Hi Fabien, doesn't it work using Require host with a dyndns name? At least my test was successful.
Cheers Mario On 20 December 2015 at 09:44, Fabien <fab...@apache.org> wrote: > > Hello folks, > > I have a simple access control use case for which I have not found a clean > solution. > > I want to control access to a service based on the name of the client, > however the client is a dynamic host, which implies that: > > (1) I do not have any control about the reverse DNS > => this rules out "Require host" > > (2) the IP may change arbitrarily > => this rules out "Require ip" > > By browsing around it seems that I'm not alone having this issue, and I have > not found any solution for that with apache configuration, nor a matching > module in "modules.apache.org" listing. > > The current workaround is to update the IP manually when it fails. Although > I could automate (say query the ip periodically and update & reload the conf > if there is a change), ISTM that it really belongs to apache configuration. > > I would like something like "Require XXX foo.dynamic-dns.somewhere" (where > XXX could be "name", "hostname", "dynamic", ...) which would query the NS > when the HTTP request is received and check that the corresponding ip is the > client IP. > > I'm planing to develop a small module for that, and as it is somehow quite a > basic service it could be a candidate for being added to > "modules/aaa/mod_authz_host.c". > > Another approach could be to extend apache expressions with a function > to query the DNS, but that seems a little overkill. > > Any thoughts? > > -- > Fabien.