Missing apache "Require forward-dns" feature in virtualmin apache 2.4.6 build?

3 posts / 0 new
Last post
#1 Tue, 07/30/2019 - 14:49
h2ojunkie

Missing apache "Require forward-dns" feature in virtualmin apache 2.4.6 build?

System: Clean install of Centos 7.6.1810

Clean install of virtualmin installed using install.sh

Apache version: yum info httpd Installed Packages Name : httpd Arch : x86_64 Epoch : 1 Version : 2.4.6 Release : 89.el7.vm Size : 9.4 M Repo : installed From repo : virtualmin Summary : Apache HTTP Server URL : http://httpd.apache.org/ License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server.

Mod_authz_host docs: https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

I'm trying to use the "Require forward-dns" that was added back in apache 2.4.19, but anytime I try to use it I get the following 500 error: [Tue Jul 30 19:37:53.713103 2019] [core:alert] [pid 8100] [client xxx.xx.xxx.xxx:57826] /home/domain.com/public_html/.htaccess: Unknown Authz provider: forward-dns

mod_authz_host module is installed and working, and confirmed by using "Require host" in .htaccess, which works and has the expected results.

I know the DNS lookups are working, since Require host first does a reverse DNS lookup on the host, then does a forward DNS lookup on the host returned by the original reverse DNS request. So it appears based on the error, that forward-dns is not enabled in the 2.4.6 build shipping with the virtualmin repo.

It's either that, or I'm missing something in the docs. But if that feature is missing from the 2.4.6 build shipping in the virtualmin repo, I'm wondering if it's missing in the upstream centos apache build as well, or when apache is being compiled for the virtuilmin repo, is the version not actually 2.4.6?

For the life of me, I can't figure out why forward-dns isn't working. And even at debug log level, apache isn't giving any extra info other than "unknown Authz provider: forward-dns"

Has anyone been able to get forward-dns to work?

Wed, 07/31/2019 - 05:46
suskozaver

U sure, the module is installed and loaded? Run: sudo apachectl -t -D DUMP_MODULES

my output, i don't see Mod_authz_host Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) auth_basic_module (shared) auth_digest_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) dav_module (shared) dav_fs_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) fcgid_module (shared) filter_module (shared) lbmethod_byrequests_module (shared) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) php7_module (shared) proxy_module (shared) proxy_balancer_module (shared) proxy_connect_module (shared) proxy_fcgi_module (shared) proxy_http_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) slotmem_shm_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) suexec_module (shared)

Also see: https://stackoverflow.com/questions/51765242/require-forward-dns-not-wor...

Wed, 07/31/2019 - 13:41
h2ojunkie

errgh, i just realized what was wrong.

In my brain, I was reading the apache docs to say the feature was added in 2.4.1.9 (when it's really 2.4.19). The apache version in the virtualmin repo is only 2.4.6, and that feature isn't in that version of apache. So...looks like I'm off to build my own apache from source. (centos and their super-old versions of shit)