» »

ID #1146

The settings in hosts.xml don't seem to work.

The hosts.xml files are used to allow/deny access to different products from some IPs or classes of IPs. The client's IP is tested against the rules in the hosts.xml file and the first one that matches is applied - all the following rules are ignored.

When getting the hostname related to a given IP the Java mechanism has a spoof protection that, sometimes, will not give optimal results.

The following situation will not give the expected results: 
1. Java asks the DNS server for the hostname related to an IP address (reverse DNS)
2. When the DNS server replies with the hostname, Java asks the same DNS server for the IP address of that particular hostname
3. If the initial IP address and the one returned as the result of request #2 above do not match, then Java returns the initial IP address.
 
This process may interfere with the way we compare the client IP address against the ones stored in the hosts.xml file. Due to the above Java protection, some IP addresses will not match against a given domain even if their reverse DNS name belongs to that particular domain.

Categories for this entry

Tags: access, allow, deny, DNS, firewall, host, ip, reverse

Related entries: -

Last update: 2013-09-02 16:13
Author: Administrator
Revision: 1.0

Print this record Send FAQ to a friend Show this as PDF file
Rate this FAQ

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry

powered by phpMyFAQ 2.7.2