httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Brandt <jbl...@gmail.com>
Subject Re: access control for dynamic hosts
Date Thu, 14 Jan 2016 09:07:34 GMT
Hi Fabien,

doesn't it work using Require host with a dyndns name? At least my
test was successful.

Cheers
Mario

On 20 December 2015 at 09:44, Fabien <fabien@apache.org> wrote:
>
> Hello folks,
>
> I have a simple access control use case for which I have not found a clean
> solution.
>
> I want to control access to a service based on the name of the client,
> however the client is a dynamic host, which implies that:
>
>  (1) I do not have any control about the reverse DNS
>      => this rules out "Require host"
>
>  (2) the IP may change arbitrarily
>      => this rules out "Require ip"
>
> By browsing around it seems that I'm not alone having this issue, and I have
> not found any solution for that with apache configuration, nor a matching
> module in "modules.apache.org" listing.
>
> The current workaround is to update the IP manually when it fails. Although
> I could automate (say query the ip periodically and update & reload the conf
> if there is a change), ISTM that it really belongs to apache configuration.
>
> I would like something like "Require XXX foo.dynamic-dns.somewhere" (where
> XXX could be "name", "hostname", "dynamic", ...) which would query the NS
> when the HTTP request is received and check that the corresponding ip is the
> client IP.
>
> I'm planing to develop a small module for that, and as it is somehow quite a
> basic service it could be a candidate for being added to
> "modules/aaa/mod_authz_host.c".
>
> Another approach could be to extend apache expressions with a function
> to query the DNS, but that seems a little overkill.
>
> Any thoughts?
>
> --
> Fabien.

Mime
View raw message