Friday, February 5, 2010

Resolving the /etc/hosts localhost Issue in Apache

This week I once again ran into a problem I've encountered before: issues caused by the default values in /etc/hosts used in several Linux distributions, including older versions of Debian and Ubuntu.

It seems to have been fixed in Debian Lenny, but I've encountered it on at least one recently installed machine, so other applications may be overwriting the file incorrectly.

The problematic localhost line in /etc/hosts looks like this:
127.0.0.1 localhost.localdomain localhost

Unfortunately, this setup confuses some applications. I've seen this cause problems with kpropd and other Kerberos apps.

A host with this setup will identify itself locally as host/localhost.localdomain, whereas the Kerberos setup usually expects host/localhost.

This week, I encountered problems with Apache 2 access restrictions. Access to a particular page was refused, with this error message in the logs:
[error] [client 127.0.0.1] client denied by server configuration: /oursite/status
The relevant part of the Apache2 config section for that directory was:

    # other configuration options here
    Order allow,deny
    allow from localhost

Switching in 127.0.0.1 for localhost in the Apache2 config got things working again. However, the better fix was to change that back and instead edit /etc/hosts to read:

127.0.0.1 localhost

Alternatively, this should also work:

127.0.0.1 localhost localhost.localdomain

The important point is to have localhost as the canonical name for 127.0.0.1. There's some discussion of this on an old thread on the debian-devel list.

Note: Another option would have been to edit the Apache2 config to read

allow from localhost.localdomain

but as this setting in /etc/hosts is known to cause other problems (and, indeed, is arguably Just Wrong!), it makes more sense to fix it there.

1 comment: