You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Matt Sherer <ch...@emerging.org> on 1999/05/21 20:44:36 UTC

mod_access/4454: ip groupings

>Number:         4454
>Category:       mod_access
>Synopsis:       ip groupings
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Fri May 21 11:50:01 PDT 1999
>Last-Modified:
>Originator:     chaos@emerging.org
>Organization:
apache
>Release:        1.3.6
>Environment:
linux 2.2.5, solaris 2.5.1
>Description:
We are moving away from Oracle's web server to Apache.  (thank god) but we have
ip groupings defined in oracle, of the form:
external: 206.36.217.23 206.36.216.*
hierarchy2: 192.112.102.* external
so that hierarchy2 can easily inherit the list defined in the external group.
it makes it really easy to define short access lists for all the protected
areas we have defined.  (otherwise listing all the permissions would be hell
to maintain.)  
>How-To-Repeat:
 
>Fix:
i've played around with the source, but it seems that my c has completely
gone to crap. anyway, what i was thinking was that it should be easy to 
extend the "allow from" to handle something like
"allow from 192.112.102.* $EXTERNAL" 
where $EXTERNAL is defined in the environment, and when seen, it's retrieved, 
taken apart and applied to the rest of the list.  what seems to happen, though,
is that the allow_cmd function only takes one element at a time, and i don't
know if it's safe to recurse with the contents of the newly found variable.
any ideas?  (i'll be out of the u.s. for a couple weeks, but i'll try
to tap in occaisionally if possible.)
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]