Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: IP format? |
|
| Author |
|
Doug22
Joined: 02 Jun 2013
Posts: 57
Location: Houston TX
|
 Posted: Fri 05 Sep '14 2:43 Post subject: IP format? |
 |
|
OK, so why does an IP in my log look like | Quote: | | adsl-99-18-231-133.dsl.aus2tx.sbcglobal.net |
in one entry, and then a couple of seconds later? User agent is the same in each entry, so it's the same requester. But the IP looks different. Why doesn't it show up the same?
Not that I want to deny this requester, but if I did, should I deny one entry, the other, or both? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 05 Sep '14 2:59 Post subject: |
|
|
HostnameLookups On (or Double in 2.4 only)
adsl-99-18-231-133.dsl.aus2tx.sbcglobal.net
HostnameLookups Off or the lookup fails for whatever reason
99.18.231.133
Deny by IP ... always works even when a hostname lookup fails.
see: http://httpd.apache.org/docs/2.4/mod/core.html#hostnamelookups |
|
| Back to top |
|
Doug22
Joined: 02 Jun 2013
Posts: 57
Location: Houston TX
|
| Posted: Fri 05 Sep '14 3:33 Post subject: |
|
|
OK, so my log is showing either IP or hostname. Where is this HostnameLookup command supposed to go? .htaccess? httpd.conf?
Actually, my logs mostly show IPs. You're saying that in my system it's set to "On" (by default, I guess) but the lookup often fails?
Now, as I said, the IP and corresponding hostname appeared in my log on consecutive lines. If it could look the hostname up once for that IP, why wasn't it able to find that hostname the second time?
I gather that setting Hostnamelookup to "On" just adds network activity, because it has to go do that lookup. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 05 Sep '14 4:24 Post subject: |
|
|
| Doug22 wrote: | | I gather that setting Hostnamelookup to "On" just adds network activity, because it has to go do that lookup. |
Just as the docs stated.
| Doug22 wrote: | | OK, so my log is showing either IP or hostname. Where is this HostnameLookup command supposed to go? .htaccess? httpd.conf? |
No really, the docs are your friend even when they are confusing, you eventually absorb the stuff you do not understand at first. They also tell you whether a directive is in the core or a module (and which module needs to be loaded), where in your config said directive can be placed and last but hardly least, which AllowOveride needs to be set to allow use of said directive in a .htaccess file.
Let's have a look at them together ok?
http://httpd.apache.org/docs/2.4/mod/core.html#hostnamelookups
Looking at the docs in the box at the top of the HostnameLookups section I see;
Default: HostnameLookups Off
Context: server config, virtual host, directory
Module: core
So there I see it's part of the core so always available, it has to be set in the server config (global), a <VirtualHost> or a <Directory> container ... so nooooo .htaccess for this one!
It also tells me that it is Off by default. The one thing it doesn't tell me is where to find it in all those pesky .conf files if at all, not everything is. This one happens to be in conf/extra/httpd-default.conf since Apache 2.2, which by default itself is not Included at the bottom of httpd.conf.
Depending on where you got your Apache I suppose depends on whether it was turned on by them, if you didn't turn it on.
| Doug22 wrote: | | Actually, my logs mostly show IPs. You're saying that in my system it's set to "On" (by default, I guess) but the lookup often fails? |
I said nothing of the sort, but I admit I did not mention that not every IP will reverse to a hostname, many will not because they have no hostname set up for them by the ISP.
| Doug22 wrote: | | Now, as I said, the IP and corresponding hostname appeared in my log on consecutive lines. If it could look the hostname up once for that IP, why wasn't it able to find that hostname the second time? |
Ummm fate? Bad luck? DNS server congestion? Who's to say really. Maybe there is a lookups per second limit on the dns server of your ISP? I cannot answer this  |
|
| Back to top |
|
Doug22
Joined: 02 Jun 2013
Posts: 57
Location: Houston TX
|
| Posted: Fri 05 Sep '14 4:47 Post subject: |
|
|
Thank you. That's a big help. I appreciate your patience.
Now, when I go into httpd-default.conf, which you pointed me to, I see "Hostnamelookup Off". I've never touched it. It's always been that way. So, um, why is it doing lookups at all?
In fact, it's a little strange that my logs all of a sudden have lots of hostnames in place of IPs. So something has turned the lookups on. I used to see hostnames only rarely. Of course, if Hostnamelookup has been off, then why do I ever see them at all??
Now, I do occasional messing around with my .htaccess file, mostly in being selective about access, but nothing else, and I don't think I ever did anything that looked like it pertained to lookups! |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 05 Sep '14 4:59 Post subject: |
|
|
| Add any third party modules and copy their configs verbatim from examples? One may have had you add it elsewhere. If your text editor you use can do Find in Files type search, search your conf directory for hostnamelookups and see if it's been added elsewhere. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 05 Sep '14 5:28 Post subject: |
|
|
Ohhhhhh, one thing the docs did state and it did not click in my peanut at the time of my prior post was;
| The Magical Mystery Docs wrote: | | Regardless of the setting, when mod_authz_host is used for controlling access by hostname, a double reverse lookup will be performed. |
So if some things are being controlled by this module (i.e. Require host somehost.com ) then for those items I suppose it will lookup the IP, so if these items being logged with the hostname are same for all the different IPs, this may possibly be why? |
|
| Back to top |
|
Doug22
Joined: 02 Jun 2013
Posts: 57
Location: Houston TX
|
| Posted: Fri 05 Sep '14 15:05 Post subject: |
|
|
| glsmith wrote: | | Add any third party modules and copy their configs verbatim from examples? One may have had you add it elsewhere. If your text editor you use can do Find in Files type search, search your conf directory for hostnamelookups and see if it's been added elsewhere. |
OK, I grepped around in my Apache2 directory for "HostnameLookups". Found it only in httpd-default.conf, set by default to Off". So it isn't running around anywhere else. I have not added any third-party modules.
In my httpd.conf, I have
| Code: | | LoadModule authz_host_module libexec/apache2/mod_authz_host.so |
but it's not obvious that I'm doing anything with mod_authz_host. None of this has been changed, by the way.
But this is really strange. All of a sudden my logs show lots of hostnames. Something changed, and I have done nothing unusual. |
|
| Back to top |
|
Doug22
Joined: 02 Jun 2013
Posts: 57
Location: Houston TX
|
| Posted: Sat 06 Sep '14 16:02 Post subject: |
|
|
And the answer is ... pretty simple, and a little suprising.
Around the time my system started doing these Lookups, we were diddling with my .htaccess file. We included a Deny command for an IP range, but had the "bright" idea to comment that line in the command line. As in
Deny 123.456 #this is why this is denied
Now, Apache didn't complain. It just kept serving. But it interpreted that # field as a hostname, and for every request, which consulted the .htaccess file for permission, it ran into that # field. Evidently it interpreted that field as a hostname, and said, gee, I'd better do a reverse DNS lookup, which it strangely did for the incoming IP.
So this appears to be a case where an error in the .htaccess file doesn't shut down Apache (Apache is notably intolerant of mistakes in that file), but had it go off doing other stuff.
So I removed that Deny command, and everything works like it used to. I again only have IP numbers in my logs. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 06 Sep '14 19:09 Post subject: |
|
|
Glad you found it.
Note, Apache doesn't like comments trailing directives, use the line above. It only ignore lines that begin with # |
|
| Back to top |
|
|
|
|
|
|
