You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Theo Van Dinter <fe...@kluge.net> on 1999/07/31 17:49:17 UTC

Re: mod_status/4744: Visiting server-status logs the hostname of the client regardless of HostnameLookup.

|Do you have your /server-status Location protected by
|something like "Deny from all","Allow from .kluge.net"?
|If so, that's the cause -- on name-based access
|restrictions, Apache *always* does a double-reverse
|lookup, which will result in the client name being stored
|in the appropriate structures and hence available (and
|used) for logging.

Ok, that does explain it.  I would still classify it as a bug though:  The
whole point of "HostnameLookup off" is so that the IP is the only client
identifier in the logs/passed to CGIs/etc.  Since the current scheme doesn't
always do what you expect (named-based access controls causes hostname to be
used instead of IP), it should be fixed, or minimally at least documented w/
"Hostnamelookup" (it's hinted to, but not clearly indicated).

Would it be possible to say something like: (pseudo-ish code...)

if ( configuration.hostnamelookup == 0 )
	Log(request.clientIP);
else {
	if ( request.clientname[0] != '\0' )
		Log(request.clientname);
	else
		Log(request.clientIP);
}

??

thanks.