Added Q&A concerning access restriction by host/domain name,

  <!--#include virtual="header.html" -->

  <H1>Apache Server Frequently Asked Questions</H1>

  <P>

  $Revision: 1.43 $ ($Date: 1997/04/26 06:58:39 $)

  $Revision: 1.44 $ ($Date: 1997/04/26 12:21:14 $)

  </P>

  <P>

  The latest version of this FAQ is always available from the main

<!--    on his own system, which may not be configured for          -->

<!--    multiviews.   Leave off the ".html" extension for absolute  -->

<!--    links to sites which are known to run multiviews (e.g.,     -->

<!--    apache.or or apacheweek.com).                               -->

<!--    apache.org or apacheweek.com).                              -->

<!--  - When adding items, make sure they're put in the right place -->

<!--    - verify that the numbering matches up.                     -->

<!--  - Don't forget to include an HR tag after the last /P tag     -->

<!-- - can't bind to port 80                                        -->

<!--   - permission denied                                          -->

<!--   - address already in use                                     -->

<!-- - access control based on DNS name really needs MAXIMUM_DNS    -->

<!--   and double-check that rDNS resolves to name expected         -->

<!-- - mod_auth & passwd lines "user:pw:.*" - ++1st colon onward is -->

<!--   treated as pw, not just ++1st to --2nd.                      -->

<!-- - SSL:                                                         -->

   <LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>

   </LI>

   <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in 

    mod_cookies?</A>

    <SAMP>mod_cookies</SAMP>?</A>

   </LI>

   <LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain text

    when I request an URL from an Apache server?</A>

   <LI><A HREF="#wheres-the-dump">The errorlog says Apache dumped core,

    but where's the dump file?</A>

   </LI>

   <LI><A HREF="#dnsauth">Why isn't restricting access by host or domain name

    working correctly?</A>

   </LI>

   <LI><A HREF="#SSL-i">Why doesn't Apache include SSL?</A>

   </LI>

  </OL>

  <P>

  The Apache project's web site includes a page with a partial list of

  <A

   HREF="http://www.apache.org/info/apache_users.html"

   HREF="http://www.apache.org/info/apache_users"

  >sites running Apache</A>.

  </P>

  <HR>

  be swamped by a flood of trivial questions that can be resolved elsewhere.

  Bug reports and suggestions should be sent <EM>via</EM>

  <A

   HREF="http://www.apache.org/bug_report.html"

   HREF="http://www.apache.org/bug_report"

  >the bug report page</A>.

  Other questions should be directed to the

  <A

  module.

  This module was distributed with Apache prior to 1.2.

  This module may help track users, and uses cookies to do this. If

  you are not using the data generated by mod_cookies, do not compile

  it into Apache. Note that in 1.2 this module was renamed to the

  more correct name 

  you are not using the data generated by <SAMP>mod_cookies</SAMP>, do

  not compile it into Apache. Note that in 1.2 this module was renamed

  to the more correct name 

  <A

   HREF="../mod/mod_usertrack.html"

  ><SAMP>mod_usertrack</SAMP></A>,

  <HR>

 </LI>

 <LI><A NAME="cookies2">

      <STRONG>Why don't my cookies work, I even compiled in mod_cookies?

      <STRONG>Why don't my cookies work, I even compiled in

      <SAMP>mod_cookies</SAMP>?

      </STRONG>

     </A>

  <P>

  Firstly, you do <EM>not</EM> need to compile in mod_cookies in order

  for your scripts to work (see the <A HREF="#cookies1">previous question</A>

  for more about mod_cookies). Apache passes on your Set-Cookie header

  fine, with or without this module. If cookies do not work it will

  be because your script does not work properly or your browser does

  not use cookies or is not set-up to accept them.

  Firstly, you do <EM>not</EM> need to compile in

  <SAMP>mod_cookies</SAMP> in order for your scripts to work (see the

  <A

   HREF="#cookies1"

  >previous question</A>

  for more about <SAMP>mod_cookies</SAMP>). Apache passes on your

  <SAMP>Set-Cookie</SAMP> header fine, with or without this module. If

  cookies do not work it will be because your script does not work

  properly or your browser does not use cookies or is not set-up to

  accept them.

  </P>

  <HR>

 </LI>

  </P>

  <HR>

 </LI>

 <LI><A NAME="dnsauth">

      <STRONG>Why isn't restricting access by host or domain name

      working correctly?</STRONG>

     </A>

  <P>

  Two of the most common causes of this are:

  </P>

  <OL>

   <LI><STRONG>An error, inconsistency, or unexpected mapping in the DNS

    registration</STRONG>

    <BR>

    This happens frequently: your configuration restricts access to

    <SAMP>Host.FooBar.Com</SAMP>, but you can't get in from that host.

    The usual reason for this is that <SAMP>Host.FooBar.Com</SAMP> is

    actually an alias for another name, and when Apache performs the

    address-to-name lookup it's getting the <EM>real</EM> name, not

    <SAMP>Host.FooBar.Com</SAMP>.  You can verify this by checking the

    reverse lookup yourself.  The easiest way to work around it is to

    specify the correct host name in your configuration.

   </LI>

   <LI><STRONG>Inadequate checking and verification in your

    configuration of Apache</STRONG>

    <BR>

    If you intend to perform access checking and restriction based upon

    the client's host or domain name, you really need to configure

    Apache to double-check the origin information it's supplied.  You do

    this by adding the <SAMP>-DMAXIMUM_DNS</SAMP> clause to the

    <SAMP>EXTRA_CFLAGS</SAMP> definition in your

    <SAMP>Configuration</SAMP> file.  For example:

    <DL>

     <DD><CODE>EXTRA_CFLAGS=-DMAXIMUM_DNS</CODE>

     </DD>

    </DL>

    <P>

    This will cause Apache to be very paranoid about making sure a

    particular host address is <EM>really</EM> assigned to the name it

    claims to be.  Note that this <EM>can</EM> incur a significant

    performance penalty, however, because of all the name resolution

    requests being sent to a nameserver.

    </P>

   </LI>

  </OL>

  <HR>

 </LI>

 <LI><A NAME="SSL-i">

      <STRONG>Why doesn't Apache include SSL?</STRONG>

     </A>

  governments have restrictions upon the import, export, and use of

  encryption technology.  If Apache included SSL in the base package,

  its distribution would involve all sorts of legal and bureaucratic

  issues., and it would no longer be freely available.  Also, some of

  issues, and it would no longer be freely available.  Also, some of

  the technology required to talk to current clients using SSL is 

  patented by <A HREF="http://www.rsa.com/">RSA Data Security</A>, 

  who restricts its use without a license.