Received: (qmail 79459 invoked by uid 501); 6 Nov 2000 16:46:47 -0000 Message-Id: <20001106164647.79436.qmail@locus.apache.org> Date: 6 Nov 2000 16:46:47 -0000 From: jamie rishaw Reply-To: jamie@playboy.com To: submit@bugz.apache.org Subject: "Allow from" does not support mixing of notations X-Send-Pr-Version: 3.110 >Number: 6801 >Category: mod_access >Synopsis: "Allow from" does not support mixing of notations >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: apache >Arrival-Date: Mon Nov 06 08:50:06 PST 2000 >Closed-Date: Mon Nov 06 10:28:16 PST 2000 >Last-Modified: Mon Nov 06 10:28:16 PST 2000 >Originator: jamie@playboy.com >Release: 1.3.14 >Organization: >Environment: FreeBSD 4.1.1-REL >Description: "Allow from" directive in httpd.conf does not support multiple variant notations, NOR does it support multiple CIDR notations in the same statement. Specifically, if I have a config such as: --snip-- Allow from 10.0.0.0/8, 199.245.173.0/24 --snip-- Apache will DIE with reason: Syntax error on line xx of /usr/local/apache/conf/httpd.conf: syntax error in mask portion of network/netmask Obviously this is an incorect error message. There is nothing wrong with the CIDR notation: Apache just did not interpret/parse it correctly. Similar invalid notations: - Mixing CIDR and hostnames. Specifically: --snip-- Allow from 10.0.0.0/8, some.other.hostname --snip-- .. this will refuse some.other.hostname with an error message in error_log stating "[client ip.add.re.ss] client denied by server configuration: $CONFIG" The only solution was to break each notation into individual allow from's: --snip-- Allow from 10.0.0.0/8 Allow from 199.245.173.0/24 Allow from some.other.hostname, *.hostname.com <- this works! --snip-- Thanks. >How-To-Repeat: Two courses of action: 1) (Less optimal) Note in documentation somewhere that you can't do it 2) (Best) analyze and fix parsing of config.. >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Mon Nov 6 10:28:13 PST 2000 State-Changed-Why: The syntax of the allow directive is _NOT_ "allow foo, bar" but rather "allow foo bar". So when you starting putting commas in there, of course it won't behave properly since the list is supposed to be space separated. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]