OT: Vista Xampp and "allow from localhost"

Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
Vista and ip to hostname resolution for 'localhost'? The httpd.conf is
vanilla, as shipped.

Specific issue: Trying to limit access to a directory with a
simple .htaccess file like:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

or even

Order allow,deny
Allow from localhost
Allow from 127.0.0.1

>From the localhost calling the protected directory thus:
http://127.0.0.1/protected

Works - but -
http://localhost/protected
does not and 403's

A similar Linux box running apache on the same network does not do this,
leading me to think there is some kind of weirdness going on with how
Vista resolves IP to hostname.

I've done the obvious things I can think of (hosts/lmhosts) but there is
a gap in my understanding of where Vista will look to resolve
'localhost'. An entry in hosts does not seem sufficient.

Any pointers gratefully received. I know this is OT, but perhaps someone
has come across this?


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: OT: Vista Xampp and "allow from localhost"

On Sep 30, 2009, at 15:47 , Clive Kinton wrote:

> Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
> Vista and ip to hostname resolution for 'localhost'? The httpd.conf is
> vanilla, as shipped.
>
> Specific issue: Trying to limit access to a directory with a
> simple .htaccess file like:
>
> Order deny,allow
> Deny from all
> Allow from localhost
> Allow from 127.0.0.1
>
> or even
>
> Order allow,deny
> Allow from localhost
> Allow from 127.0.0.1
>
>> From the localhost calling the protected directory thus:
> http://127.0.0.1/protected
>
> Works - but -
> http://localhost/protected
> does not and 403's

What does the error log say when this happens?

"Allow from" doesn't apply to the hostname requested, but the client
doing the requesting. So the hostname that appears in the URL
shouldn't have anything at all to do with whether those "allow from"
directives are honored.

>
> A similar Linux box running apache on the same network does not do
> this,
> leading me to think there is some kind of weirdness going on with how
> Vista resolves IP to hostname.
>
> I've done the obvious things I can think of (hosts/lmhosts) but
> there is
> a gap in my understanding of where Vista will look to resolve
> 'localhost'. An entry in hosts does not seem sufficient.
>
> Any pointers gratefully received. I know this is OT, but perhaps
> someone
> has come across this?

Nah, it's not off-topic. It's apache httpd configuration. xampp is
just one possible distribution of our code.

--
http://us.apachecon.com/c/acus2009/sessions/363
Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: OT: Vista Xampp and "allow from localhost"

On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote:
> On Sep 30, 2009, at 15:47 , Clive Kinton wrote:
>
> > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
> > Vista and ip to hostname resolution for 'localhost'? The httpd.conf is
> > vanilla, as shipped.
> >
> > Specific issue: Trying to limit access to a directory with a
> > simple .htaccess file like:
> >
> > Order deny,allow
> > Deny from all
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> > or even
> >
> > Order allow,deny
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> >> From the localhost calling the protected directory thus:
> > http://127.0.0.1/protected
> >
> > Works - but -
> > http://localhost/protected
> > does not and 403's
>
> What does the error log say when this happens?
>
> "Allow from" doesn't apply to the hostname requested, but the client
> doing the requesting. So the hostname that appears in the URL
> shouldn't have anything at all to do with whether those "allow from"
> directives are honored.

I agree Rich. It should not make a blind bit of difference to it. I was
asked why because I knew 'a little bit' about apache. Initially I mocked
it up on an Ubuntu server* running:

Server version: Apache/2.2.9 (Ubuntu)
Server built: Jul 10 2009 18:43:23

and it is CNR.

*The only subtle difference is the default on Ubuntu is the default site
is a Virtual host called in by apache2.conf

On this with the directives set;

DocumentRoot /home/www/htdocs/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all


and a sub directory /htdocs/protected

with .htaccess within reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://localhost/protected/index.html
http://127.0.0.1/protected/index.html
Both serve as they should from localhost - and are refused from another
client.

The log for the call shows;

localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html
HTTP/1.1" 200 ....

And has clearly got 'localhost' as the name of the connecting client.





Now, on the Apache on Vista HP (xampp) with the directives set up in
httpd.conf (rather than VIRTUAL) and some slight path differences:

DocumentRoot "C:/xampp/experiment/htdocs"

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all


With a sub directory /images containing .htaccess reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://127.0.0.1/images/index.html
Serves as expected

http://localhost/images/index.html
Throws a 403 with log entry:
vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html
HTTP/1.1" 403 ....

