On Wed, May 24, 2017 at 8:37 AM, Eric Covener <[email protected]> wrote: > I was copy/pasting bits of this from mod_authz_host into a derivative > of mod_limit_ipconn and noticed that the parsed_subnets cache seems > unsafe if we are parsing directives in multiple threads from htaccess. > > parsed_subnets is an apr_hash_t that we write to when parsing 'Require ip ..'. > > It seems like it would be helpful to have a bit in cmd_parms to tell > us that it came from htaccess, then ap_check_cmd_context() could check > it and we could skip caching new subnets. > > Since it requires write access to htaccess, I don't consider it a > security issue.
Whoops, it's already protected in a post_config hook.
