On 30 Mar, 15:41, doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> Whil runnhttp://localhost/server-statusI notice a lot of
>
> bogus_host_without_reverse_dns
>
> turning up.
>
> Is there any way of Apache of any version can drop these requests
> cold?

It's questionable as to whether they pose any sort of risk. Host based
authentication even in a highly controlled network has very dubious
merits. If this is a controlled network then solve the problem
properly by setting up PTR records in your DNS. If its not a
controlled network, then why bother with the expense of resolving
every clients ip name (which is probably generating more traffic and
expense than dealing with authentication properly) ?

A large number of ISPs simply don't bother with reverse lookups on
DHCP ranges. Some don't even bother with address records.

If you have a justifiable reason for blocking such requests, then Deny
from bogus_host_without_reverse_dns should work, but do tell us what
that reason is.

C.