httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabien <>
Subject Re: access control for dynamic hosts
Date Thu, 14 Jan 2016 08:38:25 GMT

Hello Apache devs,

Would anyone have an opinion, please?

Although I can just commit the proposed changes, a formal go would be 

On Sun, 20 Dec 2015, Fabien wrote:

> Date: Sun, 20 Dec 2015 09:44:55 +0100 (CET)
> From: Fabien <>
> Reply-To:
> To: APACHE development mailing list <>
> Subject: access control for dynamic hosts
> Hello folks,
> I have a simple access control use case for which I have not found a clean 
> solution.
> I want to control access to a service based on the name of the client, 
> however the client is a dynamic host, which implies that:
> (1) I do not have any control about the reverse DNS
>     => this rules out "Require host"
> (2) the IP may change arbitrarily
>     => this rules out "Require ip"
> By browsing around it seems that I'm not alone having this issue, and I have 
> not found any solution for that with apache configuration, nor a matching 
> module in "" listing.
> The current workaround is to update the IP manually when it fails. Although I 
> could automate (say query the ip periodically and update & reload the conf if 
> there is a change), ISTM that it really belongs to apache configuration.
> I would like something like "Require XXX foo.dynamic-dns.somewhere" (where 
> XXX could be "name", "hostname", "dynamic", ...) which would query the NS 
> when the HTTP request is received and check that the corresponding ip is the 
> client IP.
> I'm planing to develop a small module for that, and as it is somehow quite a 
> basic service it could be a candidate for being added to 
> "modules/aaa/mod_authz_host.c".
> Another approach could be to extend apache expressions with a function
> to query the DNS, but that seems a little overkill.
> Any thoughts?


View raw message