httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: "secure" minimal DNS
Date Wed, 18 Sep 1996 20:07:31 GMT
Margarita Suarez wrote:
>
>it turns out that the HostnameLookups stuff broke the semantics of
>environment variables in cgi scripts: if you have HostnameLookups off,
>the REMOTE_HOST variable is not set to a hostname, and many cgi-scripts
>fail.  the solution to this may be to have all cgi script authors check
>both REMOTE_HOST and REMOTE_ADDR and act appropriately, but this may be
>impossible.  i am sending a revised uuencoded patch file that forces a
>DNS lookup to fill in REMOTE_HOST when launching a cgi cscript.

Now this I don't think is a good idea.

If we applied this patch our mailboxes would overflow with complaints
from people who can't afford the lookups but do a lot of CGI suddenly
finding their servers grind to a halt for no apparent reason.

If scripts need the hostname they can look it up themselves 
(1 line of perl for example).

This is a CGI issue, not an Apache one.

sorry.
rob

Mime
View raw message