You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Jason Repik <jj...@hyperion.plk.af.mil> on 1997/04/03 00:30:01 UTC

mod_access/305: incorrect hostname lookup for allow/deny directives

>Number:         305
>Category:       mod_access
>Synopsis:       incorrect hostname lookup for allow/deny directives
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Apr  2 14:30:01 1997
>Originator:     jjrepik@hyperion.plk.af.mil
>Organization:
apache
>Release:        1.2.7b
>Environment:
Solaris 2.5.1
gcc version 2.7.2.1.f.1
>Description:
I have setup our top level webdocs to accessible to the world.
In attempting to give per directory access to subdirectorys 
to my subdomain with the allow/deny directives it would not work.
Here is the basic model I use:

<Directory /hyp1/web_docs/plasma>
<Limit GET>
order deny,allow
deny from all
allow from hyperion
</Limit>
</Directory>

When the allow directive was changed to .plk.af.mil I could
not access that directory from anywhere.  When it was changed
to .cs.unm.edu, I could access it from machines in the .cs.unm.edu
subdomain and nowhere else.  When I changed it to a specific
name of a machine in my subdomain, I could access it from that
machine.  This leads me to believe  that since the machine the
server is running on is hyperion.plk.af.mil that when it does
a hostname lookup it is only returning the short name of 
hyperion therefore not showing the .plk.af.mil subdomain part
of the name and therefore not allowing access.
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:

Re: mod_access/305: incorrect hostname lookup for allow/deny directives

Posted by Marc Slemko <ma...@znep.com>.

What does your log show for the accesses from the local machine?

Are you saying the below example _does_ work or it _doesn't_ work?  How
the hostnames are resolved (ie. fully qualified or not) is a function of
your OS and how it is configured. 

On Wed, 2 Apr 1997, Jason Repik wrote:

> 
> >Number:         305
> >Category:       mod_access
> >Synopsis:       incorrect hostname lookup for allow/deny directives
> >Confidential:   no
> >Severity:       serious
> >Priority:       medium
> >Responsible:    apache (Apache HTTP Project)
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   apache
> >Arrival-Date:   Wed Apr  2 14:30:01 1997
> >Originator:     jjrepik@hyperion.plk.af.mil
> >Organization:
> apache
> >Release:        1.2.7b
> >Environment:
> Solaris 2.5.1
> gcc version 2.7.2.1.f.1
> >Description:
> I have setup our top level webdocs to accessible to the world.
> In attempting to give per directory access to subdirectorys 
> to my subdomain with the allow/deny directives it would not work.
> Here is the basic model I use:
> 
> <Directory /hyp1/web_docs/plasma>
> <Limit GET>
> order deny,allow
> deny from all
> allow from hyperion
> </Limit>
> </Directory>
> 
> When the allow directive was changed to .plk.af.mil I could
> not access that directory from anywhere.  When it was changed
> to .cs.unm.edu, I could access it from machines in the .cs.unm.edu
> subdomain and nowhere else.  When I changed it to a specific
> name of a machine in my subdomain, I could access it from that
> machine.  This leads me to believe  that since the machine the
> server is running on is hyperion.plk.af.mil that when it does
> a hostname lookup it is only returning the short name of 
> hyperion therefore not showing the .plk.af.mil subdomain part
> of the name and therefore not allowing access.
> >How-To-Repeat:
> 
> >Fix:
> 
> >Audit-Trail:
> >Unformatted:
> 
>