httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <c...@hyperreal.com>
Subject cvs commit: apache/htdocs/manual/misc FAQ.html
Date Sat, 26 Apr 1997 12:21:16 GMT
coar        97/04/26 05:21:15

  Modified:    htdocs/manual/misc  FAQ.html
  Log:
  	Added Q&A concerning access restriction by host/domain name,
  	and cleaned up a couple of nit.
  
  Revision  Changes    Path
  1.44      +68 -18    apache/htdocs/manual/misc/FAQ.html
  
  Index: FAQ.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/misc/FAQ.html,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -C3 -r1.43 -r1.44
  *** FAQ.html	1997/04/26 06:58:39	1.43
  --- FAQ.html	1997/04/26 12:21:14	1.44
  ***************
  *** 8,14 ****
      <!--#include virtual="header.html" -->
      <H1>Apache Server Frequently Asked Questions</H1>
      <P>
  !   $Revision: 1.43 $ ($Date: 1997/04/26 06:58:39 $)
      </P>
      <P>
      The latest version of this FAQ is always available from the main
  --- 8,14 ----
      <!--#include virtual="header.html" -->
      <H1>Apache Server Frequently Asked Questions</H1>
      <P>
  !   $Revision: 1.44 $ ($Date: 1997/04/26 12:21:14 $)
      </P>
      <P>
      The latest version of this FAQ is always available from the main
  ***************
  *** 25,31 ****
    <!--    on his own system, which may not be configured for          -->
    <!--    multiviews.   Leave off the ".html" extension for absolute  -->
    <!--    links to sites which are known to run multiviews (e.g.,     -->
  ! <!--    apache.or or apacheweek.com).                               -->
    <!--  - When adding items, make sure they're put in the right place -->
    <!--    - verify that the numbering matches up.                     -->
    <!--  - Don't forget to include an HR tag after the last /P tag     -->
  --- 25,31 ----
    <!--    on his own system, which may not be configured for          -->
    <!--    multiviews.   Leave off the ".html" extension for absolute  -->
    <!--    links to sites which are known to run multiviews (e.g.,     -->
  ! <!--    apache.org or apacheweek.com).                              -->
    <!--  - When adding items, make sure they're put in the right place -->
    <!--    - verify that the numbering matches up.                     -->
    <!--  - Don't forget to include an HR tag after the last /P tag     -->
  ***************
  *** 42,49 ****
    <!-- - can't bind to port 80                                        -->
    <!--   - permission denied                                          -->
    <!--   - address already in use                                     -->
  - <!-- - access control based on DNS name really needs MAXIMUM_DNS    -->
  - <!--   and double-check that rDNS resolves to name expected         -->
    <!-- - mod_auth & passwd lines "user:pw:.*" - ++1st colon onward is -->
    <!--   treated as pw, not just ++1st to --2nd.                      -->
    <!-- - SSL:                                                         -->
  --- 42,47 ----
  ***************
  *** 127,133 ****
       <LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>
       </LI>
       <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in 
  !     mod_cookies?</A>
       </LI>
       <LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain
text
        when I request an URL from an Apache server?</A>
  --- 125,131 ----
       <LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>
       </LI>
       <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in 
  !     <SAMP>mod_cookies</SAMP>?</A>
       </LI>
       <LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain
text
        when I request an URL from an Apache server?</A>
  ***************
  *** 150,155 ****
  --- 148,156 ----
       <LI><A HREF="#wheres-the-dump">The errorlog says Apache dumped core,
        but where's the dump file?</A>
       </LI>
  +    <LI><A HREF="#dnsauth">Why isn't restricting access by host or domain name
  +     working correctly?</A>
  +    </LI>
       <LI><A HREF="#SSL-i">Why doesn't Apache include SSL?</A>
       </LI>
      </OL>
  ***************
  *** 254,260 ****
      <P>
      The Apache project's web site includes a page with a partial list of
      <A
  !    HREF="http://www.apache.org/info/apache_users.html"
      >sites running Apache</A>.
      </P>
      <HR>
  --- 255,261 ----
      <P>
      The Apache project's web site includes a page with a partial list of
      <A
  !    HREF="http://www.apache.org/info/apache_users"
      >sites running Apache</A>.
      </P>
      <HR>
  ***************
  *** 286,292 ****
      be swamped by a flood of trivial questions that can be resolved elsewhere.
      Bug reports and suggestions should be sent <EM>via</EM>
      <A
  !    HREF="http://www.apache.org/bug_report.html"
      >the bug report page</A>.
      Other questions should be directed to the
      <A
  --- 287,293 ----
      be swamped by a flood of trivial questions that can be resolved elsewhere.
      Bug reports and suggestions should be sent <EM>via</EM>
      <A
  !    HREF="http://www.apache.org/bug_report"
      >the bug report page</A>.
      Other questions should be directed to the
      <A
  ***************
  *** 872,880 ****
      module.
      This module was distributed with Apache prior to 1.2.
