You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Dirk.vanGulik" <Di...@jrc.it> on 1996/11/18 15:08:14 UTC

Some old bug...

I had to have a look round in mod_access, and I noticed
this line; which works out wether we have a FQHN or an IP
address.

	((remotehost != NULL && isalpha(remotehost[0])) && 
		(in_domain(sec->ctrl, remotehost)))

I think this was discussed before.. and if I recalled correctly
FQHN *can* gegin with a number. Or did I miss something and
was it fixes elsewhere ?

Otherwise dropping it is just fine.

Dw.

Re: Some old bug...

Posted by Dean Gaudet <dg...@hotwired.com>.

This is on the ukweb "known bugs" list I think.  Yep a FQHN can begin with
a number, and the archives will point you to the references validating
that (and all the previous arguments about it :).  I think the best way to
fix it would be during the configuration phase decide if the allow/deny
is ip or name based, set a flag, and then use remotehost or remote_ip
as appropriate during the actual security checking.  This would be the
most efficient anyhow.

Dean

In article <ho...@jrc.it>,
Dirk.vanGulik <ne...@hyperreal.com> wrote:
>I had to have a look round in mod_access, and I noticed
>this line; which works out wether we have a FQHN or an IP
>address.
>
>	((remotehost != NULL && isalpha(remotehost[0])) && 
>		(in_domain(sec->ctrl, remotehost)))
>
>I think this was discussed before.. and if I recalled correctly
>FQHN *can* gegin with a number. Or did I miss something and
>was it fixes elsewhere ?
>
>Otherwise dropping it is just fine.
>
>Dw.
>