From: Joshua Slive Date: Thu, 31 Jul 2003 18:56:40 +0000 (+0000) Subject: As suggested by Marc Slemko, document the double reverse X-Git-Tag: pre_ajp_proxy~1310 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=388a38d03c8db6141bf6b494d3e912d3afc0e7ab;p=thirdparty%2Fapache%2Fhttpd.git As suggested by Marc Slemko, document the double reverse effect of Allow/Deny. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100878 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_authz_host.html.en b/docs/manual/mod/mod_authz_host.html.en index d032a35ef24..da9ac2e7ce3 100644 --- a/docs/manual/mod/mod_authz_host.html.en +++ b/docs/manual/mod/mod_authz_host.html.en @@ -106,11 +106,15 @@ server

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match foo.apache.org but it will - not match fooapache.org. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the HostnameLookups - directive.

+ example will match foo.apache.org but it will not + match fooapache.org. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the HostnameLookups directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.

A full IP address
diff --git a/docs/manual/mod/mod_authz_host.xml b/docs/manual/mod/mod_authz_host.xml index 51069dde4d3..99795486473 100644 --- a/docs/manual/mod/mod_authz_host.xml +++ b/docs/manual/mod/mod_authz_host.xml @@ -82,12 +82,16 @@ server

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match foo.apache.org but it will - not match fooapache.org. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the HostnameLookups - directive.

+ example will match foo.apache.org but it will not + match fooapache.org. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the HostnameLookups directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.

A full IP address