You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric <py...@gmail.com> on 2008/06/01 03:37:24 UTC
[users@httpd] Consequences of disabling mod_authz_host?
>From what I understand, mod_authz_host always performs two DNS lookups
per request when mod_authz_host is enabled, regardless of whether any
host-based blockings are used. I don't need that, in fact, the only
part of mod_authz_host I use is to set "Order allow,deny" and "Allow
from all" or "Deny from all".
If I disable mod_authz_host, what are the risks? Currently the only
blocks I have are from:
<Directory />
Order allow,deny
Deny from all
</Directory>
and
<FilesMatch "^\.svn">
Order allow,deny
Deny from all
</FilesMatch>
I can block the latter with mod_rewrite. Is the first even necessary?
It was in my distro's default httpd.conf.
Thanks!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Consequences of disabling mod_authz_host?
Posted by Joshua Slive <jo...@slive.ca>.
On Sat, May 31, 2008 at 9:37 PM, Eric <py...@gmail.com> wrote:
> From what I understand, mod_authz_host always performs two DNS lookups
> per request when mod_authz_host is enabled, regardless of whether any
> host-based blockings are used.
No, that's not true to the best of my knowledge. If it were true, it
would be a major bug. The lookups are performed only for hostnames (or
things that appear to mod_authz_host to be hostnames).
> I don't need that, in fact, the only
> part of mod_authz_host I use is to set "Order allow,deny" and "Allow
> from all" or "Deny from all".
>
> If I disable mod_authz_host, what are the risks? Currently the only
> blocks I have are from:
>
> <Directory />
> Order allow,deny
> Deny from all
> </Directory>
>
> and
>
> <FilesMatch "^\.svn">
> Order allow,deny
> Deny from all
> </FilesMatch>
>
> I can block the latter with mod_rewrite. Is the first even necessary?
> It was in my distro's default httpd.conf.
If you don't need host-based blocking, you can disable mod_authz_host.
The first block is basically just a safety feature to try to prevent
you from accidentally exposing things that you intend to be protected.
If the rest of your config is correct, it doesn't do anything.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org