httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Consequences of disabling mod_authz_host?
Date Sun, 01 Jun 2008 02:44:00 GMT
On Sat, May 31, 2008 at 9:37 PM, Eric <pytechd@gmail.com> wrote:
> From what I understand, mod_authz_host always performs two DNS lookups
> per request when mod_authz_host is enabled, regardless of whether any
> host-based blockings are used.

No, that's not true to the best of my knowledge. If it were true, it
would be a major bug. The lookups are performed only for hostnames (or
things that appear to mod_authz_host to be hostnames).

> I don't need that, in fact, the only
> part of mod_authz_host I use is to set "Order allow,deny" and "Allow
> from all" or "Deny from all".
>
> If I disable mod_authz_host, what are the risks? Currently the only
> blocks I have are from:
>
> <Directory />
>  Order allow,deny
>  Deny from all
> </Directory>
>
> and
>
> <FilesMatch "^\.svn">
>  Order allow,deny
>  Deny from all
> </FilesMatch>
>
> I can block the latter with mod_rewrite. Is the first even necessary?
> It was in my distro's default httpd.conf.

If you don't need host-based blocking, you can disable mod_authz_host.
The first block is basically just a safety feature to try to prevent
you from accidentally exposing things that you intend to be protected.
If the rest of your config is correct, it doesn't do anything.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message