Re: Consequences of disabling mod_authz_host?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 31, 2008 at 9:37 PM, Eric <pytechd@xxxxxxxxx> wrote:
> From what I understand, mod_authz_host always performs two DNS lookups
> per request when mod_authz_host is enabled, regardless of whether any
> host-based blockings are used.

No, that's not true to the best of my knowledge. If it were true, it
would be a major bug. The lookups are performed only for hostnames (or
things that appear to mod_authz_host to be hostnames).

> I don't need that, in fact, the only
> part of mod_authz_host I use is to set "Order allow,deny" and "Allow
> from all" or "Deny from all".
>
> If I disable mod_authz_host, what are the risks? Currently the only
> blocks I have are from:
>
> <Directory />
>  Order allow,deny
>  Deny from all
> </Directory>
>
> and
>
> <FilesMatch "^\.svn">
>  Order allow,deny
>  Deny from all
> </FilesMatch>
>
> I can block the latter with mod_rewrite. Is the first even necessary?
> It was in my distro's default httpd.conf.

If you don't need host-based blocking, you can disable mod_authz_host.
The first block is basically just a safety feature to try to prevent
you from accidentally exposing things that you intend to be protected.
If the rest of your config is correct, it doesn't do anything.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux