Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ipv6 breaks v4 acls

807567Aug 7 2010 — edited Aug 11 2010

Hello,

it seems enabling ipv6 in <http-listener> using <family>inet6</family> breaks v4 based acl konfigurations.

This works without v6 enabled:

deny (all) user = "anyone";
allow (read, execute, info, list) (user = "jw") and (ip = "192.168.*");

With v6 enabled, this does not match on a v4 address, which is clear because v4 adresses are now written as ::ffff:192.168..., the client get 403.

The following works for v6 clients:

allow (read, execute, info, list) (user = "jw") and (ip = "2001:470:*");

But if i try to match a v4 client with any rule that is not "*" if fails with "HTTP/1.1" 500"

allow (read, execute, info, list) (user = "jw") and (ip = "::ffff:192.168.*");
allow (read, execute, info, list) (user = "jw") and (ip = "::ffff:*");
allow (read, execute, info, list) (user = "jw") and (ip = "*192*");

The fact that i got 500 instead of 403 let me think i got the syntax but hit a bug. Interestingly does the following work even if it match a v4 adress, but of course, it is useless:

allow (read, execute, info, list) (user = "jw") and (ip = "*");

Regards,
Julian

Locked Post

New comments cannot be posted to this locked post.

Locked on Sep 8 2010

Added on Aug 7 2010

#application-servers, #java-system-web-server

3 comments

167 views