Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: Marc Slemko [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: Apache bugs database [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 14:50:34 -0600 (MDT) On Wed, 22 Apr 1998, David J. MacKenzie wrote: On Wed, 22 Apr 1998 14:02:47 -0600 (MDT), Marc Slemko [EMAIL PROTECTED] said: But the complication here is that these can be more than DNS hostnames. They can be anything that a systems resolver can grok, and some such routines on some systems allow for less stringent naming rules that can allow other characters, possibly including '#'; I have no idea offhand. Do you mean things like NIS+ or NeXT's net-thing? Yes, among others. It is possible NT does similar things as well, but I don't know if they are integrated in the resolver calls we are using there. Isn't life fun. It's weirder than I thought.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
[In order for any reply to be added to the PR database, ] [you need to include [EMAIL PROTECTED] in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] Synopsis: The CIDR syntax support for allow and deny finds the '/' in comments. State-Changed-From-To: open-closed State-Changed-By: dgaudet State-Changed-When: Wed Apr 22 11:46:07 PDT 1998 State-Changed-Why: Comments aren't permitted on lines with directives; they must be on their own line. It's always been that way. No idea what your config does. Dean
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
On 22 Apr 1998 18:46:10 -, [EMAIL PROTECTED] said: [In order for any reply to be added to the PR database, ] [you need to include [EMAIL PROTECTED] in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] Synopsis: The CIDR syntax support for allow and deny finds the '/' in comments. State-Changed-From-To: open-closed State-Changed-By: dgaudet State-Changed-When: Wed Apr 22 11:46:07 PDT 1998 State-Changed-Why: Comments aren't permitted on lines with directives; they must be on their own line. It's always been that way. No idea what your config does. That's fine, but in that case apache should print reasonable error messages rejecting lines with trailing comments, not do undefined things with them (such as silently accept them in some cases and suddenly break upon a new release :-). Checking correctness seems be the apache approach to configuration file processing in other respects.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: David J. MacKenzie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 15:36:47 -0400 (EDT) On 22 Apr 1998 18:46:10 -, [EMAIL PROTECTED] said: [In order for any reply to be added to the PR database, ] [you need to include [EMAIL PROTECTED] in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] Synopsis: The CIDR syntax support for allow and deny finds the '/' in comments. State-Changed-From-To: open-closed State-Changed-By: dgaudet State-Changed-When: Wed Apr 22 11:46:07 PDT 1998 State-Changed-Why: Comments aren't permitted on lines with directives; they must be on their own line. It's always been that way. No idea what your config does. That's fine, but in that case apache should print reasonable error messages rejecting lines with trailing comments, not do undefined things with them (such as silently accept them in some cases and suddenly break upon a new release :-). Checking correctness seems be the apache approach to configuration file processing in other respects.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: Dean Gaudet [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 12:43:05 -0700 (PDT) On Wed, 22 Apr 1998, David J. MacKenzie wrote: That's fine, but in that case apache should print reasonable error messages rejecting lines with trailing comments, not do undefined things with them (such as silently accept them in some cases and suddenly break upon a new release :-). Checking correctness seems be the apache approach to configuration file processing in other respects. It actually does a well defined thing with them... it treats them all as hostnames in this case. In general there's not much we can do without overhauling the config language -- because the RAW_ARGS style of commands can do almost anything they want. There's no well defined quoting style; and inadequate centralized parsing. It's somewhat difficult to shoehorn fixes into it. A rewrite is definately in order. Dean
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: Marc Slemko [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: Apache bugs database [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 13:41:46 -0600 (MDT) On Wed, 22 Apr 1998, David J. MacKenzie wrote: Synopsis: The CIDR syntax support for allow and deny finds the '/' in comments. State-Changed-From-To: open-closed State-Changed-By: dgaudet State-Changed-When: Wed Apr 22 11:46:07 PDT 1998 State-Changed-Why: Comments aren't permitted on lines with directives; they must be on their own line. It's always been that way. No idea what your config does. That's fine, but in that case apache should print reasonable error messages rejecting lines with trailing comments, not do undefined things with them (such as silently accept them in some cases and suddenly break upon a new release :-). Checking correctness seems be the apache approach to configuration file processing in other respects. But the problem is that they aren't trailing comments; it just happens that you have specified that access should be allowed from a certain set of hostnames that you think should be a comment, but that Apache knows are just a list of space delimited hostnames. We could special-case the '#' character or do more stringent checks for names that are valid in hostnames, but that can get to be a pain.