www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_auth-any/1534: 'allow from' only allows access when given ip addresses, subnet arguments (a.b.c.d/x) refuse access
Date Thu, 11 Dec 1997 04:00:01 GMT
The following reply was made to PR mod_access/1534; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Samuli Kärkkäinen <sak@iki.fi>
Cc: apbugs@hyperreal.org
Subject: Re: mod_auth-any/1534: 'allow from' only allows access when given ip addresses, subnet
arguments (a.b.c.d/x) refuse access
Date: Wed, 10 Dec 1997 20:47:15 -0700 (MST)

 On 8 Dec 1997, Samuli K=E4rkk=E4inen wrote:
 
 > >Description:
 > My domain is using the so called "reverse kludge" for reverse DNS. I beli=
 eve
 > this is causing 'allow from' directive to accept only some forms of defin=
 ing
 > client address. Full configuration can be seen at
 > http://www.kelloseppakoulu.fi:8888/. That URL maps to the configuration
 > directory of that server. The configuration is very close to the
 > example configuration that comes with apache distribution. With that
 > configuration access is allowed from everywhere, as it should.
 >=20
 > The following discussion applies to our domain (which, as mentioned, uses
 > reverse kludge for reverse DNS). If I replace 'allow from all' with
 >   allow from 194.100.26.178
 > which is the address of my computer in that LAN, I am correctly given acc=
 ess.
 > If I replace it with
 >   allow from 194.100.26.128/26
 > or
 >   allow from kelloseppakoulu.fi
 > or
 >   allow from .fi
 > all of which should grant access to all hosts in our domain, no host in o=
 ur
 > domain is given access.
 
 In addition to what Dean said about the / notation not being implemented
 in 1.2, the reason why kelloseppakoulu.fi doesn't work is probably because
 your machines aren't configured to return full hostnames.
 
 If you try to access the web server from a machine that should be allowed
 access, what is recorded in the access log for the hostname?  If it is an
 IP, then you either don't have Apache setup to do name lookups or you
 don't have proper reverse.  If it is a hostname without domain, then you
 have an /etc/hosts file or NIS setup that is being used instead of DNS.
 

Mime
View raw message