You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1996/06/20 03:21:02 UTC
Re: apache_1.1b4: patch to support ip_net/netmask in Access lists
This _is_ a bug in my opinion. I would like to see this make it
into 1.1 if others agree.
>
> You're idea and patch will be considered. It's unlikely that this will
> be accepted for 1.1, but maybe for 1.2.
>
> regards,
> rob
>
> >The following patch allows one to restrict/give access based on
> >ip networks that are not on octet boundaries. For instance, I use
> >
> ><Limit GET>
> >order deny,allow
> >deny from all
> >allow from 128.138.192.192/255.255.255.192
> ></Limit>
> ></Location>
> >
> >To allow access from our private sysadmin's net. This is especially
> >use if one has HostnameLookups turned off for performance reasons.
> >
> > - todd
> >
> >*** mod_access.c.DIST Thu Feb 29 19:39:51 1996
> >--- mod_access.c Wed Jun 19 16:16:59 1996
> >***************
> >*** 157,171 ****
> > }
> >
> > int in_ip(char *domain, char *what) {
> >
> >! /* Check a similar screw case to the one checked above ---
> >! * "allow from 204.26.2" shouldn't let in people from 204.26.23
> >! */
> >!
> >! int l = strlen(domain);
> >! if (strncmp(domain,what,l) != 0) return 0;
> >! if (domain[l - 1] == '.') return 1;
> >! return (what[l] == '\0' || what[l] == '.');
> > }
> >
> > int find_allowdeny (request_rec *r, array_header *a, int method)
> >--- 157,183 ----
> > }
> >
> > int in_ip(char *domain, char *what) {
> >+ char *mask = strchr(domain, '/');
> >
> >! if (mask) {
> >! /* The address is of the form ip_network/netmask
> >! */
> >! int ret;
> >!
> >! *mask++ = '\0';
> >! ret = ((inet_addr(what) & inet_addr(mask)) == inet_addr(domain));
> >! *(mask-1) = '/';
> >! return(ret);
> >! } else {
> >! /* Check a similar screw case to the one checked above ---
> >! * "allow from 204.26.2" shouldn't let in people from 204.26.23
> >! */
> >!
> >! int l = strlen(domain);
> >! if (strncmp(domain,what,l) != 0) return 0;
> >! if (domain[l - 1] == '.') return 1;
> >! return (what[l] == '\0' || what[l] == '.');
> >! }
> > }
> >
> > int find_allowdeny (request_rec *r, array_header *a, int method)
>
>
> --
> Rob Hartill (robh@imdb.com)
> The Internet Movie Database (IMDb) http://www.imdb.com/
> ...more movie info than you can poke a stick at.