Re: [gentoo-user] Apache mod_access FDQ problem

Mon, 05 Dec 2005 21:50:14 -0800 

Ross Anderson wrote:
> I've tried setting up access restrictions based on name resolution. From
> what I've read in the apache.org docs all is configured correctly. If I
> use an ip address in the allow statement it works as expected. However
> if I use a FQDN apache forbids access. The logs show the client ip that
> matches the FQDN. Does anyone have suggestions on where to proceed in
> the this troubleshooting process.
> 
> Thanks
> Ross
> 
> <VirtualHost *:80>
>    DocumentRoot /var/www/phpmyadmin
>    ServerName mysql.dwrnet.net
>    ErrorLog /var/www/phpmyadmin/log/error_log
>    CustomLog /var/www/phpmyadmin/log/access_log combined
>    <Directory />
>        AllowOverride None
>        Order Deny,Allow
>        Deny from all
>        Allow from host.example.com
>    </Directory>
> </VirtualHost>
> 
> net-www/apache-2.0.54-r31  +apache2 -debug -doc -ldap -mpm-leader
> -mpm-peruser -mpm-prefork -mpm-threadpool -mpm-worker -no-suexec
> (-selinux) +ssl -static-modules -threads 5,488 kB
> 
> [Sun Dec 04 13:08:59 2005] [error] [client xx.xx.xx.xx] client denied by
> server configuration: /var/www/phpmyadmin/

Make sure that Apache is looking up hostnames (the default configuration
does not do this as it slows things down):
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups On

Make sure the PTR record for the IP address(es) is the name you use in
the configuration.

Make sure DNS works correctly on the machine (I don't know why it
wouldn't, and you would have run into problems much earlier, but perhaps
 something got changed)

I'd recommend using user authentication (google htpasswd for
information) rather then IP/DNS rules.

-- 
Michael Stewart                                     [EMAIL PROTECTED]
Gentoo Developer                        http://dev.gentoo.org/~vericgar

GnuPG Key ID 0x08614788 available on http://pgp.mit.edu
--

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to