You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/08/07 11:57:26 UTC

[Bug 49737] order allow,deny does not work on IPv6

https://issues.apache.org/bugzilla/show_bug.cgi?id=49737

frettled@gmail.com <fr...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.2.14                      |2.2.16

--- Comment #6 from frettled@gmail.com <fr...@gmail.com> ---
I have experienced the same problem with deny statements in .htaccess to block
IPv6 addresses with stock Apache 2.2.16 as delivered by Debian. It simply
doesn't work.

This is may be related what is described here:

http://serverfault.com/questions/484239/apache-ipv4-deny-directive-blocks-ipv6-addresses

In brief: IPv6 addresses get blocked by bitmasks for IPv4 addresses, since the
first bits for IPv4 addresses also match the first bits for certain IPv6
addresses.

A test could be to figure out what IPv4 address might have the same bitmask as
2001:4860::/32 and see if that blocks 2001:4860::/32.

With an innocent side victim in IPv4 space, of course.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org