You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1996/06/20 03:21:02 UTC

Re: apache_1.1b4: patch to support ip_net/netmask in Access lists 

This _is_ a bug in my opinion. I would like to see this make it
into 1.1 if others agree.


> 
> You're idea and patch will be considered. It's unlikely that this will
> be accepted for 1.1, but maybe for 1.2.
> 
> regards,
> rob
> 
> >The following patch allows one to restrict/give access based on
> >ip networks that are not on octet boundaries.  For instance, I use
> >
> ><Limit GET>
> >order deny,allow
> >deny from all
> >allow from 128.138.192.192/255.255.255.192
> ></Limit>
> ></Location>
> >
> >To allow access from our private sysadmin's net.  This is especially
> >use if one has HostnameLookups turned off for performance reasons.
> >
> > - todd
> >
> >*** mod_access.c.DIST	Thu Feb 29 19:39:51 1996
> >--- mod_access.c	Wed Jun 19 16:16:59 1996
> >***************
> >*** 157,171 ****
> >  }
> >  
> >  int in_ip(char *domain, char *what) {
> >  
> >!     /* Check a similar screw case to the one checked above ---
> >!      * "allow from 204.26.2" shouldn't let in people from 204.26.23
> >!      */
> >!     
> >!     int l = strlen(domain);
> >!     if (strncmp(domain,what,l) != 0) return 0;
> >!     if (domain[l - 1] == '.') return 1;
> >!     return (what[l] == '\0' || what[l] == '.');
> >  }
> >  
> >  int find_allowdeny (request_rec *r, array_header *a, int method)
> >--- 157,183 ----
> >  }
> >  
> >  int in_ip(char *domain, char *what) {
> >+     char *mask = strchr(domain, '/');
> >  
> >!     if (mask) {
> >! 	/* The address is of the form ip_network/netmask
> >! 	 */
> >! 	int ret;
> >! 
> >! 	*mask++ = '\0';
> >! 	ret = ((inet_addr(what) & inet_addr(mask)) == inet_addr(domain)); 
> >! 	*(mask-1) = '/';
> >! 	return(ret);
> >!     } else {
> >! 	/* Check a similar screw case to the one checked above ---
> >! 	 * "allow from 204.26.2" shouldn't let in people from 204.26.23
> >! 	 */
> >! 	
> >! 	int l = strlen(domain);
> >! 	if (strncmp(domain,what,l) != 0) return 0;
> >! 	if (domain[l - 1] == '.') return 1;
> >! 	return (what[l] == '\0' || what[l] == '.');
> >!     }
> >  }
> >  
> >  int find_allowdeny (request_rec *r, array_header *a, int method)
> 
> 
> -- 
> Rob Hartill (robh@imdb.com)
> The Internet Movie Database (IMDb)  http://www.imdb.com/
>            ...more movie info than you can poke a stick at.