https://issues.apache.org/bugzilla/show_bug.cgi?id=49838
Summary: segmentation fault: mod_remoteip + .htaccess +
Allow/Deny
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Other Modules
AssignedTo: [email protected]
ReportedBy: [email protected]
I've confirmed this segmentation fault with a fresh build of 2.3.6-alpha, but
initially discovered it when using a backport of mod_remoteip for 2.2.
Here's the configure line I used for the 2.3.6-alpha build:
./configure --with-included-apr --with-mpm=prefork
To reproduce after building from scratch, change the following in the stock
httpd.conf:
# Add these lines:
<IfModule remoteip_module>
RemoteIPHeader X-Client-IP
RemoteIPInternalProxy 127.0.0.1
</IfModule>
# Allow override of "Limit" in htdocs
<Directory "/usr/local/apache2/htdocs">
AllowOverride Limit
</Directory>
In the docroot, create the .htaccess file:
# The Allow/Deny can be any IP or subnet mask. Removing the Allow/Deny
# "fixes" the crash. "Allow from all" won't crash either.
Order allow,deny
Allow from 1.2.3.4
Start up Apache, send it requests with "X-Client-IP: 2.3.4.5" (or whatever IP)
in the request header, and watch the error log for segmentation faults.
In my testing, the crashes can sometimes be intermittent. Freshly restarting
Apache can help encourage segfaults when the bug is being "stubborn" to
reproduce.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
