Two of the most common causes of this are:
- An error, inconsistency, or unexpected
mapping in the DNS registration
This happens frequently: your configuration restricts
access to host.domain.com, but you can’t get
in from that host. The usual reason for this is that host.domain.com is actually an alias for
another name, and when Apache performs the
address-to-name lookup it’s getting the real
name, not host.domain.com. You can verify
this by checking the reverse lookup yourself. The easiest
way to work around it is to specify the correct host name
in your configuration. -
Inadequate checking and verification in your
configuration of Apache
If you intend to perform access checking and
restriction based upon the client’s host or domain
name, you really need to configure Apache to
double-check the origin information it’s supplied. You
do this by adding the -DMAXIMUM_DNS clause
to the EXTRA_CFLAGS definition in your
Configuration file. For example:EXTRA_CFLAGS=-DMAXIMUM_DNS
This will cause Apache to be very paranoid about
making sure a particular host address is
really assigned to the name it claims to be.
However, note that this can incur a significant
performance penalty, because of all the name
resolution requests being sent to a nameserver.