You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@worldgate.com> on 1997/09/25 02:00:40 UTC
proxy access restrictions
First, the mod_proxy docs say:
<Directory proxy:*>
<Limit GET PUT POST DELETE CONNECT OPTIONS>
order deny,allow
deny from [machines you'd like *not* to allow by IP address or name]
allow from [machines you'd like to allow by IP address or name]
</Limit>
</Directory>
Arrrrrrrgh. Why is the Limit there!?!? Unless something is broken,
it is not needed and should not be there. I don't know how many times
I have to tell people to remove their bogus Limit statement.
Secondly, this doesn't work for me on my 1.3 server. Running code
from a week or two ago. Grr. Works on 1.2.x using the same config
files. This is the same setup where I'm seeing the "require user
foo" allowing other users access. Still haven't had time to debug
it. Does the proxy access limitation work for anyone on recent
code?
Re: proxy access restrictions
Posted by Chuck Murcko <ch...@topsail.org>.
Marc Slemko wrote:
>
> First, the mod_proxy docs say:
>
> <Directory proxy:*>
> <Limit GET PUT POST DELETE CONNECT OPTIONS>
> order deny,allow
> deny from [machines you'd like *not* to allow by IP address or name]
> allow from [machines you'd like to allow by IP address or name]
> </Limit>
> </Directory>
>
> Arrrrrrrgh. Why is the Limit there!?!? Unless something is broken,
> it is not needed and should not be there. I don't know how many times
> I have to tell people to remove their bogus Limit statement.
>
> Secondly, this doesn't work for me on my 1.3 server. Running code
> from a week or two ago. Grr. Works on 1.2.x using the same config
> files. This is the same setup where I'm seeing the "require user
> foo" allowing other users access. Still haven't had time to debug
> it. Does the proxy access limitation work for anyone on recent
> code?
You didn't even need the Limit block before 1.2, but nobody wanted to
commit Martin Kraemer's fix for that before release. Thus the Limit
block went into the docs.
I haven't checked the new code.
--
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org
[PATCH] Re: proxy access restrictions
Posted by Dean Gaudet <dg...@arctic.org>.
Try this:
<Directory ~ "^proxy:">
order deny,allow
...
</Directory>
The old syntax is probably broken because of my change in * semantics --
the change which made it respect / boundaries.
The patch below should make the old syntax work, but I'm not sure we want
to do it. It won't affect the newer directory_walk code that's intended
for supporting directories, as opposed to the special proxy: case. I'd
like to deprecate Directory proxy: ... but it doesn't have to be now. So
yeah I guess this interim patch is fine.
Dean
On Wed, 24 Sep 1997, Marc Slemko wrote:
> <Directory proxy:*>
> <Limit GET PUT POST DELETE CONNECT OPTIONS>
> order deny,allow
> deny from [machines you'd like *not* to allow by IP address or name]
> allow from [machines you'd like to allow by IP address or name]
> </Limit>
> </Directory>
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_request.c,v
retrieving revision 1.85
diff -u -r1.85 http_request.c
--- http_request.c 1997/09/14 12:16:55 1.85
+++ http_request.c 1997/09/29 00:16:14
@@ -324,7 +324,7 @@
this_conf = entry_config;
}
else if (entry_core->d_is_fnmatch) {
- if (!fnmatch(entry_dir, test_filename, FNM_PATHNAME))
+ if (!fnmatch(entry_dir, test_filename, 0))
this_conf = entry_config;
}
else if (!strncmp(test_filename, entry_dir, strlen(entry_dir)))