[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] Apache: why doesn't "allow from localhost work" ?



On Wed, Jun 27, 2001 at 06:56:07PM +1000, Mike Lake wrote:
> So if I was using 'localhost' which is refering to a URL that the request
> comes from then it would use ServerName:Port ie b4114:80 ?
> (Real names here now.)
> With it off (ie just now I commented it out) what would it use as
> hostname for me gives b4114
> Im a little confused between the server name and hostname.

I'm not an apache expert, I could be wrong.

If you set a ServerName and UseCanonicalName On apache will redirect 
your browser to what ever you set your ServerName to. 

If you don't  set a ServerName and set UseCanonicalName On apache will 
redirect your browser to `hostname -f`. 

If you set UseCanonicalName Off (Commenting it out turned it on for me), 
apache won't redirect you at all.

I think its easier to see whats happening with wget -S localhost/~mikel,

Try setting:
ServerName www.bogus.name
UseCanonicalName On

Then wget -S http://localhost/~mikel


# ServerName  www.bogus.name
UseCanonicalName On

Then  wget -S http://localhost/~mikel


# ServerName  www.bogus.name
UseCanonicalName Off

Then wget -S http://localhost/~mikel


> Thats excellent. Yep run as root I can see it shows all the packets on the
> local interface and dumps lots when you use the browser at http://localhost
> etc. I'll have a play and see the diff with b4114. 

Its probably easier to see with ping.

tcpdump -i lo icmp

then 

ping -c1 localhost
                 
And you should get:
								src address  dst address
19:06:11.586106 localhost > localhost: icmp: echo request (DF)
19:06:11.586190 localhost > localhost: icmp: echo reply (DF)


ping -c1 mycomputername

19:06:13.469223 mycomputername > mycomputername: icmp: echo request (DF)
19:06:13.469307 mycomputername > mycomputername: icmp: echo reply (DF)

Your source address changes depending on which interface you are pinging.

What I think was happening was you were pointing your browser to
http://localhost/~mikel, and apache was redirecting it to 
http://mycomputername/~mikel, so when your browser tried to go to 
http://mycomputername/~mikel, it used as its soucre ip address 
mycomputername, which was denied.
Clear as mud? :)



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug