Bug 58235

Summary: Ability to allow from domain but with using forward DNS query only
Product: Apache httpd-2 Reporter: Arkadiusz Miskiewicz <arekm>
Component: mod_authz_hostAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: 2.4.16   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Arkadiusz Miskiewicz 2015-08-12 06:56:55 UTC
Currently it is possible to use such directive:

Require host example.org

Unfortunately it allows access only when "Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed." (http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html)

This makes this directive useless in case of dynamic dns names (and services like http://www.noip.com/, http://www.dnsexit.com/Direct.sv?cmd=freeSub and other).

So this feature request is about adding ability to allow access from domain where only forward dns checking is being made like:

Require forward-host my.super.host.com

When request comes from IP to resource protected with such directive then apache would resolve my.super.host.com and then compare resolved IP addresses with client IP address. If these match then access is granted.

Note - it needs to do resolving on every request since my.super.host.com IP can change every few minutes.