Joshua:
Consistency be damned! As one example of how unproductive that consistency is,
I'm now forced to replace just that ONE ".svservers.com" partial hostname denial
with ELEVEN - and probably counting - separate IP address denials! These are
all addresses used by one person or perhaps a small intimate group. Now
extrapolate that burden to all the other partial IP addresses that I similarly
want to deny.
Isn't that a wonderful extra burden to place on my server just for the sake of
algorithmic and syntactic consistency between two directives? If I had access
and motivation, I'd start an argument about it with the developer of that bit of
code.
Mark
-------- Original Message --------
Subject: Re: [EMAIL PROTECTED] <directory> and deny directives
From: Joshua Slive <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Date: Friday, September 14, 2007 09:08:30 AM
On 9/14/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:
It would sure be
nice if the code didn't pull a non-intuitive stunt like this, though! If the
DNS lookup resolves to the specified *partial* hostname, it should act on it,
not second-guess it with an rDNS like this.
Yes, it is non-intuitive. But on the other hand, it is much more
common to use hostnames for Allow directives than for Deny directives
(since the hostname is often under the control of the attacker). You
MUST check the forward and reverse for Allow directives, or else they
would be worthless. And then it could potentially cause even more
confusion if the Allow and Deny directives matched differently.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
