Received: (qmail 15890 invoked by uid 2012); 26 Jul 1999 14:11:30 -0000 Message-Id: <19990726141130.15889.qmail@hyperreal.org> Date: 26 Jul 1999 14:11:30 -0000 From: Steven Janowsky Reply-To: sjanowsky@thi.com To: apbugs@hyperreal.org Subject: deny from subnet doesn't deny access X-Send-Pr-Version: 3.2 >Number: 4770 >Category: mod_access >Synopsis: deny from subnet doesn't deny access >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jul 26 07:20:01 PDT 1999 >Closed-Date: Wed Jun 07 12:12:33 PDT 2000 >Last-Modified: Wed Jun 07 12:12:33 PDT 2000 >Originator: sjanowsky@thi.com >Release: 1.3.6 >Organization: >Environment: Linux 2.0.36 >Description: if access.conf contains: deny from 204.217.122.161 then access is denied but if it contains: deny from 204.217.122.0/24 it is allowed >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: rederpj@raleigh.ibm.com State-Changed-When: Wed Aug 4 13:17:33 PDT 1999 State-Changed-Why: I have worked to reproduce this but cannot. I assume that you had the specified Deny clause within a container (Directory?). Since I do not know what your specified Order was or if there was a specified Allow clause I cannot be completely certain of my successful results. If the Deny is specified inside a valid container and the Order is specified as allow,deny (if Allow is less restrictive such as Allow from All), and the provided Deny clauses are used, it denies access for both cases in my tests. If you can provide more detail to show how you are getting it to fail, it would be greatly appreciated. Otherwise the conclusion has to be that it is currently working on version 1.3.7-dev of Apache. You may wish to run your tests on your version and on the latest version (if your version still fails). Comment-Added-By: rederpj@raleigh.ibm.com Comment-Added-When: Fri Aug 13 12:21:36 PDT 1999 Comment-Added: This has now been fixed by a patch to mod_access.c (1.39). It is in the 1.3.8-dev tree. It can be tested by either applying the (one line) patch to the version you have or by obtaining the latest version of the code. Please test it to be sure that this patch works for you then send an update to the PR (or send me a note) so we can close it (or fix it). Thank you. State-Changed-From-To: feedback-closed State-Changed-By: coar State-Changed-When: Wed Jun 7 12:12:33 PDT 2000 State-Changed-Why: [This is a standard response.] No response from submitter, assuming issue has been resolved. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]