On Thursday 14 July 2011 10:38:44 Barry Scott wrote: > On Wednesday 13 July 2011 01:24:34 Jeff Trawick wrote: > > > > > > <VirtualHost 127.0.0.1:80 [::1]:80> > > > ... rewrite rules ... > > > <Location /XML> > > > > > > #+ localhost auth file > > > Order allow,deny > > > Allow from 127.0.0.1 > > > Allow from ::1 > > > Satisfy Any > > > #- localhost auth file > > > > > > </Location> > > > ... > > > </VirtualHost> > > > > > > I now know what is happening. > > When processing the addresses in the VirtualHost line for 127.0.0.1:80 > in vhost.c get_addresses is called > get_addresss calls apr_sockaddr_info_get > apr_sockaddr_info_get call getaddrinfo in glibc. > > getaddrinfo assumes that the system will have working IPv4 external > connectivity before it can return any answer. > > A modern Linux system will dynamically add and remove network > interfaces. Which means that getaddrinfo will fail in cases that > you could arguable expect it to work. > > For example for numeric address and for address defined in /etc/hosts > where /etc/nsswitch.conf uses file before dns. > > In my specific case the system only has a working lo0 network interface > at the time that httpd is started and I want to use 127.0.0.1 to provide > authenication free access from within the system, external access is > authenticated on _default_:80 as interfaces such as WiFi come up. > > The question is where should a fix be applied; httpd, apr or glibc? > > What are your thoughts? > > I also plan to draw this issue to the systemd developers attention. > > Barry I raise a bug with patch against glibc. https://bugzilla.redhat.com/show_bug.cgi?id=721350 Barry --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|