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: David J. MacKenzie [EMAIL PROTECTED] To: Marc Slemko [EMAIL PROTECTED] Cc: David J. MacKenzie [EMAIL PROTECTED], Apache bugs database [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 15:56:36 -0400 (EDT) On Wed, 22 Apr 1998 13:41:46 -0600 (MDT), Marc Slemko [EMAIL PROTECTED] said: But the problem is that they aren't trailing comments; it just happens that you have specified that access should be allowed from a certain set of hostnames that you think should be a comment, but that Apache knows are just a list of space delimited hostnames. We could special-case the '#' character or do more stringent checks for names that are valid in hostnames, but that can get to be a pain. Ah, I see! Caught by surprise! Don't special-case '#', but it's easy to write a function to tell whether a word could potentially be a valid hostname or IP address: int ap_hostname_syntax(char *s) { for (; *s; s++) { /* Allow : for IPv6. */ if (!isalnum(*s) strchr(_-.:, *s) == NULL) return 0; } return 1; } I suggest using that where a valid hostname or IP address is required.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: David J. MacKenzie [EMAIL PROTECTED] To: Marc Slemko [EMAIL PROTECTED] Cc: Apache bugs database [EMAIL PROTECTED], David J. MacKenzie [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 16:01:24 -0400 (EDT) I wrote: int ap_hostname_syntax(char *s) { for (; *s; s++) { /* Allow : for IPv6. */ if (!isalnum(*s) strchr(_-.:, *s) == NULL) return 0; } return 1; } Include a / in the strchr argument if you want to allow netmask specification, too or else split up the IP addr from the host before calling this. It's not perfect, but it will help diagnose errors such as our staff made. Or you could even have a function that takes a hostname or IP address or network number plus optional netmask, and returns a magic token or two depending on what sort of thing it determined it got passed. I haven't looked, but you must have some code like that already. It just needs to be more careful about what it accepts as a hostname... there's an RFC that specifies what characters can be in valid Internet hostnames.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: Dean Gaudet [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 13:07:58 -0700 (PDT) On 22 Apr 1998, David J. MacKenzie wrote: int ap_hostname_syntax(char *s) { for (; *s; s++) { /* Allow : for IPv6. */ if (!isalnum(*s) strchr(_-.:, *s) == NULL) return 0; } return 1; } _ isn't valid though... I suppose we could do something like bind does with it; complain but allow it. Dean
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
The following reply was made to PR general/2117; it has been noted by GNATS. From: Marc Slemko [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: Apache bugs database [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 14:02:47 -0600 (MDT) On Wed, 22 Apr 1998, David J. MacKenzie wrote: On Wed, 22 Apr 1998 13:41:46 -0600 (MDT), Marc Slemko [EMAIL PROTECTED] said: But the problem is that they aren't trailing comments; it just happens that you have specified that access should be allowed from a certain set of hostnames that you think should be a comment, but that Apache knows are just a list of space delimited hostnames. We could special-case the '#' character or do more stringent checks for names that are valid in hostnames, but that can get to be a pain. Ah, I see! Caught by surprise! Don't special-case '#', but it's easy to write a function to tell whether a word could potentially be a valid hostname or IP address: int ap_hostname_syntax(char *s) { for (; *s; s++) { /* Allow : for IPv6. */ if (!isalnum(*s) strchr(_-.:, *s) == NULL) return 0; } return 1; } I suggest using that where a valid hostname or IP address is required. But the complication here is that these can be more than DNS hostnames. They can be anything that a systems resolver can grok, and some such routines on some systems allow for less stringent naming rules that can allow other characters, possibly including '#'; I have no idea offhand. Isn't life fun.
Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments.
On 22 Apr 1998, Dean Gaudet wrote: The following reply was made to PR general/2117; it has been noted by GNATS. From: Dean Gaudet [EMAIL PROTECTED] To: David J. MacKenzie [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: general/2117: The CIDR syntax support for allow and deny finds the '/' in comments. Date: Wed, 22 Apr 1998 13:07:58 -0700 (PDT) On 22 Apr 1998, David J. MacKenzie wrote: int ap_hostname_syntax(char *s) { for (; *s; s++) { /* Allow : for IPv6. */ if (!isalnum(*s) strchr(_-.:, *s) == NULL) return 0; } return 1; } _ isn't valid though... I suppose we could do something like bind does with it; complain but allow it. It is valid in a hostname, no? Just not a Internet domain name. These things aren't necessarily just domain names. BIND actually has a bunch of different behaviours. Recent resolvers refuse to look such names up at all. But Apache isn't the place for that.