You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1996/06/20 02:10:11 UTC
Re: apache_1.1b4: patch to support ip_net/netmask in Access lists
You're idea and patch will be considered. It's unlikely that this will
be accepted for 1.1, but maybe for 1.2.
regards,
rob
>The following patch allows one to restrict/give access based on
>ip networks that are not on octet boundaries. For instance, I use
>
><Limit GET>
>order deny,allow
>deny from all
>allow from 128.138.192.192/255.255.255.192
></Limit>
></Location>
>
>To allow access from our private sysadmin's net. This is especially
>use if one has HostnameLookups turned off for performance reasons.
>
> - todd
>
>*** mod_access.c.DIST Thu Feb 29 19:39:51 1996
>--- mod_access.c Wed Jun 19 16:16:59 1996
>***************
>*** 157,171 ****
> }
>
> int in_ip(char *domain, char *what) {
>
>! /* Check a similar screw case to the one checked above ---
>! * "allow from 204.26.2" shouldn't let in people from 204.26.23
>! */
>!
>! int l = strlen(domain);
>! if (strncmp(domain,what,l) != 0) return 0;
>! if (domain[l - 1] == '.') return 1;
>! return (what[l] == '\0' || what[l] == '.');
> }
>
> int find_allowdeny (request_rec *r, array_header *a, int method)
>--- 157,183 ----
> }
>
> int in_ip(char *domain, char *what) {
>+ char *mask = strchr(domain, '/');
>
>! if (mask) {
>! /* The address is of the form ip_network/netmask
>! */
>! int ret;
>!
>! *mask++ = '\0';
>! ret = ((inet_addr(what) & inet_addr(mask)) == inet_addr(domain));
>! *(mask-1) = '/';
>! return(ret);
>! } else {
>! /* Check a similar screw case to the one checked above ---
>! * "allow from 204.26.2" shouldn't let in people from 204.26.23
>! */
>!
>! int l = strlen(domain);
>! if (strncmp(domain,what,l) != 0) return 0;
>! if (domain[l - 1] == '.') return 1;
>! return (what[l] == '\0' || what[l] == '.');
>! }
> }
>
> int find_allowdeny (request_rec *r, array_header *a, int method)
--
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb) http://www.imdb.com/
...more movie info than you can poke a stick at.