Return-Path: Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 35546 invoked by uid 500); 31 Jul 2003 18:58:44 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 35493 invoked by uid 500); 31 Jul 2003 18:58:44 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Date: 31 Jul 2003 18:58:53 -0000 Message-ID: <20030731185853.96541.qmail@minotaur.apache.org> From: slive@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/docs/manual/mod mod_access.xml mod_access.html.en X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N slive 2003/07/31 11:58:53 Modified: docs/manual/mod Tag: APACHE_2_0_BRANCH mod_access.xml mod_access.html.en Log: Backport double-reverse docs in Allow/Deny. Revision Changes Path No revision No revision 1.7.2.4 +10 -6 httpd-2.0/docs/manual/mod/Attic/mod_access.xml Index: mod_access.xml =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/mod/Attic/mod_access.xml,v retrieving revision 1.7.2.3 retrieving revision 1.7.2.4 diff -u -d -b -u -r1.7.2.3 -r1.7.2.4 --- mod_access.xml 15 Apr 2003 22:56:37 -0000 1.7.2.3 +++ mod_access.xml 31 Jul 2003 18:58:52 -0000 1.7.2.4 @@ -85,12 +85,16 @@

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match foo.apache.org but it will - not match fooapache.org. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the HostnameLookups - directive.

+ example will match foo.apache.org but it will not + match fooapache.org. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the HostnameLookups directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.

A full IP address
1.11.2.5 +9 -5 httpd-2.0/docs/manual/mod/Attic/mod_access.html.en Index: mod_access.html.en =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/mod/Attic/mod_access.html.en,v retrieving revision 1.11.2.4 retrieving revision 1.11.2.5 diff -u -d -b -u -r1.11.2.4 -r1.11.2.5 --- mod_access.html.en 29 May 2003 19:29:45 -0000 1.11.2.4 +++ mod_access.html.en 31 Jul 2003 18:58:52 -0000 1.11.2.5 @@ -108,11 +108,15 @@

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match foo.apache.org but it will - not match fooapache.org. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the HostnameLookups - directive.

+ example will match foo.apache.org but it will not + match fooapache.org. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the HostnameLookups directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.

A full IP address