httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: Deny from hostname broken in 2.0 on MacOSX 10.2
Date Thu, 03 Oct 2002 11:19:32 GMT
Sander Temme <> writes:

> On MacOSX 10.2 "Jaguar", hostname based access control is broken in Apache
> 2.0. This problem appears in the access tests of the perl-framework, where
> any test that tests something like 'Deny from localhost' fails. I have since
> determined that deny from any other hostname is broken as well.
> This problem goes away when Apache 2.0 is configured to disable IPv6
> support. 
> I have stepped through the code of a regular (IPv6-enabled) builda bit and
> it appears that what comes back from accept(2) is an IPv6 address, which
> apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the
> remote address information is eventually (sa_common.c:508) passed to
> getnameinfo(3) which returns unsuccessfully with EAI_NONAME.

I guess getnameinfo() isn't dealing with IPv6-mapped IPv4 addresses
(IPv6 addresses that print as ::FFFF:, where the
low-order word is simply the IPv4 address and the next two bytes
are FFFF)?

Dang, I haven't yet brought myself to fork over the $129.00 to upgrade
to Jaguar or I could see for myself :(

This is the general idea of what should happen:

getaddrinfo af_unspec
Getaddrinfo results:
IP Addr:
Family: 2
Flags: 0
Port: 0

IP Addr:
Family: 2
Flags: 0
Port: 0

IP Addr:
Family: 2
Flags: 0
Port: 0

IP Addr:
Family: 2
Flags: 0
Port: 0

getnameinfo ::ffff:
Getnameinfo results:
Hostname: ""

> Could anyone opine on how serious this is and whether we should (could?)
> disable IPv6 by default on Jaguar?

very serious

yes, we could disable IPv6 by default on Jaguar/Darwin

I'd love to play with it to make sure it isn't Apache or APR that is
misbehaving or otherwise contributing to the breakage.  I'll try to
send you a test program to run to make sure I understand what is going

Jeff Trawick |
Born in Roswell... married an alien...

View raw message