It has resolved localhost to it's actual hostname of 'vista-pc' *so IP
to NAME is doing something* This is different to the Ubuntu box which
resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I
suspect this comes down to how Vista resolves IP to Name, hence I
suspect it is OT.


ASIDE
*****
Calling without naming the index page: http://localhost/images/ shows
the index with the restriction not working (this appears to be dictated
by '-' missing from Indexes. The behaviour consistent across platforms)
*****

> Nah, it's not off-topic. It's apache httpd configuration. xampp is
> just one possible distribution of our code.
I'm sure this is some weirdness in where Vista changing 'localhost' for
the actual hostname. Both the hosts and LMhost.sam file have:

127.0.0.1 localhost

but none the less, it seems to resolve it to 'vista-pc' instead, using
something like 'hostname'. It is not named vista-pc anywhere else, it
has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box
is called 'square', but Apache manages to get 'localhost' for it. I'm
not sure how relevant this is.

The final point - from Vista calling: http://127.0.0.1/images/index.html
Also 404's if you have .htaccess looking like this:

Order allow,deny
allow from localhost

But *works* (serves the page) if you have this;

Order allow,deny
allow from localhost
allow from 127.0.0.1

I'm starting to wonder if this could be a bug? But why only on Vista???
What am I missing here?

>
> --
> http://us.apachecon.com/c/acus2009/sessions/363
> Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: OT: Vista Xampp and "allow from localhost"

On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote:
> On Sep 30, 2009, at 15:47 , Clive Kinton wrote:
>
> > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
> > Vista and ip to hostname resolution for 'localhost'? The httpd.conf
is
> > vanilla, as shipped.
> >
> > Specific issue: Trying to limit access to a directory with a
> > simple .htaccess file like:
> >
> > Order deny,allow
> > Deny from all
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> > or even
> >
> > Order allow,deny
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> >> From the localhost calling the protected directory thus:
> > http://127.0.0.1/protected
> >
> > Works - but -
> > http://localhost/protected
> > does not and 403's
>
> What does the error log say when this happens?
>
> "Allow from" doesn't apply to the hostname requested, but the client
> doing the requesting. So the hostname that appears in the URL
> shouldn't have anything at all to do with whether those "allow from"
> directives are honored.

I agree Rich. It should not make a blind bit of difference to it. I was
asked why because I knew 'a little bit' about apache. Initially I mocked
it up on an Ubuntu server* running:

Server version: Apache/2.2.9 (Ubuntu)
Server built: Jul 10 2009 18:43:23

and it is CNR.

*The only subtle difference is the default on Ubuntu is the default site
is a Virtual host called in by apache2.conf

On this with the directives set;

DocumentRoot /home/www/htdocs/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all


and a sub directory /htdocs/protected

with .htaccess within reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://localhost/protected/index.html
http://127.0.0.1/protected/index.html
Both serve as they should from localhost - and are refused from another
client.

The log for the call shows;

localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html
HTTP/1.1" 200 ....

And has clearly got 'localhost' as the name of the connecting client.





Now, on the Apache on Vista HP (xampp) with the directives set up in
httpd.conf (rather than VIRTUAL) and some slight path differences:

DocumentRoot "C:/xampp/experiment/htdocs"

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all


With a sub directory /images containing .htaccess reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://127.0.0.1/images/index.html
Serves as expected

http://localhost/images/index.html
Throws a 403 with log entry:
vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html
HTTP/1.1" 403 ....

It has resolved localhost to it's actual hostname of 'vista-pc' *so IP
to NAME is doing something* This is different to the Ubuntu box which
resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I
suspect this comes down to how Vista resolves IP to Name, hence I
suspect it is OT.


ASIDE
*****
Calling without naming the index page: http://localhost/images/ shows
the index with the restriction not working (this appears to be dictated
by '-' missing from Indexes. The behaviour consistent across platforms)
*****

> Nah, it's not off-topic. It's apache httpd configuration. xampp is
> just one possible distribution of our code.
I'm sure this is some weirdness in where Vista changing 'localhost' for
the actual hostname. Both the hosts and LMhost.sam file have:

127.0.0.1 localhost

but none the less, it seems to resolve it to 'vista-pc' instead, using
something like 'hostname'. It is not named vista-pc anywhere else, it
has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box
is called 'square', but Apache manages to get 'localhost' for it. I'm
not sure how relevant this is.

The final point - from Vista calling: http://127.0.0.1/images/index.html
Also 404's if you have .htaccess looking like this:

Order allow,deny
allow from localhost

But *works* (serves the page) if you have this;

Order allow,deny
allow from localhost
allow from 127.0.0.1

I'm starting to wonder if this could be a bug? But why only on Vista???
What am I missing here?

>
> --
> http://us.apachecon.com/c/acus2009/sessions/363
> Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

OT: Vista Xampp and "allow from localhost"

On Wed, 2009-09-30 at 18:29 -0400, Rich Bowen wrote:
> On Sep 30, 2009, at 15:47 , Clive Kinton wrote:
>
> > Has anybody run into some weirdness with Apache 2.2.12 from Xampp on
> > Vista and ip to hostname resolution for 'localhost'? The httpd.conf
is
> > vanilla, as shipped.
> >
> > Specific issue: Trying to limit access to a directory with a
> > simple .htaccess file like:
> >
> > Order deny,allow
> > Deny from all
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> > or even
> >
> > Order allow,deny
> > Allow from localhost
> > Allow from 127.0.0.1
> >
> >> From the localhost calling the protected directory thus:
> > http://127.0.0.1/protected
> >
> > Works - but -
> > http://localhost/protected
> > does not and 403's
>
> What does the error log say when this happens?
>
> "Allow from" doesn't apply to the hostname requested, but the client
> doing the requesting. So the hostname that appears in the URL
> shouldn't have anything at all to do with whether those "allow from"
> directives are honored.

I agree Rich. It should not make a blind bit of difference to it. I was
asked why because I knew 'a little bit' about apache. Initially I mocked
it up on an Ubuntu server* running:

Server version: Apache/2.2.9 (Ubuntu)
Server built: Jul 10 2009 18:43:23

and it is CNR.

*The only subtle difference is the default on Ubuntu is the default site
is a Virtual host called in by apache2.conf

On this with the directives set;

DocumentRoot /home/www/htdocs/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all


and a sub directory /htdocs/protected

with .htaccess within reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://localhost/protected/index.html
http://127.0.0.1/protected/index.html
Both serve as they should from localhost - and are refused from another
client.

The log for the call shows;

localhost - - [01/Oct/2009:08:15:07 +0100] "GET /protected/index.html
HTTP/1.1" 200 ....

And has clearly got 'localhost' as the name of the connecting client.





Now, on the Apache on Vista HP (xampp) with the directives set up in
httpd.conf (rather than VIRTUAL) and some slight path differences:

DocumentRoot "C:/xampp/experiment/htdocs"

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all


With a sub directory /images containing .htaccess reading:

Order deny,allow
Deny from all
Allow from localhost
Allow from 127.0.0.1

http://127.0.0.1/images/index.html
Serves as expected

http://localhost/images/index.html
Throws a 403 with log entry:
vista-pc - - [01/Oct/2009:08:19:22 +0100] "GET /images/index.html
HTTP/1.1" 403 ....

It has resolved localhost to it's actual hostname of 'vista-pc' *so IP
to NAME is doing something* This is different to the Ubuntu box which
resolves 127.0.0.1 to 'localhost' and I suspect this is the issue. I
suspect this comes down to how Vista resolves IP to Name, hence I
suspect it is OT.


ASIDE
*****
Calling without naming the index page: http://localhost/images/ shows
the index with the restriction not working (this appears to be dictated
by '-' missing from Indexes. The behaviour consistent across platforms)
*****

> Nah, it's not off-topic. It's apache httpd configuration. xampp is
> just one possible distribution of our code.
I'm sure this is some weirdness in where Vista changing 'localhost' for
the actual hostname. Both the hosts and LMhost.sam file have:

127.0.0.1 localhost

but none the less, it seems to resolve it to 'vista-pc' instead, using
something like 'hostname'. It is not named vista-pc anywhere else, it
has no DNS entries or host file entries for 'vista-pc'. The Ubuntu box
is called 'square', but Apache manages to get 'localhost' for it. I'm
not sure how relevant this is.

The final point - from Vista calling: http://127.0.0.1/images/index.html
Also 404's if you have .htaccess looking like this:

Order allow,deny
allow from localhost

But *works* (serves the page) if you have this;

Order allow,deny
allow from localhost
allow from 127.0.0.1

I'm starting to wonder if this could be a bug? But why only on Vista???
What am I missing here?

>
> --
> http://us.apachecon.com/c/acus2009/sessions/363
> Apache HTTPD Nuts to Bolts - Two Day Training at ApacheCon
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org