You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/10/24 02:09:51 UTC
[Bug 54047] New: applies ipv4 filters to ipv6 rules
https://issues.apache.org/bugzilla/show_bug.cgi?id=54047
Priority: P2
Bug ID: 54047
Assignee: bugs@httpd.apache.org
Summary: applies ipv4 filters to ipv6 rules
Severity: normal
Classification: Unclassified
OS: Mac OS X 10.4
Reporter: alan@batie.org
Hardware: PC
Status: NEW
Version: 2.2.15
Component: mod_access
Product: Apache httpd-2
We have a web server at www.peakinternet.com that is dual stacked:
ipv4: 207.55.16.224
ipv6: 2607:f678::16:224
A recent redesign of the web site moved it to Wordpress, which included as part
of the .htaccess a block of ip addresses known for attacks, including:
# PSI network
deny from 38.0.0.0/8
When this rule is enabled and we try to access the site from our ipv6 enabled
clients, we get "permission denied" errors. When it's disabled, the site works
fine. We notice that 38 decimal is 26 hex, which matches the first 8 bits of
our ipv6 block. In looking in the logs, we see that all the ipv6 denials were
26xx addresses:
2600:1002:b016:321f:51ca:e30f:4b1c:fc22]
2600:1008:b002:30f2::103]
2600:1008:b002:adfd:0:41:9772:1301]
2600:1008:b109:5639::103]
2600:1008:b111:8c5::103]
2600:100c:b203:e466:40ae:f7a6:58af:3e2e]
2600:100c:b210:ba5e:53e:ae29:66be:8af2]
2600:100e:b00c:ef2:e90a:88d8:b94a:847e]
etc...
It appears that the ipv4 mask 38/8 is being applied to ipv6 addresses
inappropriately - this is only a guess, but it's the only thing we can think of
that matches the symptoms...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54047] applies ipv4 filters to ipv6 rules
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54047
--- Comment #1 from Joe Orton <jo...@redhat.com> ---
Created attachment 29555
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29555&action=edit
proposed patch
How bizarre that such a bug can go undiscovered for so long. Thanks for the
report.
Can you test this APR patch?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54047] applies ipv4 filters to ipv6 rules
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54047
alan@batie.org changed:
What |Removed |Added
----------------------------------------------------------------------------
OS|Mac OS X 10.4 |Linux
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54047] applies ipv4 filters to ipv6 rules
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54047
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|mod_access |APR
Version|2.2.15 |HEAD
Assignee|bugs@httpd.apache.org |bugs@apr.apache.org
Product|Apache httpd-2 |APR
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org