config/2632: access.conf "allow from" erratic in domain name reverse lookups

[Whit Blauvelt <wh...@transpect.com>]

>Number:         2632
>Category:       config
>Synopsis:       access.conf "allow from" erratic in domain name reverse lookups
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jul 15 11:40:01 PDT 1998
>Last-Modified:
>Originator:     whit@transpect.com
>Organization:
apache
>Release:        1.3
>Environment:
RedHat 5.1 stock installation with Apache 1.3 custom compile (including PHP 3.0.1 module).
Kernel 2.0.34 on an i686.
>Description:
For a directory on the server, access permissions were set as follows:

<Location /directory>
deny from all
allow from .homedomain.com
</Location>

The error and access logs showed that some requests from a particular IP in
.homedomain.com were recognized properly and passed through, logged with the 
alpha name of the accessing machine, while others (from the same IP/machine!)
ended up in the error_log as denied, logged with just the IP of the machine.
Doing an nslookup of that IP number from the system results in the reverse
lookup happenning flawlessly. More often than not it's failing to let the 
machine through based on the IP, but sometimes it gets the reverse lookup right 
and displays the pages in that directory.
>How-To-Repeat:
If it's useful, I could set up the same mechanism on a test directory on that 
machine for you. Would need your domain, of course.
>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]