homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Restrict access to dynamic IP / domain name?
luedvic




msg:4545149
 2:46 am on Feb 13, 2013 (gmt 0)

I am a noob when it comes to Apache and .htaccess. I know it's easy to setup whitelists/blacklists for specific IPs, but is it possible to have the server do a DNS lookup and only allow a dynamic IP coming from a specific domain such as "myotherplace.dyndns.org" for example?

 

phranque




msg:4545206
 9:08 am on Feb 13, 2013 (gmt 0)

I would recommend against that solution - if you added a DNS lookup for every request that would slow down your server.

luedvic




msg:4545290
 12:28 pm on Feb 13, 2013 (gmt 0)

I would recommend against that solution - if you added a DNS lookup for every request that would slow down your server.

I figured that this is not a wise practice, especially for large sites but I simply would like to know if it is possible. If it is possible, I'll consider configuring my server in that manner since I am the only person ever visiting it and all I use it for is a my own personal wiki and testing apache configuration settings.

lucy24




msg:4545322
 1:59 pm on Feb 13, 2013 (gmt 0)

In addition to slowing down the server, it makes a mess of your logs. They'll change from this

67.122.aaa.bbb - - [12/Feb/2013:19:14:33 -0800] "GET / HTTP/1.1" 403 799 "-" "<here I am>"

to this

adsl-67-122-aaa-bbb.dsl.pltn13.pacbell.net - - [12/Feb/2013:19:15:08 -0800] "GET / HTTP/1.1" 200 682 "-" "<here I am>"

(I've seen this before but had to double-check. In this particular case the IP address is still extractable, but in some log entries it wouldn't be visible at all. In others it may come out backward. Plays havoc with log processing, anyway.)

phranque




msg:4545323
 2:01 pm on Feb 13, 2013 (gmt 0)

by the way - welcome to WebmasterWorld, luedvic!

the mod_authz_host apache module is your answer but note that the specific solution depends on your version of apache so make sure you refer to the correct version of the apache docs.

phranque




msg:4545324
 2:10 pm on Feb 13, 2013 (gmt 0)

lucy24 is referring to setting HostnameLookups On in which case you can check the REMOTE_HOST environment variable in .htaccess to forbid access.

i'm not sure if the mod_authz_host option has any affect on your log files but i doubt it.

lucy24




msg:4545329
 2:51 pm on Feb 13, 2013 (gmt 0)

Actually, I'm referring to what happens if you simply put in a line like

Deny from somename.net

without changing anything else. The moment anything other than a CIDR range appears in your mod_authz list, everything in the server's innards toggles over to Lookup Mode-- which I assume has a technical term that I don't know-- and it stays that way until you hunt down and remove the offending line. Same thing happens if you throw a RegEx into the same list. I remember there was some discussion about this, probably in SSID, but it was a goodish while ago.

luedvic




msg:4545535
 2:56 am on Feb 14, 2013 (gmt 0)

Thank you, I'm glad I found Webmaster World, I have a feeling I will be posting & reading often. :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved