httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Request for Information (fwd)
Date Thu, 28 Nov 1996 08:48:24 GMT

not acked.

----- Forwarded message from Garo Kiremidjian -----

From: Garo Kiremidjian <>
To: 'Apache' <>
Subject: Request for Information
Date: Wed, 27 Nov 1996 17:11:21 -0800
X-Mailer:  Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Has the bug reported by Dean Gaudet been fixed? (The report by Dean
Gaudet appears below)

Hostnames such as "" are valid, yet find_allowdeny does 
not properly handle them. This should be put on Known Bugs. Be careful 
when fixing this because just removing the isalpha() check creates a 
security hole, consider the DNS map " IN PTR 2.2.2."
if the user has a config line "allow from 2.2.2" it will allow 
in (unless -DMAXIMUM_DNS). -- which is bad because it breaks people who 
understand double reverse lookup and are trying to avoid it by using 
only ip addresses on allow/deny statements. - reported by Dean Gaudet

----- End of forwarded message from Garo Kiremidjian -----

Rob Hartill.       Internet Movie Database Ltd.  

View raw message