      This module may help track users, and uses cookies to do this. If
  !   you are not using the data generated by mod_cookies, do not compile
  !   it into Apache. Note that in 1.2 this module was renamed to the
  !   more correct name 
      <A
       HREF="../mod/mod_usertrack.html"
      ><SAMP>mod_usertrack</SAMP></A>,
  --- 873,881 ----
      module.
      This module was distributed with Apache prior to 1.2.
      This module may help track users, and uses cookies to do this. If
  !   you are not using the data generated by <SAMP>mod_cookies</SAMP>, do
  !   not compile it into Apache. Note that in 1.2 this module was renamed
  !   to the more correct name 
      <A
       HREF="../mod/mod_usertrack.html"
      ><SAMP>mod_usertrack</SAMP></A>,
  ***************
  *** 888,903 ****
      <HR>
     </LI>
     <LI><A NAME="cookies2">
  !       <STRONG>Why don't my cookies work, I even compiled in mod_cookies?
          </STRONG>
         </A>
      <P>
  !   Firstly, you do <EM>not</EM> need to compile in mod_cookies in order
  !   for your scripts to work (see the <A HREF="#cookies1">previous question</A>
  !   for more about mod_cookies). Apache passes on your Set-Cookie header
  !   fine, with or without this module. If cookies do not work it will
  !   be because your script does not work properly or your browser does
  !   not use cookies or is not set-up to accept them.
      </P>
      <HR>
     </LI>
  --- 889,909 ----
      <HR>
     </LI>
     <LI><A NAME="cookies2">
  !       <STRONG>Why don't my cookies work, I even compiled in
  !       <SAMP>mod_cookies</SAMP>?
          </STRONG>
         </A>
      <P>
  !   Firstly, you do <EM>not</EM> need to compile in
  !   <SAMP>mod_cookies</SAMP> in order for your scripts to work (see the
  !   <A
  !    HREF="#cookies1"
  !   >previous question</A>
  !   for more about <SAMP>mod_cookies</SAMP>). Apache passes on your
  !   <SAMP>Set-Cookie</SAMP> header fine, with or without this module. If
  !   cookies do not work it will be because your script does not work
  !   properly or your browser does not use cookies or is not set-up to
  !   accept them.
      </P>
      <HR>
     </LI>
  ***************
  *** 1089,1094 ****
  --- 1095,1144 ----
      </P>
      <HR>
     </LI>
  +  <LI><A NAME="dnsauth">
  +       <STRONG>Why isn't restricting access by host or domain name
  +       working correctly?</STRONG>
  +      </A>
  +   <P>
  +   Two of the most common causes of this are:
  +   </P>
  +   <OL>
  +    <LI><STRONG>An error, inconsistency, or unexpected mapping in the DNS
  +     registration</STRONG>
  +     <BR>
  +     This happens frequently: your configuration restricts access to
  +     <SAMP>Host.FooBar.Com</SAMP>, but you can't get in from that host.
  +     The usual reason for this is that <SAMP>Host.FooBar.Com</SAMP> is
  +     actually an alias for another name, and when Apache performs the
  +     address-to-name lookup it's getting the <EM>real</EM> name, not
  +     <SAMP>Host.FooBar.Com</SAMP>.  You can verify this by checking the
  +     reverse lookup yourself.  The easiest way to work around it is to
  +     specify the correct host name in your configuration.
  +    </LI>
  +    <LI><STRONG>Inadequate checking and verification in your
  +     configuration of Apache</STRONG>
  +     <BR>
  +     If you intend to perform access checking and restriction based upon
  +     the client's host or domain name, you really need to configure
  +     Apache to double-check the origin information it's supplied.  You do
  +     this by adding the <SAMP>-DMAXIMUM_DNS</SAMP> clause to the
  +     <SAMP>EXTRA_CFLAGS</SAMP> definition in your
  +     <SAMP>Configuration</SAMP> file.  For example:
  +     <DL>
  +      <DD><CODE>EXTRA_CFLAGS=-DMAXIMUM_DNS</CODE>
  +      </DD>
  +     </DL>
  +     <P>
  +     This will cause Apache to be very paranoid about making sure a
  +     particular host address is <EM>really</EM> assigned to the name it
  +     claims to be.  Note that this <EM>can</EM> incur a significant
  +     performance penalty, however, because of all the name resolution
  +     requests being sent to a nameserver.
  +     </P>
  +    </LI>
  +   </OL>
  +   <HR>
  +  </LI>
     <LI><A NAME="SSL-i">
          <STRONG>Why doesn't Apache include SSL?</STRONG>
         </A>
  ***************
  *** 1097,1103 ****
      governments have restrictions upon the import, export, and use of
      encryption technology.  If Apache included SSL in the base package,
      its distribution would involve all sorts of legal and bureaucratic
  !   issues., and it would no longer be freely available.  Also, some of
      the technology required to talk to current clients using SSL is 
      patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>, 
      who restricts its use without a license.
  --- 1147,1153 ----
      governments have restrictions upon the import, export, and use of
      encryption technology.  If Apache included SSL in the base package,
      its distribution would involve all sorts of legal and bureaucratic
  !   issues, and it would no longer be freely available.  Also, some of
      the technology required to talk to current clients using SSL is 
      patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>, 
      who restricts its use without a license.
  
  
  

Mime
View raw message