ONLamp.com
oreilly.comSafari Books Online.Conferences.

FAQS
 FAQs
Apache FAQ
Linux FAQ
XML FAQ

Log in to particpate






   Apache FAQ > G. Authentication and Access Restrictions
Question:  Why isn't restricting access by host or domain name working correctly?
Answer:

Two of the most common causes of this are:

  1. An error, inconsistency, or unexpected mapping in the DNS registration
    This happens frequently: your configuration restricts access to Host.FooBar.Com, but you can't get in from that host. The usual reason for this is that Host.FooBar.Com is actually an alias for another name, and when Apache performs the address-to-name lookup it's getting the real name, not Host.FooBar.Com. You can verify this by checking the reverse lookup yourself. The easiest way to work around it is to specify the correct host name in your configuration.
  2. Inadequate checking and verification in your configuration of Apache
    If you intend to perform access checking and restriction based upon the client's host or domain name, you really need to configure Apache to double-check the origin information it's supplied. You do this by adding the -DMAXIMUM_DNS clause to the EXTRA_CFLAGS definition in your Configuration file. For example:
    EXTRA_CFLAGS=-DMAXIMUM_DNS

    This will cause Apache to be very paranoid about making sure a particular host address is really assigned to the name it claims to be. Note that this can incur a significant performance penalty, however, because of all the name resolution requests being sent to a nameserver.


This FAQ is from Apache Server Frequently Asked Questions

Sponsored by: