<!--#include virtual="header.html" -->
<H1>Apache Server Frequently Asked Questions</H1>
<P>
- $Revision: 1.43 $ ($Date: 1997/04/26 06:58:39 $)
+ $Revision: 1.44 $ ($Date: 1997/04/26 12:21:14 $)
</P>
<P>
The latest version of this FAQ is always available from the main
<!-- on his own system, which may not be configured for -->
<!-- multiviews. Leave off the ".html" extension for absolute -->
<!-- links to sites which are known to run multiviews (e.g., -->
-<!-- apache.or or apacheweek.com). -->
+<!-- apache.org or apacheweek.com). -->
<!-- - When adding items, make sure they're put in the right place -->
<!-- - verify that the numbering matches up. -->
<!-- - Don't forget to include an HR tag after the last /P tag -->
<!-- - can't bind to port 80 -->
<!-- - permission denied -->
<!-- - address already in use -->
-<!-- - access control based on DNS name really needs MAXIMUM_DNS -->
-<!-- and double-check that rDNS resolves to name expected -->
<!-- - mod_auth & passwd lines "user:pw:.*" - ++1st colon onward is -->
<!-- treated as pw, not just ++1st to --2nd. -->
<!-- - SSL: -->
<LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>
</LI>
<LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in
- mod_cookies?</A>
+ <SAMP>mod_cookies</SAMP>?</A>
</LI>
<LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain text
when I request an URL from an Apache server?</A>
<LI><A HREF="#wheres-the-dump">The errorlog says Apache dumped core,
but where's the dump file?</A>
</LI>
+ <LI><A HREF="#dnsauth">Why isn't restricting access by host or domain name
+ working correctly?</A>
+ </LI>
<LI><A HREF="#SSL-i">Why doesn't Apache include SSL?</A>
</LI>
</OL>
<P>
The Apache project's web site includes a page with a partial list of
<A
- HREF="http://www.apache.org/info/apache_users.html"
+ HREF="http://www.apache.org/info/apache_users"
>sites running Apache</A>.
</P>
<HR>
be swamped by a flood of trivial questions that can be resolved elsewhere.
Bug reports and suggestions should be sent <EM>via</EM>
<A
- HREF="http://www.apache.org/bug_report.html"
+ HREF="http://www.apache.org/bug_report"
>the bug report page</A>.
Other questions should be directed to the
<A
module.
This module was distributed with Apache prior to 1.2.
This module may help track users, and uses cookies to do this. If
- you are not using the data generated by mod_cookies, do not compile
- it into Apache. Note that in 1.2 this module was renamed to the
- more correct name
+ you are not using the data generated by <SAMP>mod_cookies</SAMP>, do
+ not compile it into Apache. Note that in 1.2 this module was renamed
+ to the more correct name
<A
HREF="../mod/mod_usertrack.html"
><SAMP>mod_usertrack</SAMP></A>,
<HR>
</LI>
<LI><A NAME="cookies2">
- <STRONG>Why don't my cookies work, I even compiled in mod_cookies?
+ <STRONG>Why don't my cookies work, I even compiled in
+ <SAMP>mod_cookies</SAMP>?
</STRONG>
</A>
<P>
- Firstly, you do <EM>not</EM> need to compile in mod_cookies in order
- for your scripts to work (see the <A HREF="#cookies1">previous question</A>
- for more about mod_cookies). Apache passes on your Set-Cookie header
- fine, with or without this module. If cookies do not work it will
- be because your script does not work properly or your browser does
- not use cookies or is not set-up to accept them.
+ Firstly, you do <EM>not</EM> need to compile in
+ <SAMP>mod_cookies</SAMP> in order for your scripts to work (see the
+ <A
+ HREF="#cookies1"
+ >previous question</A>
+ for more about <SAMP>mod_cookies</SAMP>). Apache passes on your
+ <SAMP>Set-Cookie</SAMP> header fine, with or without this module. If
+ cookies do not work it will be because your script does not work
+ properly or your browser does not use cookies or is not set-up to
+ accept them.
</P>
<HR>
</LI>
</P>
<HR>
</LI>
+ <LI><A NAME="dnsauth">
+ <STRONG>Why isn't restricting access by host or domain name
+ working correctly?</STRONG>
+ </A>
+ <P>
+ Two of the most common causes of this are:
+ </P>
+ <OL>
+ <LI><STRONG>An error, inconsistency, or unexpected mapping in the DNS
+ registration</STRONG>
+ <BR>
+ This happens frequently: your configuration restricts access to
+ <SAMP>Host.FooBar.Com</SAMP>, but you can't get in from that host.
+ The usual reason for this is that <SAMP>Host.FooBar.Com</SAMP> is
+ actually an alias for another name, and when Apache performs the
+ address-to-name lookup it's getting the <EM>real</EM> name, not
+ <SAMP>Host.FooBar.Com</SAMP>. You can verify this by checking the
+ reverse lookup yourself. The easiest way to work around it is to
+ specify the correct host name in your configuration.
+ </LI>
+ <LI><STRONG>Inadequate checking and verification in your
+ configuration of Apache</STRONG>
+ <BR>
+ If you intend to perform access checking and restriction based upon
+ the client's host or domain name, you really need to configure
+ Apache to double-check the origin information it's supplied. You do
+ this by adding the <SAMP>-DMAXIMUM_DNS</SAMP> clause to the
+ <SAMP>EXTRA_CFLAGS</SAMP> definition in your
+ <SAMP>Configuration</SAMP> file. For example:
+ <DL>
+ <DD><CODE>EXTRA_CFLAGS=-DMAXIMUM_DNS</CODE>
+ </DD>
+ </DL>
+ <P>
+ This will cause Apache to be very paranoid about making sure a
+ particular host address is <EM>really</EM> assigned to the name it
+ claims to be. Note that this <EM>can</EM> incur a significant
+ performance penalty, however, because of all the name resolution
+ requests being sent to a nameserver.
+ </P>
+ </LI>
+ </OL>
+ <HR>
+ </LI>
<LI><A NAME="SSL-i">
<STRONG>Why doesn't Apache include SSL?</STRONG>
</A>
governments have restrictions upon the import, export, and use of
encryption technology. If Apache included SSL in the base package,
its distribution would involve all sorts of legal and bureaucratic
- issues., and it would no longer be freely available. Also, some of
+ issues, and it would no longer be freely available. Also, some of
the technology required to talk to current clients using SSL is
patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>,
who restricts its use without a license.
projects / apache / commitdiff