www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From keith.tur...@silvaco.com (Keith Turner)
Subject Re: mod_setenvif/4545: No way to limit access based on REMOTE_IDENT RFC1413 identd IdentityCheck
Date Tue, 06 Jul 1999 22:10:02 GMT
The following reply was made to PR mod_setenvif/4545; it has been noted by GNATS.

From: keith.turner@silvaco.com (Keith Turner)
To: coar@apache.org
Cc: apbugs@apache.org
Subject: Re: mod_setenvif/4545: No way to limit access based on REMOTE_IDENT RFC1413 identd
IdentityCheck
Date: Tue, 6 Jul 1999 15:06:57 -0700

 Dear Ken,
 
 > You might check out the mod_access_identd module, which
 > is available from <http://Web.MeepZor.Com/packages/>.
 
 Thanks for the pointer!  This is one possible solution to
 my problem, although I still think that the mod_setenvif
 change is worthwhile.  I'm worried that a change to the
 semantics of the "allow" and "deny" commands make the
 MeepZor module a source of confusion for anyone who
 inherits my web config files.  The mod_setenvif patch is
 more localised and does not change the way the old familiar
 NCSA commands work.
 
 > In the Apache model, access checking occurs before
 > authentication and authorisation checking -- and all
 > of these occur before content handling.  So the
 > information should never reach a CGI script, for
 > instance, because the access decision should have
 > been made much earlier.
 
 I don't understand the relevance of this response.
 I believe the patch I attached to this bug report does the job.
 With the config fragment I gave as the How-To-Repeat it successfully
 limited access based on the response from identd.
 
 Are you saying that the patch doesn't work?
 Are you saying that mod_setenvif is the wrong place to do this?
 Are you saying that this feature should not be part of the
 standard distribution?
 
 Hope you can clarify.
 
 Thanks,
 	/<eith

Mime
View raw message