You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1997/07/01 03:20:17 UTC

disabling hostname lookups and authentication

If we disable hostname lookups, domain based authentication doesn't work.
That is bad.

Re: disabling hostname lookups and authentication

Posted by Dean Gaudet <dg...@arctic.org>.

As opposed to the lack of double-reverse DNS leading to a false sense of
security?

At any rate, this works, I use it:

<Location /server-status>
    HostnameLookups on
    SetHandler server-status
    order deny,allow
    deny from all
    allow from .arctic.org
</Location>

Dean

On Mon, 30 Jun 1997, Marc Slemko wrote:

> If we disable hostname lookups, domain based authentication doesn't work.
> That is bad.
> 
>

Re: disabling hostname lookups and authentication

Posted by Brian Behlendorf <br...@organic.com>.

At 07:20 PM 6/30/97 -0600, Marc Slemko wrote:
>If we disable hostname lookups, domain based authentication doesn't work.
>That is bad.

All administrators need to do is add a "HostnameLookups On" in the same
<Directory> or <Location> container that they have access control enabled on.
Though certainly a good argument can be made that such a directive should
be implied by a "deny from .apache.org" directive.  If it's as easy to
include that type of logic as it appears to be, let's do it...

	Brian

	Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL                brian@organic.com - hyperreal.org - apache.org