You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/11 20:26:44 UTC
[Bug 56395] New: Allow SERVER_ADDR environment variable to be
optionally undisclosed
https://issues.apache.org/bugzilla/show_bug.cgi?id=56395
Bug ID: 56395
Summary: Allow SERVER_ADDR environment variable to be
optionally undisclosed
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: andre@digirati.com.br
Created attachment 31516
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31516&action=edit
Allow SERVER_ADDR to be undisclosed via a core directive
It may be useful to not disclose the web server's IP address to scripts running
on the server. My use case for this is to aid in protection agains DDoS
attacks, where a website's DNS zone is set up such that the server address is
not published in a "guessable" way (eg. by pointing to a CDN provider and using
a random DNS entry for sync'ing between the CDN and the server).
The attached patches implement this. The first one does that via a code
configuration directive. In that case, if the user sets "ExportServerAddr Off",
then the SERVER_ADDR environment variable will not be passed to scripts.
The second patch does the same, but using environment variables instead. In
that case the user has to set "PassEnv HIDE_SERVER_ADDR" and then define this
variable in the shell (eg. export HIDE_SERVER_ADDR=1). To revert to the default
behavior, one only has to unset the variable (eg. unset HIDE_SERVER_ADDR).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56395] Allow SERVER_ADDR environment variable to be optionally
undisclosed
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56395
--- Comment #1 from Andre Nathan <an...@digirati.com.br> ---
Created attachment 31517
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31517&action=edit
Allow SERVER_ADDR to be undisclosed via an environment variable
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56395] Allow SERVER_ADDR environment variable to be optionally
undisclosed
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56395
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org