httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Ghent <>
Subject SetHandler/mod_access interaction
Date Tue, 21 May 2002 21:56:46 GMT

Just want to note a few observations with .37-dev here.

I set up the mod_info and mod_status handlers by uncommenting what comes
in the stock httpd.conf, replacing the sample Allow/Deny lines in those
blocks with the relevant hostnames and IP addresses I require (basically
it's all the same stuff that I used in my 1.3 conf.) HostnameLookups is
set to On.

The problem is that clients from "" get a 403, and "" is in
the Allow line of the server-status and server-info blocks. If I add the
IP, then everything is fine, and the mod_{info|status} pages are served
back to the client.

It seems that, even though HostnameLookups is on, mod_access is denying
the host for only URLs that are generated by a module invoked by
SetHandler, as is the case with "/server-info" and "/server-status" If the
IP is added, then all is fine. So I dont think mod_access is getting the
DNS lookup of the client before it processes the request.

DNS does work for these clients - both forward and reverse. the hostname
is subsequently logged in the access_log... so this may be a case of the
DNS lookup being done too late in the game?


On that note, in either of the above cases, the server tries to lstat
$SERVER_ROOT/server-status and such. This seems like a waste... perhaps we
can short-circuit that logic if we know a URL location is handled within a
module such as mod_info and mod_status?

I can provide truss output for those interested.


And finally, whilst trying to figure out the above problem, I noticed this
in my error_log when a 403 errordoc is generated:

[Tue May 21 17:09:49 2002] [error] [client] Invalid
expression "$REDIRECT_URL = /\/$/" in file

Of course, those are stock errordocs. It seems like
HTTP_FORBIDDEN.html.var is the only one with that regex in it.



View raw message