httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject limiting access by IP (fwd)
Date Mon, 19 Aug 1996 22:51:43 GMT

not acked.

looks serious

----- Forwarded message from Jim Faucette -----

Date: Mon, 19 Aug 1996 12:18:36 -0400
Message-Id: <199608191618.MAA28446@sumter.awod.com>
X-Sender: jimf@awod.com
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: apache-bugs@apache.org
From: Jim Faucette <jimf@awod.com>
Subject: limiting access by IP

I'm programming for a system using Apache 1.0. Appears there's a bug when
handling fully qualified IPs. In access.conf:

<Limit GET POST>
order deny,allow
deny from all
allow from 198.81.225.20 198.81.225.21 198.81.225.22 198.81.225.24
allow from 198.81.225.26 198.81.225.27 198.81.225.28 198.81.225.30
allow from 198.81.225.32 198.81.225.33 198.81.225.34 198.81.225.35
allow from 198.81.225.3 206.31.146.211 206.31.146.212 206.31.146.213
allow from 206.31.146.214 206.31.146.220 206.98.17
require valid-user
</Limit>

198.81.225.31 is not included, but is being allowed in. Are you using
a strncmp() like function and basing the length on the <Limit> IP? 

  jim...

----- End of forwarded message from Jim Faucette -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message