You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/11 20:26:44 UTC

[Bug 56395] New: Allow SERVER_ADDR environment variable to be optionally undisclosed

https://issues.apache.org/bugzilla/show_bug.cgi?id=56395

            Bug ID: 56395
           Summary: Allow SERVER_ADDR environment variable to be
                    optionally undisclosed
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: andre@digirati.com.br

Created attachment 31516
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31516&action=edit
Allow SERVER_ADDR to be undisclosed via a core directive

It may be useful to not disclose the web server's IP address to scripts running
on the server. My use case for this is to aid in protection agains DDoS
attacks, where a website's DNS zone is set up such that the server address is
not published in a "guessable" way (eg. by pointing to a CDN provider and using
a random DNS entry for sync'ing between the CDN and the server).

The attached patches implement this. The first one does that via a code
configuration directive. In that case, if the user sets "ExportServerAddr Off",
then the SERVER_ADDR environment variable will not be passed to scripts.

The second patch does the same, but using environment variables instead. In
that case the user has to set "PassEnv HIDE_SERVER_ADDR" and then define this
variable in the shell (eg. export HIDE_SERVER_ADDR=1). To revert to the default
behavior, one only has to unset the variable (eg. unset HIDE_SERVER_ADDR).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56395] Allow SERVER_ADDR environment variable to be optionally undisclosed

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56395

--- Comment #1 from Andre Nathan <an...@digirati.com.br> ---
Created attachment 31517
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31517&action=edit
Allow SERVER_ADDR to be undisclosed via an environment variable

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56395] Allow SERVER_ADDR environment variable to be optionally undisclosed

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56395

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |PatchAvailable

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org