www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Sherer <ch...@emerging.org>
Subject mod_access/4454: ip groupings
Date Fri, 21 May 1999 18:44:36 GMT

>Number:         4454
>Category:       mod_access
>Synopsis:       ip groupings
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Fri May 21 11:50:01 PDT 1999
>Originator:     chaos@emerging.org
>Release:        1.3.6
linux 2.2.5, solaris 2.5.1
We are moving away from Oracle's web server to Apache.  (thank god) but we have
ip groupings defined in oracle, of the form:
external: 206.36.216.*
hierarchy2: 192.112.102.* external
so that hierarchy2 can easily inherit the list defined in the external group.
it makes it really easy to define short access lists for all the protected
areas we have defined.  (otherwise listing all the permissions would be hell
to maintain.)  
i've played around with the source, but it seems that my c has completely
gone to crap. anyway, what i was thinking was that it should be easy to 
extend the "allow from" to handle something like
"allow from 192.112.102.* $EXTERNAL" 
where $EXTERNAL is defined in the environment, and when seen, it's retrieved, 
taken apart and applied to the rest of the list.  what seems to happen, though,
is that the allow_cmd function only takes one element at a time, and i don't
know if it's safe to recurse with the contents of the newly found variable.
any ideas?  (i'll be out of the u.s. for a couple weeks, but i'll try
to tap in occaisionally if possible.)
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

View raw message