httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject 1.1b4 bug in mod_access.c (fwd)
Date Wed, 19 Jun 1996 18:54:56 GMT

Sounds like a waste of time to me.

not acked

From: Ingo Macherius <ingo.macherius@mwe.hvr.scn.de>
Message-Id: <199606191841.UAA15304@ESAMX6.mwe.hvr.scn.de>
Subject: 1.1b4 bug in mod_access.c
To: apache-bugs@apache.org
Date: Wed, 19 Jun 1996 20:41:07 +0200 (MDT)
Cc: webmaster@mwe.hvr.scn.de
Reply-To: Ingo Macherius <Ingo.Macherius@mwe.hvr.scn.de>
Organisation: Siemens AG Hannover, TD MWE
X-URL: http://www.tu-clausthal.de/~inim
X-Mailer: ELM [version 2.4 PL24alpha5]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1752      

-----BEGIN PGP SIGNED MESSAGE-----

Sender:         Ingo Macherius  <Ingo.Macherius@mwe.hvr.scn.de>
Problem:        Access control with numerical IP 
OS:             Sinix 5.41, which is a straight AT&T SVR4 derivate
		Linux 2.0.0 
Apache Version: 1.1b4
Extra Modules:  mod_access.c
Disclaimer:     You can't check the quoted URLs because this is a
                Server within Siemens Intranet :-(

Symtoms:        

We protect our proxy acces using the following construction in 
access.conf:
<Location http://> 
      <Limit GET POST> 
        order deny,allow
        deny from all
        allow from 195.207.40.22 # sun01
	[...]
        allow from 195.207.51.9 # Carsten Friehe
      </Limit> 
</Location>

I found that the entry
	allow from 195.207.42.03
will refuse proxy acces from the PC with IP 195.207.42.3 while
	allow from 195.207.42.3
will grant access.

Workaround:	

I checked the source of mod_access.c and found you using token matching
which explains the faulty behaviour. Probably if a numerical IP is found,
you should check for numerical identity rather than string comparison.
This is also true for lines like
	allow from 	195.207.0111.12
At least the routine should strip leading zeros.

Virtually yours,
Ingo
- -- 
Campus:  Ingo.Macherius@tu-clausthal.de      http://www.tu-clausthal.de/~inim
Siemens: Ingo.Macherius@mwe.hvr.scn.de       http://www.scn.de/~inim
 information != knowledge != wisdom != truth != beauty != music == best (FZ)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMchJs2qfQvFsxpv9AQEtggP/Y4gsIiI+x6G/lGbf2Wq+WN2ZlTyF9ewK
S8JGDbjZqXhQdcC+Xe9VUe5fWWfBFR2yvTfZ6LKLMn7mMXW/t53fnXW274SogAPs
0mNfpApN4qKlCuOaie1ijzmjHRE6i8mNGi7pQofCG51n2uOhE7wanRRXi8ku4WYm
gLzpybWE1/E=
=H0Bc
-----END PGP SIGNATURE-----
----- End of forwarded message from Ingo Macherius -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message