httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clive Kinton <mailbacku...@googlemail.com>
Subject Re: [users@httpd] OT: Vista Xampp and 'allow from localhost'
Date Thu, 01 Oct 2009 10:37:13 GMT
On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote:
> On Sep 30, 2009, at 15:47 , Clive Kinton wrote:
> 
> > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
> > Vista and ip to hostname resolution for 'localhost'? The httpd.conf
is
> > vanilla, as shipped.
> >
> > Specific issue: Trying to limit access to a directory with a
> > simple .htaccess file like:
> >
> > Order deny,allow
> > Deny from all
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> > or even
> >
> > Order allow,deny
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> >> From the localhost calling the protected directory thus:
> > http://127.0.0.1/protected
> >
> > Works - but -
> > http://localhost/protected
> > does not and 403's
> 
> What does the error log say when this happens?
> 
> "Allow from" doesn't apply to the hostname requested, but the client  
> doing the requesting. So the hostname that appears in the URL  
> shouldn't have anything at all to do with whether those "allow from"  
> directives are honored.

I agree Rich. It should not make a blind bit of difference to it. I was
asked why because I knew 'a little bit' about apache. Initially I mocked
it up on an Ubuntu server* running:

Server version: Apache/2.2.9 (Ubuntu)
Server built:   Jul 10 2009 18:43:23

and it is CNR.

*The only subtle difference is the default on Ubuntu is the default site
is a Virtual host called in by apache2.conf

On this with the directives set;

        DocumentRoot /home/www/htdocs/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/www/htdocs/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

and a sub directory /htdocs/protected

with .htaccess within reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://localhost/protected/index.html
http://127.0.0.1/protected/index.html
Both serve as they should from localhost - and are refused from another
client.

The log for the call shows;

localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html
HTTP/1.1" 200 ....

And has clearly got 'localhost' as the name of the connecting client.





Now, on the Apache on Vista HP (xampp) with the directives set up in
httpd.conf (rather than VIRTUAL) and some slight path differences:

DocumentRoot "C:/xampp/experiment/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory "C:/xampp/experiment/htdocs">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

With a sub directory /images containing .htaccess reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://127.0.0.1/images/index.html
Serves as expected

http://localhost/images/index.html
Throws a 403 with log entry:
vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html
HTTP/1.1" 403 ....

It has resolved localhost to it's actual hostname of 'vista-pc' *so IP
to NAME is doing something* This is different to the Ubuntu box which
resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I
suspect this comes down to how Vista resolves IP to Name, hence I
suspect it is OT.


ASIDE
*****
Calling without naming the index page: http://localhost/images/ shows
the index with the restriction not working (this appears to be dictated
by '-' missing from Indexes. The behaviour consistent across platforms)
*****

> Nah, it's not off-topic. It's apache httpd configuration. xampp is  
> just one possible distribution of our code.
I'm sure this is some weirdness in where Vista changing 'localhost' for
the actual hostname. Both the hosts and LMhost.sam file have:

127.0.0.1       localhost

but none the less, it seems to resolve it to 'vista-pc' instead, using
something like 'hostname'. It is not named vista-pc anywhere else, it
has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box
is called 'square', but Apache manages to get 'localhost' for it. I'm
not sure how relevant this is.

The final point - from Vista calling: http://127.0.0.1/images/index.html
Also 404's if you have .htaccess looking like this:

Order allow,deny
allow from localhost

But *works* (serves the page) if you have this;

Order allow,deny
allow from localhost
allow from 127.0.0.1

I'm starting to wonder if this could be a bug? But why only on Vista???
What am I missing here?

> 
> --
> http://us.apachecon.com/c/acus2009/sessions/363
> Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message