httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] <directory> and deny directives
Date Fri, 14 Sep 2007 16:08:30 GMT
On 9/14/07, Mark A. Craig <mark.a.craig@gmail.com> wrote:
>  It would sure be
> nice if the code didn't pull a non-intuitive stunt like this, though!  If the
> DNS lookup resolves to the specified *partial* hostname, it should act on it,
> not second-guess it with an rDNS like this.

Yes, it is non-intuitive. But on the other hand, it is much more
common to use hostnames for Allow directives than for Deny directives
(since the hostname is often under the control of the attacker). You
MUST check the forward and reverse for Allow directives, or else they
would be worthless. And then it could potentially cause even more
confusion if the Allow and Deny directives matched differently.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message