Sander Temme <[EMAIL PROTECTED]> writes: > On MacOSX 10.2 "Jaguar", hostname based access control is broken in Apache > 2.0. This problem appears in the access tests of the perl-framework, where > any test that tests something like 'Deny from localhost' fails. I have since > determined that deny from any other hostname is broken as well. > > This problem goes away when Apache 2.0 is configured to disable IPv6 > support. > > I have stepped through the code of a regular (IPv6-enabled) builda bit and > it appears that what comes back from accept(2) is an IPv6 address, which > apparently doesn't resolve correctly from mod_authz_host.c. Indeed, the > remote address information is eventually (sa_common.c:508) passed to > getnameinfo(3) which returns unsuccessfully with EAI_NONAME.
I guess getnameinfo() isn't dealing with IPv6-mapped IPv4 addresses (IPv6 addresses that print as ::FFFF:63.251.56.142, where the low-order word is simply the IPv4 address and the next two bytes are FFFF)? Dang, I haven't yet brought myself to fork over the $129.00 to upgrade to Jaguar or I could see for myself :( This is the general idea of what should happen: getaddrinfo af_unspec www.ibm.com Getaddrinfo results: IP Addr: 129.42.16.99 Family: 2 Flags: 0 Port: 0 IP Addr: 129.42.17.99 Family: 2 Flags: 0 Port: 0 IP Addr: 129.42.18.99 Family: 2 Flags: 0 Port: 0 IP Addr: 129.42.19.99 Family: 2 Flags: 0 Port: 0 getaddrinfo www.ibm.com getnameinfo ::ffff:129.42.19.99 Getnameinfo results: Hostname: "www.ibm.com" > Could anyone opine on how serious this is and whether we should (could?) > disable IPv6 by default on Jaguar? very serious yes, we could disable IPv6 by default on Jaguar/Darwin I'd love to play with it to make sure it isn't Apache or APR that is misbehaving or otherwise contributing to the breakage. I'll try to send you a test program to run to make sure I understand what is going on. Darn! -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
