You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Mark A. Craig" <ma...@gmail.com> on 2007/09/16 08:50:41 UTC
[users@httpd] Re: Syntactic consistency? Pfft! {directory and deny directives}
Joshua:
Consistency be damned! As one example of how unproductive that consistency is,
I'm now forced to replace just that ONE ".svservers.com" partial hostname denial
with ELEVEN - and probably counting - separate IP address denials! These are
all addresses used by one person or perhaps a small intimate group. Now
extrapolate that burden to all the other partial IP addresses that I similarly
want to deny.
Isn't that a wonderful extra burden to place on my server just for the sake of
algorithmic and syntactic consistency between two directives? If I had access
and motivation, I'd start an argument about it with the developer of that bit of
code.
Mark
-------- Original Message --------
Subject: Re: [users@httpd] <directory> and deny directives
From: Joshua Slive <jo...@slive.ca>
To: users@httpd.apache.org
Date: Friday, September 14, 2007 09:08:30 AM
> On 9/14/07, Mark A. Craig <ma...@gmail.com> wrote:
>> It would sure be
>> nice if the code didn't pull a non-intuitive stunt like this, though! If the
>> DNS lookup resolves to the specified *partial* hostname, it should act on it,
>> not second-guess it with an rDNS like this.
>
> Yes, it is non-intuitive. But on the other hand, it is much more
> common to use hostnames for Allow directives than for Deny directives
> (since the hostname is often under the control of the attacker). You
> MUST check the forward and reverse for Allow directives, or else they
> would be worthless. And then it could potentially cause even more
> confusion if the Allow and Deny directives matched differently.
>
> Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org