Home

Report Bug

Search BUGZ

Outstanding

Recently Closed

Browse Bugs

FAQ

Inside AddedValues

Members
Join Now
Login

Bug Report 000010



Reported : 00:11; 17Feb2002 (changed 23:41; 15Oct2005)
Reported By : Samuel Reynolds
Status : Unknown ( Update)
Software Item : Mainresponder
Abstract : mainResponder.security.blockHttpByIP doesn't do zones
What I did : Set config.mainresponder.allowedIpAddresses to 10.131.5.*
What I Expected : Sites served from the server instance could be accessed from within the department, but not from the rest of the company intranet.
What Happened : Nobody could access the server, including someone at the server. Everyone simply gets the standard no-permission page.
Impact : I can work around it
Supporting Notes :
Supporting Files :
Developer :

Possible Fix:

After

if client == string.trimWhiteSpace (s)

return (true)

add the following:

if string.nthField (s, '.', numFields) == '*'

local (s_bit)

for idx = 1 to numFields

s_bit = string.nthField (s, '.', idx)

if s_bit == '*'

return (true)

if s_bit != string.nthField (client, '.')

break

This would allow IP ranges in config.mainResponder.prefs.allowedIpAddresses with formats n.*, n.n.*, and n.n.n.*.
--2002/02/17; 00:39:52 Samuel Reynolds ( sam at spinwardstars dot com )

Detail:

The script gets each comma-separated IP address from config.mainResponder.prefs.allowedIpAddresses, removes leading/trailing whitespace, and makes the following test:

if client == string.trimWhiteSpace (s)

return (true)

This will only recognize exact, four-field IP addresses (such as 127.0.0.1), not address ranges (such as 10.131.5.*).
--2002/02/17; 00:28:12 Samuel Reynolds ( sam at spinwardstars dot com )




Last update: Saturday, October 15, 2005 at 11:41:12 PM. Send spam to gotcha@baylys.com