httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25000] - conflicting ORDER documentation
Date Wed, 26 Nov 2003 06:53:05 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25000>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25000

conflicting ORDER documentation

jwoolley@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From jwoolley@apache.org  2003-11-26 06:53 -------
Believe it or not, these two descriptions are not conflicting.  :)  Given that, 
this is really a question for the user support list, but I'll go ahead and 
answer it here in case somebody else does a search for this sometime in the 
future:

Let me try to rephrase the snippets you quoted.. maybe that will help.

The second snippet says that the Order directive determines whether Denys or 
Allows are processed first.  But more importantly, it also says that whichever 
one is processed last is the default.  This means, for example, that if you 
specify "Order deny,allow", then any client that is *neither* explicitly denied 
nor explicitly allowed is allowed by default.  If you use "Order allow,deny", 
then any client that is neither explicitly denied nor explicitly allowed is 
denied by default.

The first snippet is saying that if you use "Order deny,allow" AND you leave 
out the "Deny" line altogether, then everybody will be allowed (both those 
explicitly Allowed and everybody else because allow would then be the 
default).  However, if you have "Order deny,allow" and you "Deny from all", 
then the behavior for all clients is explicitly specified, and thus 
the "default to allow" behavior has no impact at all.  And in that case, you 
need to use "Order deny,allow", so that your "Deny from all" can be overridden 
by explicit "Allow"'s.

OR, you could use "Order allow,deny", as long as you do NOT "Deny from all". 
This would mean you explicitly allowed some clients, and everybody else is 
denied explicitly or by default.  The reason you can't use "Deny from all" 
with "Order allow,deny" is that EVERYBODY would be denied, since the denies get 
processed last and override the allows.

Does that help?  Or just muddy it up further?  :)

If you have further questions, please refer them to the user support mailing 
list.  See http://httpd.apache.org/userslist.html

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message