[4336] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Phillip M Hallam-Baker)
Tue Feb 11 03:04:18 1997
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
To: "Steff Watkins" <Steff.Watkins@Bristol.ac.uk>,
<www-security@ns2.rutgers.edu>
Date: Tue, 11 Feb 1997 01:08:44 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
I suspect that the NCSA code is likely to fail if you have a host
with multiple IP addresses. Certainly Mosaic used to have this
limitation but then again Rob knew more about UNIX than Tim
did when he hacked up libwww.
> 1> That the host has not been properly/fully DNS registered. This happens
> a lot, especially with the widening of the Internet and the lack of
> braincells being exhibited by a lot of people who set themselves up as
> network admins.
>
> OR
>
> 2> That the host is a deliberate spoof, trying to hide/cloak it's true
> identity.
>
> OR
>
> 3> The the host is properly registered but that it's registration has not
> either a> fully propagated through the DNS structure or b> your local
DNS
> nameserver is...errr... corrupt!!!
>
> In any of these cases, the only real reason to be running your webserver
> in MAXIMUM DNSMode (or even STANDARD) is if you are going to RELY/DEPEND
> on the IP statistics of the incoming call for some security feature, such
> as 'allow/deny's in the .htaccess/access.conf sections of your local web.
Anyone using access restrictions should almost always use an IP access
mask.
The IP stuff really is not worthwhile. Note that the CERN daemon will
perform
a reverse lookup if the security access needs it regardless of the logging
code (the log file entry is the last thing that happens) - I know that code
well:-)
> If it really annoys you to see these entries, then do yourself (and your
> incoming visitors) a favour and set the DNSMode to MINIMUM or NONE.
Absolutely. We used to run the W3.org server with the reverse lookup on
until
we discovered that it was the reason for the servers chronic slowness. If
you
have a high load server you could well find that the reverse name lookup is
failing
because you are inadvertently toasting your DNS server.
Turning off the reverse name lookup improved the reliability of the whole
network
on the 3rd floor!
Phill
