You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1997/07/01 03:20:17 UTC
disabling hostname lookups and authentication
If we disable hostname lookups, domain based authentication doesn't work.
That is bad.
Re: disabling hostname lookups and authentication
Posted by Dean Gaudet <dg...@arctic.org>.
As opposed to the lack of double-reverse DNS leading to a false sense of
security?
At any rate, this works, I use it:
<Location /server-status>
HostnameLookups on
SetHandler server-status
order deny,allow
deny from all
allow from .arctic.org
</Location>
Dean
On Mon, 30 Jun 1997, Marc Slemko wrote:
> If we disable hostname lookups, domain based authentication doesn't work.
> That is bad.
>
>
Re: disabling hostname lookups and authentication
Posted by Brian Behlendorf <br...@organic.com>.
At 07:20 PM 6/30/97 -0600, Marc Slemko wrote:
>If we disable hostname lookups, domain based authentication doesn't work.
>That is bad.
All administrators need to do is add a "HostnameLookups On" in the same
<Directory> or <Location> container that they have access control enabled on.
Though certainly a good argument can be made that such a directive should
be implied by a "deny from .apache.org" directive. If it's as easy to
include that type of logic as it appears to be, let's do it...
Brian
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL brian@organic.com - hyperreal.org - apache.org