lookups
Posted by Marc Slemko <ma...@worldgate.com>.
On Mon, 30 Jun 1997, Dean Gaudet wrote:
> You mean a patch like this Brian?
>
> But this is sounding close to a feature. I'd like to keep HostnameLookups
> off for 1.2.1 release and maybe beef up the docs in CHANGES and the docs
> in the examples a bit more...
>
> at any rate, here's the patch.
I do not agree with a 1.2.1 release with Hostnamelookups turned off by
default without a patch similar to this one.
Can't comment on the patch until I have time to look at it...