https://issues.apache.org/bugzilla/show_bug.cgi?id=54047
Priority: P2
Bug ID: 54047
Assignee: [email protected]
Summary: applies ipv4 filters to ipv6 rules
Severity: normal
Classification: Unclassified
OS: Mac OS X 10.4
Reporter: [email protected]
Hardware: PC
Status: NEW
Version: 2.2.15
Component: mod_access
Product: Apache httpd-2
We have a web server at www.peakinternet.com that is dual stacked:
ipv4: 207.55.16.224
ipv6: 2607:f678::16:224
A recent redesign of the web site moved it to Wordpress, which included as part
of the .htaccess a block of ip addresses known for attacks, including:
# PSI network
deny from 38.0.0.0/8
When this rule is enabled and we try to access the site from our ipv6 enabled
clients, we get "permission denied" errors. When it's disabled, the site works
fine. We notice that 38 decimal is 26 hex, which matches the first 8 bits of
our ipv6 block. In looking in the logs, we see that all the ipv6 denials were
26xx addresses:
2600:1002:b016:321f:51ca:e30f:4b1c:fc22]
2600:1008:b002:30f2::103]
2600:1008:b002:adfd:0:41:9772:1301]
2600:1008:b109:5639::103]
2600:1008:b111:8c5::103]
2600:100c:b203:e466:40ae:f7a6:58af:3e2e]
2600:100c:b210:ba5e:53e:ae29:66be:8af2]
2600:100e:b00c:ef2:e90a:88d8:b94a:847e]
etc...
It appears that the ipv4 mask 38/8 is being applied to ipv6 addresses
inappropriately - this is only a guess, but it's the only thing we can think of
that matches the symptoms...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
