Dear list, On MacOSX 10.2 "Jaguar", hostname based access control is broken in Apache 2.0. This problem appears in the access tests of the perl-framework, where any test that tests something like 'Deny from localhost' fails. I have since determined that deny from any other hostname is broken as well.
This problem goes away when Apache 2.0 is configured to disable IPv6 support. I have stepped through the code of a regular (IPv6-enabled) builda bit and it appears that what comes back from accept(2) is an IPv6 address, which apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the remote address information is eventually (sa_common.c:508) passed to getnameinfo(3) which returns unsuccessfully with EAI_NONAME. I'm not very familiar with IPv6, but I know that my DNS only has IPv4 adresses. Is there no fallback where it looks up based on the IPv4 address when it can't find resolution for IPv6? Anyway. Very unfortunate that this getnameinfo call borks on resolving the IPv6 version of localhost because that's what makes the tests fail. I think, however, that this is a platform error and not Apache-specific. As for reverse resolving IPv6 addresses in general, I don't think any network I connect to on a regular basis is set up for that. I have tried this on an IPv6-enabled FreeBSD box and all tests pass. This one however has a line defining localhost as ::1 as well as one for 127.0.0.1. Maybe I should try adding that to the Jaguar box. I don't think I have tried access control from other host names on that FreeBSD box. Could anyone opine on how serious this is and whether we should (could?) disable IPv6 by default on Jaguar? Thank you for your time, S. -- Covalent Technologies [EMAIL PROTECTED] Engineering group Voice: (415) 856 4214 303 Second Street #375 South Fax: (415) 856 4210 San Francisco CA 94107 PGP Fingerprint: 1E74 4E58 DFAC 2CF5 6A03 5531 AFB1 96AF B584 0AB1 ======================================================= This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message =======================================================
