From nobody@hyperreal.com Wed Apr 2 14:29:39 1997 Received: by taz.hyperreal.com (8.8.4/V2.0) id OAA28361; Wed, 2 Apr 1997 14:29:39 -0800 (PST) Message-Id: <199704022229.OAA28361@taz.hyperreal.com> Date: Wed, 2 Apr 1997 14:29:39 -0800 (PST) From: Jason Repik Reply-To: jjrepik@hyperion.plk.af.mil To: apbugs@hyperreal.com Subject: incorrect hostname lookup for allow/deny directives X-Send-Pr-Version: 3.2 >Number: 305 >Category: mod_access >Synopsis: incorrect hostname lookup for allow/deny directives >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 2 14:30:01 1997 >Last-Modified: Wed Apr 2 17:06:18 PST 1997 >Originator: jjrepik@hyperion.plk.af.mil >Organization: >Release: 1.2.7b >Environment: Solaris 2.5.1 gcc version 2.7.2.1.f.1 >Description: I have setup our top level webdocs to accessible to the world. In attempting to give per directory access to subdirectorys to my subdomain with the allow/deny directives it would not work. Here is the basic model I use: order deny,allow deny from all allow from hyperion When the allow directive was changed to .plk.af.mil I could not access that directory from anywhere. When it was changed to .cs.unm.edu, I could access it from machines in the .cs.unm.edu subdomain and nowhere else. When I changed it to a specific name of a machine in my subdomain, I could access it from that machine. This leads me to believe that since the machine the server is running on is hyperion.plk.af.mil that when it does a hostname lookup it is only returning the short name of hyperion therefore not showing the .plk.af.mil subdomain part of the name and therefore not allowing access. >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Wed Apr 2 17:06:17 PST 1997 State-Changed-Why: The OS isn't always returning a fully qualified hostname. All Apache does is a gethostbyaddr(); there is no portable way for Apache to say it wants a fully qualified domain name. It is possible to configure Solaris to return a fully qualified name, but exactly how you do that could possibly involve your /etc/hosts file, your NIS setup, or /etc/nsswitch.conf, among other things. >Unformatted: