httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] How to allow from non-reversible host name?
Date Thu, 21 Aug 2003 00:04:51 GMT

On Wed, 20 Aug 2003, Noel J. Bergman wrote:
> The use case is simple and not uncommon: a client domain mapped via a
> dynamic DNS service to a dynamic IP.  The reverse lookup for the IP is
> typically something useless like zzz-yyy-xxx-www.network.net.  For example:
>
>    sliva.dyndns.org => 67.68.200.12
>    67.68.200.12    => Toronto-HSE-ppp3774669.sympatico.ca
>
> Seems to me that this can be addressed by something using
>
>   ... if IP == IP of sliva.dyndns.org set let_me_in ...
>   Allow from env=let_me_in
>
> So then what is the cleanest and most efficient way to set the environment
> variable?

Well, since there is no general way to do arbitrary reverse lookups in
apache, I only see two alternatives:

1. Hack mod_access or write a module to do it.

2. mod_rewrite with a prg: RewriteMap.

RewriteEngine On
RewriteMap testaccess prg:/path/to/testaccess.pl
RewriteCond %{testaccess:%{REMOTE_ADDR}} !=allow
RewriteCond .* - [F]

Then in testaccess.pl you read IP addresses on standard input, do whatever
kind of lookup you want, and write "allow" on stdout if you want to allow
access.

I still don't think this feature is generally useful enough to want it in
apache proper.  I can imagine people hanging themselves this way.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message