httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike -- EMAIL IGNORED <m_d_berger_1...@yahoo.com>
Subject [users@httpd] Re: Proposal to Optionally Block DNS
Date Tue, 25 Aug 2009 15:12:47 GMT
On Mon, 24 Aug 2009 17:27:06 -0700, J. Greenlees wrote:

> I propose this upgrade to Apache:
> Mike -- EMAIL IGNORED wrote:

[...]

> and using:
> #
> # HostnameLookups: Log the names of clients or just their IP addresses #
> e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off
> because it'd be overall better for the net if people # had to knowingly
> turn this feature on, since enabling it means that # each client request
> will result in AT LEAST one lookup request to the # nameserver. #
> HostnameLookups Off
> 
> that is already supported fails to meet your needs how?
> 
> Jaqui
> 
> 
>
Thanks, I was not aware of this.  It almost explains what I have seen,
namely DNS activity greatly increased when I started using https.  But
not quite.  The Apache documentation for HostnameLookups indicates there
DNS will occur in any case in mod_authz_host is in use.  In my case,
"Allow from" is used, but only with "none", "all" and partial IP
addresses referring to the LAN.  Most notably, this use mod_authz_host
did not change (at least by me) when I began using https.  I presume,
therefore, that something else in https caused the change, although
I can't be sure of this because I did make substantial structural
changes to httpd.config .

I therefore revise my suggestion as follows:

   HostnameLookups Never

Simpliciter; use with caution.

Mike.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message