httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@hotwired.com>
Subject access control
Date Thu, 30 Nov 1995 02:34:25 GMT
I'm finding the documentation on access control to be confusing given
the behaviour.  Consider this:

    DocumentRoot /var/www

    <Directory />
    order mutual-failure
    allow from 204.62.132.
    </Directory>

    <Directory /var/www>
    Options All Multiviews
    deny from 204.62.132.32
    </Directory>

A server running this denies only the host 204.62.132.32, and allows
everything else.  But the documentation says:

    If multiple directory sections match the directory (or its parents)
    containing a document, then the directives are applied in the order
    of shortest match first, interspersed with the directives from
    the .htaccess files.

Which seems more like it would merge the directives.  I think I
understand why it doesn't merge the directives, but it's not clear how
things override.  There seem to be 'classes' of directives, and if any
member of a class is present then all directives in that class from
shorter matches are ignored.

What is the easiest way to ensure a server denies access based on ip?
(Aside from me going and playing with our firewall.)  My config files
are m4-ized and so I'm just sticking all the allow/denies into my macros.
But that generates a huge config file.

Dean

Mime
View raw message