You are here

Block title
Block content

Fedora 3.3 Update: IPv6 Loopback Variants and Default Policies

By Chris Wilper
Ithaca, NY Fedora 3.3: a couple of the (deny-*-if-not-localhost) default policies were updated to work in IPv6 environments by adding ::1 as an acceptable client address (FCREPO-581).
I was recently testing something unrelated, and found when I tried to do certain operations using my browser, authorization failed.  Further digging revealed that in these cases, my client ip address, as
reported by Servlet.getRemoteAddr(), was 0:0:0:0:0:0:0:1%0, which didn’t match the acceptable IP addresses in the default policies.
The first part makes sense to me…it’s the long form of the IPv6 loopback address, and allowing for that variant makes perfect sense. What I’m puzzled about is the trailing ‘%0′.
For the time being, I’ve added both 0:0:0:0:0:0:0:1 and 0:0:0:0:0:0:0:1%0 to the default policies, since it seems obvious that neither would be reported as the address of a non-local host. But the
‘%0′ is a mystery…any ideas?