httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Consequences of disabling mod_authz_host?
Date Sun, 01 Jun 2008 02:44:00 GMT
On Sat, May 31, 2008 at 9:37 PM, Eric <> wrote:
> From what I understand, mod_authz_host always performs two DNS lookups
> per request when mod_authz_host is enabled, regardless of whether any
> host-based blockings are used.

No, that's not true to the best of my knowledge. If it were true, it
would be a major bug. The lookups are performed only for hostnames (or
things that appear to mod_authz_host to be hostnames).

> I don't need that, in fact, the only
> part of mod_authz_host I use is to set "Order allow,deny" and "Allow
> from all" or "Deny from all".
> If I disable mod_authz_host, what are the risks? Currently the only
> blocks I have are from:
> <Directory />
>  Order allow,deny
>  Deny from all
> </Directory>
> and
> <FilesMatch "^\.svn">
>  Order allow,deny
>  Deny from all
> </FilesMatch>
> I can block the latter with mod_rewrite. Is the first even necessary?
> It was in my distro's default httpd.conf.

If you don't need host-based blocking, you can disable mod_authz_host.
The first block is basically just a safety feature to try to prevent
you from accidentally exposing things that you intend to be protected.
If the rest of your config is correct, it doesn't do anything.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message