Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 47334 invoked from network); 1 Oct 2009 16:19:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Oct 2009 16:19:01 -0000 Received: (qmail 22155 invoked by uid 500); 1 Oct 2009 16:18:57 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 22136 invoked by uid 500); 1 Oct 2009 16:18:57 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 22127 invoked by uid 99); 1 Oct 2009 16:18:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 16:18:57 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mailbackup19@googlemail.com designates 74.125.78.145 as permitted sender) Received: from [74.125.78.145] (HELO ey-out-1920.google.com) (74.125.78.145) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 16:18:45 +0000 Received: by ey-out-1920.google.com with SMTP id 3so1568710eyh.0 for ; Thu, 01 Oct 2009 09:18:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=iVSP5OrQcVEl2JP85s4E7qyFCBj8CGhJgjVSHef8T6A=; b=QZRCCr7LTAQR8e0RirJlzv8g6j6gTOucPmI6BWdW/czPNd1lffwIbdSUsKyQbIitDY XNkuzXXj+e+99j5DHQCPItIos6ethi5YktKt7JIcDlFoD6oeyXs4OI8IiQdPql1l2W7G cuAg3U4CnWB0g93vMOEpw2xaQRy1EOmmYWbVM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=Gcy+PMXouQcT0uTPV/BG9IZzmuCbgpQPmRKqSbQfBBCctT55kze0HAzY9AIiJPSOv6 Rf6/TPE7IJVZzTBjryFgg8JSZsPEJLVOlCuw2Uhw6foymks+mLU4oMzxYLt1auNGtaeP Aql10jZMVXNtzy3h2sj84M71igTvvTmRqDXzs= Received: by 10.210.6.8 with SMTP id 8mr1639092ebf.80.1254413905545; Thu, 01 Oct 2009 09:18:25 -0700 (PDT) Received: from ?192.168.1.56? (stinger.wibblywobblyteapot.co.uk [82.70.24.238]) by mx.google.com with ESMTPS id 24sm73962eyx.1.2009.10.01.09.18.23 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 01 Oct 2009 09:18:24 -0700 (PDT) From: Clive Kinton Reply-To: mailbackup19@googlemail.com To: users@httpd.apache.org In-Reply-To: <8830B420-BB43-449E-8B5D-5196600E1FB7@rcbowen.com> References: <1254340065.19628.11.camel@testicle> <8830B420-BB43-449E-8B5D-5196600E1FB7@rcbowen.com> Content-Type: text/plain Date: Thu, 01 Oct 2009 17:18:22 +0100 Message-Id: <1254413902.11150.1.camel@testicle> Mime-Version: 1.0 X-Mailer: Evolution 2.24.3 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] OT: Vista Xampp and 'allow from localhost' On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote: > On Sep 30, 2009, at 15:47 , Clive Kinton wrote: > > > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on > > Vista and ip to hostname resolution for 'localhost'? The httpd.conf is > > vanilla, as shipped. > > > > Specific issue: Trying to limit access to a directory with a > > simple .htaccess file like: > > > > Order deny,allow > > Deny from all > > Allow from localhost > > Allow from 127.0.0.1 > > > > or even > > > > Order allow,deny > > Allow from localhost > > Allow from 127.0.0.1 > > > >> From the localhost calling the protected directory thus: > > http://127.0.0.1/protected > > > > Works - but - > > http://localhost/protected > > does not and 403's > > What does the error log say when this happens? > > "Allow from" doesn't apply to the hostname requested, but the client > doing the requesting. So the hostname that appears in the URL > shouldn't have anything at all to do with whether those "allow from" > directives are honored. I agree Rich. It should not make a blind bit of difference to it. I was asked why because I knew 'a little bit' about apache. Initially I mocked it up on an Ubuntu server* running: Server version: Apache/2.2.9 (Ubuntu) Server built: Jul 10 2009 18:43:23 and it is CNR. *The only subtle difference is the default on Ubuntu is the default site is a Virtual host called in by apache2.conf On this with the directives set; DocumentRoot /home/www/htdocs/ Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all and a sub directory /htdocs/protected with .htaccess within reading: Order deny,allow Deny from all Allow from localhost Allow from 127.0.0.1 http://localhost/protected/index.html http://127.0.0.1/protected/index.html Both serve as they should from localhost - and are refused from another client. The log for the call shows; localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html HTTP/1.1" 200 .... And has clearly got 'localhost' as the name of the connecting client. Now, on the Apache on Vista HP (xampp) with the directives set up in httpd.conf (rather than VIRTUAL) and some slight path differences: DocumentRoot "C:/xampp/experiment/htdocs" Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order allow,deny Allow from all With a sub directory /images containing .htaccess reading: Order deny,allow Deny from all Allow from localhost Allow from 127.0.0.1 http://127.0.0.1/images/index.html Serves as expected http://localhost/images/index.html Throws a 403 with log entry: vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html HTTP/1.1" 403 .... It has resolved localhost to it's actual hostname of 'vista-pc' *so IP to NAME is doing something* This is different to the Ubuntu box which resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I suspect this comes down to how Vista resolves IP to Name, hence I suspect it is OT. ASIDE ***** Calling without naming the index page: http://localhost/images/ shows the index with the restriction not working (this appears to be dictated by '-' missing from Indexes. The behaviour consistent across platforms) ***** > Nah, it's not off-topic. It's apache httpd configuration. xampp is > just one possible distribution of our code. I'm sure this is some weirdness in where Vista changing 'localhost' for the actual hostname. Both the hosts and LMhost.sam file have: 127.0.0.1 localhost but none the less, it seems to resolve it to 'vista-pc' instead, using something like 'hostname'. It is not named vista-pc anywhere else, it has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box is called 'square', but Apache manages to get 'localhost' for it. I'm not sure how relevant this is. The final point - from Vista calling: http://127.0.0.1/images/index.html Also 404's if you have .htaccess looking like this: Order allow,deny allow from localhost But *works* (serves the page) if you have this; Order allow,deny allow from localhost allow from 127.0.0.1 I'm starting to wonder if this could be a bug? But why only on Vista??? What am I missing here? > > -- > http://us.apachecon.com/c/acus2009/sessions/363 > Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org