the killer comma

Forum Moderators: phranque

Message Too Old, No Replies

the killer comma

lucy24

7:41 pm on Mar 22, 2020 (gmt 0)

Consider this a heads-up for those who have recently moved from 2.2 to 2.4.

Remember the standard 2.2 locution

Deny from 51.15 51.68

for combining IPs on a single line. If you goofed and said

Deny from 51.15, 51.68

it would throw logs into Lookups mode, making them a bother to read but with no other effect on functionality. (Except possibly the “51.15,” element, which might not be read as an IP.)

Bzzt! Bzzzt! Warning!

In 2.4 if you make the same goof and say

Require ip 51.15, 51.68

the server proceeds directly to 500. No prizes for guessing how I know this.

Quick experimenting on test site provides reassurance that mod_access_compat isn’t affected by the comma. It doesn’t even seem to go into Lookups mode, which is unexpected.

Word to the wise, anyway.

lammert

8:07 pm on Mar 22, 2020 (gmt 0)

I guess this happened in a .htaccess file. Because when adding a comma in the httpd.conf file, Apache 2.4 refuses to start with an error message:

ip address '10.10.10.10,' appears to be invalid

lucy24

8:38 pm on Mar 22, 2020 (gmt 0)

Heh, I didn't think of that. But it makes sense when you say it. At server startup it has to read the whole config file, parse all the regular expressions and so on: if at any point there’s an error, startup just wouldn’t be able to proceed. (Hypothetical exception: rarely there are rules that only throw a 500 in response to certain specific requests. Those might be able to slip past the server. Wouldn’t care to try it, though :))

This, in turn, means 2.4 is not quite as ready as 2.2 to go into Lookups mode. You’d have to tell it explicitly.

w3dk

11:05 pm on Mar 22, 2020 (gmt 0)

This, in turn, means 2.4 is not quite as ready as 2.2 to go into Lookups mode. You’d have to tell it explicitly.

On 2.4 you need to "explicitly" use the "Require host ..." directive.

Quick experimenting on test site provides reassurance that mod_access_compat isn’t affected by the comma. It doesn’t even seem to go into Lookups mode, which is unexpected.

Actually, this does seem to trigger "Lookups mode" for me (although testing old version Apache 2.4.7).

I would have preferred this to break horribly rather than silently fail and trigger "unexpected" behaviour! A comma is not valid in a hostname, so what exactly is it trying to lookup?

lucy24

12:13 am on Mar 23, 2020 (gmt 0)

A comma is not valid in a hostname, so what exactly is it trying to lookup?

I think it’s working from the other direction: “This can’t be an IP address, so we’ll have to see if it’s something else” ... even if it is equally non-valid for the “something else” side.

Comma. No. Baaaad comma. Down!

the killer comma

lucy24

lammert

lucy24

w3dk

lucy24

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week