From nobody@hyperreal.com Sat May 3 16:34:11 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.5/8.8.5) id QAA22748; Sat, 3 May 1997 16:34:11 -0700 (PDT) Message-Id: <199705032334.QAA22748@hyperreal.com> Date: Sat, 3 May 1997 16:34:11 -0700 (PDT) From: Fred Lindberg Reply-To: lindberg@id.wustl.edu To: apbugs@hyperreal.com Subject: mod_access syntax allows hosts that should be restricted X-Send-Pr-Version: 3.2 >Number: 537 >Category: mod_access >Synopsis: mod_access syntax allows hosts that should be restricted >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: suspended >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat May 3 16:40:02 1997 >Last-Modified: Sun May 4 13:19:30 PDT 1997 >Originator: lindberg@id.wustl.edu >Organization: >Release: 1.2b10 >Environment: Linux 1.2.29 (not relevant) >Description: allow id.wustl.edu applies not only to 'id.wustl.edu', but also to all 'host.id.wustl.edu'. A better syntax would be 'allow id.wustl.edu' for the host, and 'allow .id.wustl.edu' for the subdomain. This is also true for IP addresses, but of no consequence, since all IP addresses are the same length (4 pos). Note: The current behavior is consistent with the docs, but not optimal IMHO. >How-To-Repeat: Try 'allow apache.org'. This will also allow www.apache.org. 'allow .apache.org' allows the entire subdomain, but there is no way to allow only 'apache.org'. >Fix: mod_access 'else return (domain[0] == '.' || what[wl-dl-1] == '.');' to 'else return (domain[0] == '.' && what[wl-dl-1] == '.');' >Audit-Trail: State-Changed-From-To: open-suspended State-Changed-By: dgaudet State-Changed-When: Sun May 4 13:19:29 PDT 1997 State-Changed-Why: Reasonable suggestion, will be considered post-1.2. Thanks for using Apache! Dean >Unformatted: