From nobody@hyperreal.com  Mon Jun 30 08:51:31 1997
Received: (from nobody@localhost)
	by hyperreal.com (8.8.5/8.8.5) id IAA11738;
	Mon, 30 Jun 1997 08:51:31 -0700 (PDT)
Message-Id: <199706301551.IAA11738@hyperreal.com>
Date: Mon, 30 Jun 1997 08:51:31 -0700 (PDT)
From: Roberto Mazzoni <mazzo@rzu.unizh.ch>
Reply-To: mazzo@rzu.unizh.ch
To: apbugs@hyperreal.com
Subject: .htaccess does not recognize IP-Number if the host has a DNS-Entry
X-Send-Pr-Version: 3.2

>Number:         802
>Category:       mod_access
>Synopsis:       .htaccess does not recognize IP-Number if the host has a DNS-Entry
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          closed
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Jun 30 09:00:02 1997
>Originator:     mazzo@rzu.unizh.ch
>Organization:
>Release:        1.2
>Environment:
AIX rzufs1 2 3 002011537200
gcc version 2.7.2.2
>Description:
We changed from NCSA 1.5.2 to apache 1.2-Server and the have in some
directories a ".htaccess" which worked fine with NCSA-Server:

<LIMIT GET POST>
order deny,allow
deny from all
allow from rzufs1.unizh.ch          #
allow from rzufs1e.unizh.ch         #
allow from rzufs1f.unizh.ch         #
allow from 130.60.44.               #
allow from 130.60.112.101
require group koord
require valid-user
satisfy all
</LIMIT>

With apache1.2 this does not anymore work. The host 130.60.112.101 has
a DNS-Enty (rzusunrom.unizh.ch) and with this ".htaccess" access is denied.
If the IP-Number is replaced with the rzusunrom.unizh.ch, access is 
granted.

This is not the worse case. Worses is the fact, that all hosts in
130.60.44. shuould have access to the directory but they don't get
access, because all have DNS-entires, but are not a separate subdomain.

>How-To-Repeat:

>Fix:

>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: dgaudet
State-Changed-When: Mon Jun 30 15:39:57 PDT 1997
State-Changed-Why:
User reports they had an error in a local CGI.

Dean

From: Dean Gaudet <dgaudet@arctic.org>
To: Roberto Mazzoni <mazzo@rzu.unizh.ch>
Subject: Re: mod_access/802: .htaccess does not recognize IP-Number if the host has a DNS-Entry
Date: Sat, 2 Aug 1997 05:00:53 -0700 (PDT)

 
 
 
 On Mon, 30 Jun 1997, Roberto Mazzoni wrote:
 
 > <LIMIT GET POST>
 > order deny,allow
 > deny from all
 > allow from rzufs1.unizh.ch          #
 > allow from rzufs1e.unizh.ch         #
 > allow from rzufs1f.unizh.ch         #
 > allow from 130.60.44.               #
 > allow from 130.60.112.101
 > require group koord
 > require valid-user
 > satisfy all
 > </LIMIT>
 
 Are those #s really in your config files?  They shouldn't be, apache won't
 treat them as comments. 
 
 At any rate, the ip comparison is definately done versus remote_ip, which
 is always in numeric form.  And I use this all the time so I'm unsure how
 it's not working in your case.  Can you try some different orderings of
 the access list?  Maybe eliminate everything except this one case. 
 
 Dean
 
>Unformatted:

>Last-Modified:  Mon Jun 30 15:39:58 PDT 1997