Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 58408 invoked from network); 1 Oct 2009 07:53:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Oct 2009 07:53:38 -0000 Received: (qmail 26971 invoked by uid 500); 1 Oct 2009 07:53:35 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 26927 invoked by uid 500); 1 Oct 2009 07:53:35 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 26918 invoked by uid 99); 1 Oct 2009 07:53:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 07:53:35 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mailbackup19@googlemail.com designates 209.85.220.218 as permitted sender) Received: from [209.85.220.218] (HELO mail-fx0-f218.google.com) (209.85.220.218) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 07:53:22 +0000 Received: by fxm18 with SMTP id 18so5889264fxm.41 for ; Thu, 01 Oct 2009 00:53:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=mT6rDBdWYql9b3yZyLQBL4cAynlWwnucmdJWfw3HftU=; b=hBGzBM3P3vHmUfifxmq3gsUx4kq3Dg4fqaqvy4qUPMAZIEwYYxpD09Dr5pevoQmU/h T8XywFVzV1FQn0M4wO2a7Q+P4fqOty2p9DkhvhPA3sh+EuT61FAZc9I7e87fnJfkRF+/ aiBDuB2LpvyXilkcivh7j7xyfUo0vTHWihGYw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=OuwqBmsnc6Yfo6u+LpWjVSB2nTMIvcVk7za0Pp1vVIVnh4Qu9KiDpHTW4MoLP4Irdc iONcc6Wsw6GfwYQO9SfgRMbds5IaRfp4YnxQX4H7EqHG/17+HHf/xkS2anRjr8hehtlr ZVMaZaUCU4r2J9l8O7574g7xe+J8kh/GTmeV0= Received: by 10.86.8.36 with SMTP id 36mr906344fgh.7.1254383582396; Thu, 01 Oct 2009 00:53:02 -0700 (PDT) Received: from ?192.168.1.56? (stinger.wibblywobblyteapot.co.uk [82.70.24.238]) by mx.google.com with ESMTPS id l19sm42861fgb.27.2009.10.01.00.53.00 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 01 Oct 2009 00:53:01 -0700 (PDT) From: Clive Kinton Reply-To: mailbackup19@googlemail.com To: users@httpd.apache.org In-Reply-To: <8830B420-BB43-449E-8B5D-5196600E1FB7@rcbowen.com> References: <1254340065.19628.11.camel@testicle> <8830B420-BB43-449E-8B5D-5196600E1FB7@rcbowen.com> Content-Type: text/plain Date: Thu, 01 Oct 2009 08:52:58 +0100 Message-Id: <1254383578.15009.51.camel@testicle> Mime-Version: 1.0 X-Mailer: Evolution 2.24.3 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] OT: Vista Xampp and 'allow from localhost' On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote: > On Sep 30, 2009, at 15:47 , Clive Kinton wrote: > > > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on > > Vista and ip to hostname resolution for 'localhost'? The httpd.conf is > > vanilla, as shipped. > > > > Specific issue: Trying to limit access to a directory with a > > simple .htaccess file like: > > > > Order deny,allow > > Deny from all > > Allow from localhost > > Allow from 127.0.0.1 > > > > or even > > > > Order allow,deny > > Allow from localhost > > Allow from 127.0.0.1 > > > >> From the localhost calling the protected directory thus: > > http://127.0.0.1/protected > > > > Works - but - > > http://localhost/protected > > does not and 403's > > What does the error log say when this happens? > > "Allow from" doesn't apply to the hostname requested, but the client > doing the requesting. So the hostname that appears in the URL > shouldn't have anything at all to do with whether those "allow from" > directives are honored. I agree Rich. It should not make a blind bit of difference to it. I was asked why because I knew 'a little bit' about apache. Initially I mocked it up on an Ubuntu server* running: Server version: Apache/2.2.9 (Ubuntu) Server built: Jul 10 2009 18:43:23 and it is CNR. *The only subtle difference is the default on Ubuntu is the default site is a Virtual host called in by apache2.conf On this with the directives set; DocumentRoot /home/www/htdocs/ Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all and a sub directory /htdocs/protected with .htaccess within reading: Order deny,allow Deny from all Allow from localhost Allow from 127.0.0.1 http://localhost/protected/index.html http://127.0.0.1/protected/index.html Both serve as they should from localhost - and are refused from another client. The log for the call shows; localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html HTTP/1.1" 200 .... And has clearly got 'localhost' as the name of the connecting client. Now, on the Apache on Vista HP (xampp) with the directives set up in httpd.conf (rather than VIRTUAL) and some slight path differences: DocumentRoot "C:/xampp/experiment/htdocs" Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order allow,deny Allow from all With a sub directory /images containing .htaccess reading: Order deny,allow Deny from all Allow from localhost Allow from 127.0.0.1 http://127.0.0.1/images/index.html Serves as expected http://localhost/images/index.html Throws a 403 with log entry: vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html HTTP/1.1" 403 .... It has resolved localhost to it's actual hostname of 'vista-pc' *so IP to NAME is doing something* This is different to the Ubuntu box which resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I suspect this comes down to how Vista resolves IP to Name, hence I suspect it is OT. ASIDE ***** Calling without naming the index page: http://localhost/images/ shows the index with the restriction not working (this appears to be dictated by '-' missing from Indexes. The behaviour consistent across platforms) ***** > Nah, it's not off-topic. It's apache httpd configuration. xampp is > just one possible distribution of our code. I'm sure this is some weirdness in where Vista changing 'localhost' for the actual hostname. Both the hosts and LMhost.sam file have: 127.0.0.1 localhost but none the less, it seems to resolve it to 'vista-pc' instead, using something like 'hostname'. It is not named vista-pc anywhere else, it has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box is called 'square', but Apache manages to get 'localhost' for it. I'm not sure how relevant this is. The final point - from Vista calling: http://127.0.0.1/images/index.html Also 404's if you have .htaccess looking like this: Order allow,deny allow from localhost But *works* (serves the page) if you have this; Order allow,deny allow from localhost allow from 127.0.0.1 I'm starting to wonder if this could be a bug? But why only on Vista??? What am I missing here? > > -- > http://us.apachecon.com/c/acus2009/sessions/363 > Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org