Received: (qmail 22920 invoked by uid 2012); 20 Jul 1999 16:34:55 -0000
Message-Id: <19990720163455.22919.qmail@hyperreal.org>
Date: 20 Jul 1999 16:34:55 -0000
From: theo van dinter <felicity@kluge.net>
Reply-To: felicity@kluge.net
To: apbugs@hyperreal.org
Subject: Visiting server-status logs the hostname of the client regardless of HostnameLookup.
X-Send-Pr-Version: 3.2

>Number:         4744
>Category:       mod_status
>Synopsis:       Visiting server-status logs the hostname of the client regardless of HostnameLookup.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          feedback
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 20 09:40:02 PDT 1999
>Last-Modified:  Sun Aug  1 12:00:01 PDT 1999
>Originator:     felicity@kluge.net
>Organization:
>Release:        1.3.6
>Environment:
SunOS pubserv 5.5.1 Generic_103640-24 sun4m sparc sun4m
>Description:
I don't want hostnames resolved for the access log, so I commented out the default
'HostnameLookup on' line (I also tried changing on to off).  This works fine for
general hits to the server, but any access of /server-status/ (using mod_status)
causes a lookup:

199.172.48.67 - - [20/Jul/1999:12:27:33 -0400] "GET / HTTP/1.0" 200 7320
kenny.chrysalis.com - - [20/Jul/1999:12:27:43 -0400] "GET /server-status/ 
HTTP/1.0" 200 2591
>How-To-Repeat:
Configure mod_status to be used for some URL, and turn hostnamelookup off.  Visit
the status page, and any other URL on the same server.
>Fix:

>Audit-Trail:
State-Changed-From-To: open-feedback
State-Changed-By: coar
State-Changed-When: Mon Jul 26 04:19:41 PDT 1999
State-Changed-Why:

Do you have your /server-status Location protected by
something like "Deny from all","Allow from .kluge.net"?
If so, that's the cause -- on name-based access
restrictions, Apache *always* does a double-reverse
lookup, which will result in the client name being stored
in the appropriate structures and hence available (and
used) for logging.


From: Rodent of Unusual Size <Ken.Coar@Golux.Com>
To: Apache bug database <apbugs@Apache.Org>
Cc:  Subject: Re: mod_status/4744: Visiting server-status logs the hostname of the client regardless of HostnameLookup.
Date: Sun, 01 Aug 1999 14:54:27 -0400

 [Comment from submitter]
 
 Theo Van Dinter wrote:
 > 
 > |Do you have your /server-status Location protected by
 > |something like "Deny from all","Allow from .kluge.net"?
 > |If so, that's the cause -- on name-based access
 > |restrictions, Apache *always* does a double-reverse
 > |lookup, which will result in the client name being stored
 > |in the appropriate structures and hence available (and
 > |used) for logging.
 > 
 > Ok, that does explain it.  I would still classify it as
 > a bug though:  The whole point of "HostnameLookup off"
 > is so that the IP is the only client identifier in the
 > logs/passed to CGIs/etc.  Since the current scheme doesn't
 > always do what you expect (named-based access controls
 > causes hostname to be used instead of IP), it should be
 > fixed, or minimally at least documented w/"Hostnamelookup"
 > (it's hinted to, but not clearly indicated).
 > 
 > Would it be possible to say something like: (pseudo-ish code...)
 > 
 > if ( configuration.hostnamelookup == 0 )
 >         Log(request.clientIP);
 > else {
 >         if ( request.clientname[0] != '\0' )
 >                 Log(request.clientname);
 >         else
 >                 Log(request.clientIP);
 > }
 > 
 > ??
 > 
 > thanks.

From: Rodent of Unusual Size <Ken.Coar@Golux.Com>
To: Apache bug database <apbugs@Apache.Org>
Cc:  Subject: Re: mod_status/4744: Visiting server-status logs the hostname of the client regardless of HostnameLookup.
Date: Sun, 01 Aug 1999 14:57:40 -0400

 Theo Van Dinter wrote:
 > 
 > The
 > whole point of "HostnameLookup off" is so that the IP is the only client
 > identifier in the logs/passed to CGIs/etc.
 
 Er, no.  The whole point of "HostNameLookups Off" is to avoid
 the netweork traffic of back-and-forthing with a nameserver
 just to provide a name that has low integrity in any case.
 Log processing scripts should either be able to deal with
 either a name or an IP address.. or else you should make
 your own log format string that uses "%a" instead of the
 default "%h".  See the mod_log_config docco.
 
 I can see documenting this behaviour a bit better, but not
 changing it..
 -- 
 #ken    P-)}
 
 Ken Coar                    <http://Web.Golux.Com/coar/>
 Apache Software Foundation  <http://www.apache.org/>
 "Apache Server for Dummies" <http://ASFD.MeepZor.Com/>
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]