Bug 58235 - Ability to allow from domain but with using forward DNS query only
Summary: Ability to allow from domain but with using forward DNS query only
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_host (show other bugs)
Version: 2.4.16
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-12 06:56 UTC by Arkadiusz Miskiewicz
Modified: 2015-08-12 06:56 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arkadiusz Miskiewicz 2015-08-12 06:56:55 UTC
Currently it is possible to use such directive:

Require host example.org

Unfortunately it allows access only when "Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed." (http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html)


This makes this directive useless in case of dynamic dns names (and services like http://www.noip.com/, http://www.dnsexit.com/Direct.sv?cmd=freeSub and other).

So this feature request is about adding ability to allow access from domain where only forward dns checking is being made like:

Require forward-host my.super.host.com

When request comes from IP to resource protected with such directive then apache would resolve my.super.host.com and then compare resolved IP addresses with client IP address. If these match then access is granted.

Note - it needs to do resolving on every request since my.super.host.com IP can change every few minutes.