bogus_host_without_reverse_dns
This is a discussion on bogus_host_without_reverse_dns within the Linux Web Servers forums, part of the Web Server and Related Forums category; Whil runn http://localhost/server-status I notice a lot of bogus_host_without_reverse_dns turning up. Is there any way of Apache ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-30-2008
|
|||
|
|||
bogus_host_without_reverse_dns
Whil runn http://localhost/server-status I notice a lot of
bogus_host_without_reverse_dns turning up. Is there any way of Apache of any version can drop these requests cold? -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! USA petition for dissolution of your nation! |
|
4 Weeks Ago
|
|||
|
|||
|
Re: bogus_host_without_reverse_dns
On 30 Mar, 15:41, doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
> Whil runnhttp://localhost/server-statusI notice a lot of > > bogus_host_without_reverse_dns > > turning up. > > Is there any way of Apache of any version can drop these requests > cold? It's questionable as to whether they pose any sort of risk. Host based authentication even in a highly controlled network has very dubious merits. If this is a controlled network then solve the problem properly by setting up PTR records in your DNS. If its not a controlled network, then why bother with the expense of resolving every clients ip name (which is probably generating more traffic and expense than dealing with authentication properly) ? A large number of ISPs simply don't bother with reverse lookups on DHCP ranges. Some don't even bother with address records. If you have a justifiable reason for blocking such requests, then Deny from bogus_host_without_reverse_dns should work, but do tell us what that reason is. C. |
|
4 Weeks Ago
|
|||
|
|||
|
Re: bogus_host_without_reverse_dns
In article <6b3c6270-e94b-4f70-912b-11e931dcae9e@q24g2000prf.googlegroups.com>,
C. <colin.mckinnon@gmail.com> wrote: >On 30 Mar, 15:41, doc...@doctor.nl2k.ab.ca (The Doctor) wrote: >> Whil runnhttp://localhost/server-statusI notice a lot of >> >> bogus_host_without_reverse_dns >> >> turning up. >> >> Is there any way of Apache of any version can drop these requests >> cold? > >It's questionable as to whether they pose any sort of risk. Host based >authentication even in a highly controlled network has very dubious >merits. If this is a controlled network then solve the problem >properly by setting up PTR records in your DNS. If its not a >controlled network, then why bother with the expense of resolving >every clients ip name (which is probably generating more traffic and >expense than dealing with authentication properly) ? > >A large number of ISPs simply don't bother with reverse lookups on >DHCP ranges. Some don't even bother with address records. > >If you have a justifiable reason for blocking such requests, then Deny >from bogus_host_without_reverse_dns should work, but do tell us what >that reason is. > >C. > > Half-open requests overload on httpd server. -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God, Queen and country! Beware Anti-Christ rising! USA petition for dissolution of your nation! |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:34 PM.
