>Number: 4454 >Category: mod_access >Synopsis: ip groupings >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Fri May 21 11:50:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: linux 2.2.5, solaris 2.5.1 >Description: We are moving away from Oracle's web server to Apache. (thank god) but we have ip groupings defined in oracle, of the form: external: 206.36.217.23 206.36.216.* hierarchy2: 192.112.102.* external so that hierarchy2 can easily inherit the list defined in the external group. it makes it really easy to define short access lists for all the protected areas we have defined. (otherwise listing all the permissions would be hell to maintain.) >How-To-Repeat: >Fix: i've played around with the source, but it seems that my c has completely gone to crap. anyway, what i was thinking was that it should be easy to extend the "allow from" to handle something like "allow from 192.112.102.* $EXTERNAL" where $EXTERNAL is defined in the environment, and when seen, it's retrieved, taken apart and applied to the rest of the list. what seems to happen, though, is that the allow_cmd function only takes one element at a time, and i don't know if it's safe to recurse with the contents of the newly found variable. any ideas? (i'll be out of the u.s. for a couple weeks, but i'll try to tap in occaisionally if possible.) >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
