httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@covalent.net>
Subject Deny from hostname broken in 2.0 on MacOSX 10.2
Date Thu, 03 Oct 2002 06:22:18 GMT
Dear list,

On MacOSX 10.2 "Jaguar", hostname based access control is broken in Apache
2.0. This problem appears in the access tests of the perl-framework, where
any test that tests something like 'Deny from localhost' fails. I have since
determined that deny from any other hostname is broken as well.

This problem goes away when Apache 2.0 is configured to disable IPv6
support. 

I have stepped through the code of a regular (IPv6-enabled) builda bit and
it appears that what comes back from accept(2) is an IPv6 address, which
apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the
remote address information is eventually (sa_common.c:508) passed to
getnameinfo(3) which returns unsuccessfully with EAI_NONAME.

I'm not very familiar with IPv6, but I know that my DNS only has IPv4
adresses. Is there no fallback where it looks up based on the IPv4 address
when it can't find resolution for IPv6? Anyway. Very unfortunate that this
getnameinfo call borks on resolving the IPv6 version of localhost because
that's what makes the tests fail. I think, however, that this is a platform
error and not Apache-specific. As for reverse resolving IPv6 addresses in
general, I don't think any network I connect to on a regular basis is set up
for that. I have tried this on an IPv6-enabled FreeBSD box and all tests
pass. This one however has a line defining localhost as ::1 as well as one
for 127.0.0.1. Maybe I should try adding that to the Jaguar box. I don't
think I have tried access control from other host names on that FreeBSD box.

Could anyone opine on how serious this is and whether we should (could?)
disable IPv6 by default on Jaguar?

Thank you for your time,

S.

-- 
Covalent Technologies                             sctemme@covalent.net
Engineering group                                Voice: (415) 856 4214
303 Second Street #375 South                       Fax: (415) 856 4210
San Francisco CA 94107

   PGP Fingerprint: 1E74 4E58 DFAC 2CF5 6A03  5531 AFB1 96AF B584 0AB1

=======================================================
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message
=======================================================


Mime
View raw message