>Number: 1534 >Category: mod_auth-any >Synopsis: 'allow from' only allows access when given ip addresses, >subnet arguments (a.b.c.d/x) refuse access >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Dec 8 15:30:00 PST 1997 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.4 >Environment: Linux 2.0.32, intel pentium, apache-1.2.4-5.i386.rpm >Description: My domain is using the so called "reverse kludge" for reverse DNS. I believe this is causing 'allow from' directive to accept only some forms of defining client address. Full configuration can be seen at http://www.kelloseppakoulu.fi:8888/. That URL maps to the configuration directory of that server. The configuration is very close to the example configuration that comes with apache distribution. With that configuration access is allowed from everywhere, as it should.
The following discussion applies to our domain (which, as mentioned, uses reverse kludge for reverse DNS). If I replace 'allow from all' with allow from 194.100.26.178 which is the address of my computer in that LAN, I am correctly given access. If I replace it with allow from 194.100.26.128/26 or allow from kelloseppakoulu.fi or allow from .fi all of which should grant access to all hosts in our domain, no host in our domain is given access. If I try access the server from other domains (which do not use reverse DNS kludge), following applies. If I replace 'allow from all' with allow from 0.0.0.0/0 or allow from a.b.c.d/16 and access the server from a.b.x.y, I am not given access although I should, and if I replace 'allow from all' with allow from .hut.fi and access the server from alpha.hut.fi, I am given access as I should. >How-To-Repeat: - >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
