httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@apache.org>
Subject [PATCH] Deny when reverse lookup fails
Date Fri, 04 Oct 2002 04:49:23 GMT
This patch fixes the problem I mentioned in my reply to Jeff - namely that 
any deny host directive should deny access when a double reverse lookup 
fails.

I'm out of town this weekend, so I don't have a lot of time to test this.

Other eyes appreciated.  (Feel free to commit.)  -- justin

Index: mod_authz_host.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_authz_host.c,v
retrieving revision 1.1
diff -u -r1.1 mod_authz_host.c
--- mod_authz_host.c	10 Sep 2002 00:15:39 -0000	1.1
+++ mod_authz_host.c	4 Oct 2002 04:37:07 -0000
@@ -240,7 +240,8 @@
     }
 }

-static int find_allowdeny(request_rec *r, apr_array_header_t *a, int 
method)
+static int find_allowdeny(request_rec *r, apr_array_header_t *a, int 
method,
+                          int deny)
 {

     allowdeny *ap = (allowdeny *) a->elts;
@@ -280,6 +281,12 @@
                                                 &remotehost_is_ip);

                 if ((remotehost == NULL) || remotehost_is_ip) {
+                    if (deny) {
+                        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                                      "client denied due to reverse lookup 
"
+                                      "failure: %s", r->filename);
+                        return 1;
+                    }
                     gothost = 1;
                 }
                 else {
@@ -310,24 +317,24 @@

     if (a->order[method] == ALLOW_THEN_DENY) {
         ret = HTTP_FORBIDDEN;
-        if (find_allowdeny(r, a->allows, method)) {
+        if (find_allowdeny(r, a->allows, method, 0)) {
             ret = OK;
         }
-        if (find_allowdeny(r, a->denys, method)) {
+        if (find_allowdeny(r, a->denys, method, 1)) {
             ret = HTTP_FORBIDDEN;
         }
     }
     else if (a->order[method] == DENY_THEN_ALLOW) {
-        if (find_allowdeny(r, a->denys, method)) {
+        if (find_allowdeny(r, a->denys, method, 1)) {
             ret = HTTP_FORBIDDEN;
         }
-        if (find_allowdeny(r, a->allows, method)) {
+        if (find_allowdeny(r, a->allows, method, 0)) {
             ret = OK;
         }
     }
     else {
-        if (find_allowdeny(r, a->allows, method)
-            && !find_allowdeny(r, a->denys, method)) {
+        if (find_allowdeny(r, a->allows, method, 0)
+            && !find_allowdeny(r, a->denys, method, 1)) {
             ret = OK;
         }
         else {



Mime
View raw message