You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1996/06/20 02:10:11 UTC

Re: apache_1.1b4: patch to support ip_net/netmask in Access lists

You're idea and patch will be considered. It's unlikely that this will
be accepted for 1.1, but maybe for 1.2.

regards,
rob

>The following patch allows one to restrict/give access based on
>ip networks that are not on octet boundaries.  For instance, I use
>
><Limit GET>
>order deny,allow
>deny from all
>allow from 128.138.192.192/255.255.255.192
></Limit>
></Location>
>
>To allow access from our private sysadmin's net.  This is especially
>use if one has HostnameLookups turned off for performance reasons.
>
> - todd
>
>*** mod_access.c.DIST	Thu Feb 29 19:39:51 1996
>--- mod_access.c	Wed Jun 19 16:16:59 1996
>***************
>*** 157,171 ****
>  }
>  
>  int in_ip(char *domain, char *what) {
>  
>!     /* Check a similar screw case to the one checked above ---
>!      * "allow from 204.26.2" shouldn't let in people from 204.26.23
>!      */
>!     
>!     int l = strlen(domain);
>!     if (strncmp(domain,what,l) != 0) return 0;
>!     if (domain[l - 1] == '.') return 1;
>!     return (what[l] == '\0' || what[l] == '.');
>  }
>  
>  int find_allowdeny (request_rec *r, array_header *a, int method)
>--- 157,183 ----
>  }
>  
>  int in_ip(char *domain, char *what) {
>+     char *mask = strchr(domain, '/');
>  
>!     if (mask) {
>! 	/* The address is of the form ip_network/netmask
>! 	 */
>! 	int ret;
>! 
>! 	*mask++ = '\0';
>! 	ret = ((inet_addr(what) & inet_addr(mask)) == inet_addr(domain)); 
>! 	*(mask-1) = '/';
>! 	return(ret);
>!     } else {
>! 	/* Check a similar screw case to the one checked above ---
>! 	 * "allow from 204.26.2" shouldn't let in people from 204.26.23
>! 	 */
>! 	
>! 	int l = strlen(domain);
>! 	if (strncmp(domain,what,l) != 0) return 0;
>! 	if (domain[l - 1] == '.') return 1;
>! 	return (what[l] == '\0' || what[l] == '.');
>!     }
>  }
>  
>  int find_allowdeny (request_rec *r, array_header *a, int method)


-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.