Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2F5F4DF75 for ; Wed, 24 Oct 2012 00:10:16 +0000 (UTC) Received: (qmail 12538 invoked by uid 500); 24 Oct 2012 00:10:15 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 12470 invoked by uid 500); 24 Oct 2012 00:10:15 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 12459 invoked by uid 99); 24 Oct 2012 00:10:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Oct 2012 00:10:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Oct 2012 00:10:12 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 58782A46D; Wed, 24 Oct 2012 00:09:52 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 54047] New: applies ipv4 filters to ipv6 rules Date: Wed, 24 Oct 2012 00:09:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_access X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: alan@batie.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: priority bug_id assigned_to short_desc bug_severity classification op_sys reporter rep_platform bug_status version component product Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=54047 Priority: P2 Bug ID: 54047 Assignee: bugs@httpd.apache.org Summary: applies ipv4 filters to ipv6 rules Severity: normal Classification: Unclassified OS: Mac OS X 10.4 Reporter: alan@batie.org Hardware: PC Status: NEW Version: 2.2.15 Component: mod_access Product: Apache httpd-2 We have a web server at www.peakinternet.com that is dual stacked: ipv4: 207.55.16.224 ipv6: 2607:f678::16:224 A recent redesign of the web site moved it to Wordpress, which included as part of the .htaccess a block of ip addresses known for attacks, including: # PSI network deny from 38.0.0.0/8 When this rule is enabled and we try to access the site from our ipv6 enabled clients, we get "permission denied" errors. When it's disabled, the site works fine. We notice that 38 decimal is 26 hex, which matches the first 8 bits of our ipv6 block. In looking in the logs, we see that all the ipv6 denials were 26xx addresses: 2600:1002:b016:321f:51ca:e30f:4b1c:fc22] 2600:1008:b002:30f2::103] 2600:1008:b002:adfd:0:41:9772:1301] 2600:1008:b109:5639::103] 2600:1008:b111:8c5::103] 2600:100c:b203:e466:40ae:f7a6:58af:3e2e] 2600:100c:b210:ba5e:53e:ae29:66be:8af2] 2600:100e:b00c:ef2:e90a:88d8:b94a:847e] etc... It appears that the ipv4 mask 38/8 is being applied to ipv6 addresses inappropriately - this is only a guess, but it's the only thing we can think of that matches the symptoms... -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org