Ubuntu – Apache “allow from” rule only works with ip addresses

apache-2.2Ubuntu

I have a pretty simple apache2 setup on a personal server – i.e. very little customization in the configuration file except for allow/deny rules, and I just upgraded Ubuntu versions from 8.04 – 8.10 on the machine in question. However, despite keeping the apache configuration files during the upgrade, apache now gives me "403 fobidden" if I try to access a formerly accessible web page, unless I use the local host. If I change

Allow from hostname.domain.local

Allow from 192.168.1.xxx

in the apache configuration file for the directory I'm requesting, I can access the page without a hitch.

Unfortunately my Apache skill set is not very advanced. Can anyone offer any suggestions as to why this might be happening?

Here's a few things we've tried:

nslookup by hostname an ip address
from the affected computer (I get the
expected results)
php -r 'echo gethostbyaddr("192.168.1.196")."\n";'
This command replied with a hostname

Best Answer

Ok, I found the problem: It has to do with the avahi-daemon: see bug 80900 If I disable the daemon, apache works fine. There may be a configuration file I can edit, too, but for now disabling the daemon is all I can take time to do. I'll update this question if I find a better answer!

Related Solutions

Mod_proxy failing as forward proxy in simple configuration

Shouldn't it be

<IfModule proxy_module>
  <IfModule proxy_http_module>

    <Proxy *>
      Order Deny,Allow
      Deny from all
      Allow from some.approved.list
    </Proxy>

  </IfModule>
</IfModule>

Serving images from another hostname vs Apache overload for the rewrites

to redirect main.com/image.jpg (I understand we'll have to do a 301) to cdn.main.com/image.jpg

This is a bad idea, don't do it.

Your long question is kind of hard to follow. As I understand it, you're worried about the server load, not how fast the site loads for your end users.

If you're worried about server capacity, either:

Get a bigger server or
Use a in-RAM proxy server in front of your HTTP server (Squid, Varnish, Apache Traffic Server) or
Use a inexpensive Content Delivery Network to cache your static content closer to the end users, reducing both page load time and load on your servers.

thus the browser being able to have more connections.

The browser parallel download limit is a little bit of a red herring -- modern browsers download 6-8 files in parallel from the same hostname. It's only old browsers (IE6, IE7) which really suffer from this limitation.

If you're worried about the end user's page load speed, then use a CDN, that's good advice in all situations were your users are spread out over a large geographical area (ie you have a global audience).

301s of all images on a page be penalized by google?

Possibly. But more likely, it will be hated by your users. For each image request you're first serving a 301, and then the correct image from another URL. That means 2 round trips to the servers for every single image, and hence significantly longer page load time for your users.

Best Answer

Related Solutions

Mod_proxy failing as forward proxy in simple configuration

Serving images from another hostname vs Apache overload for the rewrites

Related Topic