How to make Apache allow from localhost by domain name

apache-2.2

I have a redmine server running on ubuntu. I also host an svn repository on the same server.

The svn virtual directory has authorization restrictions per user, but I want to allow the redmine application to be able to access it without providing username.

So, I have put: "Allow from 10.10.10.10", which is the external IP of the server, and it works OK.

But I would like to put the real host name there, and not the external IP.

 
# dnsdpmainname
mydomain.com
# hostname
myserver.mydomain.com
# ping myserver
PING myserver.mydomain.com (10.10.10.10) ... works

BUT ..

# ping myserver.mydomain.com
PING myserver.mydomain.com (127.0.1.1) ... also works, but different IP

I have tried to use both myserver and myserver.mydomain.com in the "Allow from" directive, but none of this works.

I guess the problem is somewhere in the fact that myserver and myserver.mydomain.com resolve to different IPs – one to the external IP, and one of some internal.

Any idea how to fix this? I'd prefer to use a hostname in the Allow directive, and not the IP address (which in theory may change).

Thanks

Best Answer

127.0.0.1 is the so called loopback address which every host has and which doesn't change. Typically it has the associated hostname localhost. The only exception to this rule is when you have IPv6. Its defined localhost address is ::1, most of the time in addition to the IPv4 address.

You should make sure that the address is actually 127.0.0.1 and not the one you stated. While this works too, it will create some hard to debug issues. Have a look into your /etc/hosts file which configures these mappings. And just as a tip: you should never let actual server-names point to 127.0.0.1, only to external IPs. This makes things easier to run and to debug.

I personally have Redmine/ChiliProject typically setup with a special virtual host bound to localhost which provides the unauthenticated access. Another (probably even faster) alternative would be to not use http:// URLs in Redmine but to use file:// URLs and skip the webserver altogether here.

Having said all that, once you have your name resolution properly setup, you can state names in the Apache configuration. Though requires that the reverse-name resolution actually works, i.e. the system is able to resolve IP addresses back to names. This is the case for entries in '/etc/hosts` and for properly setup DNS servers.

If you do this however, you implicitly trust the DNS system to not lie to you which might not be the case. Generally, inserting IPs is the safer choice. And with a bit of documentation this shouldn't hurt too much. Public server IPs don't change that much :)

Related Topic