www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JP Donnio <...@tbs-internet.com>
Subject general/6888: add unresolved to mod_access
Date Mon, 27 Nov 2000 08:30:08 GMT
The following reply was made to PR general/6888; it has been noted by GNATS.

From: JP Donnio <tag@tbs-internet.com>
To: slive@apache.org
Cc: apbugs@apache.org
Subject: general/6888: add unresolved to mod_access
Date: Mon, 27 Nov 2000 09:24:20 +0100

 > If the patch is small, feel free to append it to
 > this problem report by emailing it according to
 > the instructions above. (Please use plain text.)
 
 Please find it below.
  
 > However, I'm not sure that it will be incorporated
 > in Apache for two reasons:
 > 1. The same thing can be accomplished with mod_rewrite.
 > (Although the syntax would obviously be more complicated.)
 > 2. It seems like a relatively obscure requirement.
 > It obviously provides no real security.  However,
 > I can see where some people would find it useful.
 
 I'd like to explain further why it can be useful. We are working out 
 copyright problems and need to be able to exclude some countries from 
 non-authenticated (understand username + password) access. We have used
 'deny from country' in addition to a list of prefixed that we obtained 
 from a complex analysis of BGP announcements.
 
 We found out that it may be easier and more effective to require all 
 un-identified IP addresses to use a username and password. Therefore we 
 use a 'deny from unresolved' in conjunction with a 'satisfy any' and 
 a mysql password database. Denied users are asked for a password that 
 they should ask for. That comes in addition of prefix list we still 
 obtain from BGP analysis.
 
 The patch only adds 19 lines to the mod_access source. If it is correct 
 (I'm not a programmer) it is worth adding. I guess that with the ruling 
 of Yahoo and Nazi containt, people are going to have increasing problems
 identifying users. This patch might help.
 
 http://www.zdnet.com/zdnn/stories/news/0,4586,2655972,00.html
 
 
 
 --- mod_access.c.orig   Sat Nov 25 10:12:31 2000
 +++ mod_access.c        Sat Nov 25 10:17:16 2000
 @@ -73,7 +73,8 @@
      T_ALL,
      T_IP,
      T_HOST,
 -    T_FAIL
 +    T_FAIL,
 +    T_UNRESOLVED
  };
  
  typedef struct {
 @@ -165,6 +166,10 @@
         a->type = T_ALL;
  
      }
 +    else if (!strcasecmp(where, "unresolved")) {
 +        a->type = T_UNRESOLVED;
 +
 +    }
      else if ((s = strchr(where, '/'))) {
         unsigned long mask;
  
 @@ -335,6 +340,21 @@
             if ((gothost == 2) && in_domain(ap[i].x.from, remotehost))
                 return 1;
             break;
 +
 +        case T_UNRESOLVED:
 +            if (!gothost) {
 +                remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
 +                                            REMOTE_DOUBLE_REV);
 +
 +                if ((remotehost == NULL) || is_ip(remotehost))
 +                    gothost = 1;
 +                else
 +                    gothost = 2;
 +            }
 +
 +            if (gothost == 1)
 +                return 1;
 +            break;
  
         case T_FAIL:
             /* do nothing? */

Mime
View raw message