diff options
| -rw-r--r-- | docs/manual/mod/mod_authz_host.html.en | 14 | ||||
| -rw-r--r-- | docs/manual/mod/mod_authz_host.xml | 16 |
2 files changed, 19 insertions, 11 deletions
diff --git a/docs/manual/mod/mod_authz_host.html.en b/docs/manual/mod/mod_authz_host.html.en index d032a35ef2..da9ac2e7ce 100644 --- a/docs/manual/mod/mod_authz_host.html.en +++ b/docs/manual/mod/mod_authz_host.html.en @@ -106,11 +106,15 @@ server</td></tr> </code></p></div> <p>Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match <code>foo.apache.org</code> but it will - not match <code>fooapache.org</code>. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> - directive.</p></dd> + example will match <code>foo.apache.org</code> but it will not + match <code>fooapache.org</code>. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.</p></dd> <dt>A full IP address</dt> diff --git a/docs/manual/mod/mod_authz_host.xml b/docs/manual/mod/mod_authz_host.xml index 51069dde4d..9979548647 100644 --- a/docs/manual/mod/mod_authz_host.xml +++ b/docs/manual/mod/mod_authz_host.xml @@ -82,12 +82,16 @@ server</description> </example> <p>Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above - example will match <code>foo.apache.org</code> but it will - not match <code>fooapache.org</code>. This configuration will - cause the server to perform a reverse DNS lookup on the - client IP address, regardless of the setting of the <directive - module="core">HostnameLookups</directive> - directive.</p></dd> + example will match <code>foo.apache.org</code> but it will not + match <code>fooapache.org</code>. This configuration will cause + Apache to perform a double reverse DNS lookup on the client IP + address, regardless of the setting of the <directive + module="core">HostnameLookups</directive> directive. It will do + a reverse DNS lookup on the IP address to find the associated + hostname, and then do a forward lookup on the hostname to assure + that it matches the original IP address. Only if the forward + and reverse DNS are consistent and the hostname matches will + access be allowed.</p></dd> <dt>A full IP address</dt> |