httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: 1.1b5 access.conf
Date Tue, 02 Jul 1996 06:10:55 GMT
On Mon, 1 Jul 1996, Alexei Kosut wrote:
> On Mon, 1 Jul 1996, Nathan Neulinger wrote:
> > This brings up something that has been bugging me for quite some time...
> > Having to worry about adding new <Limit> options every time we add support
> > for a new method... And having to list them all out.
> > 
> > I personally would REALLY like to be able to do this:
> > 
> > <Limit>
> >         whatever
> > </Limit>
> > 
> > Which would limit EVERYTHING. Since that is almost always what I do anyway.
> Correct me if I'm wrong, but if you use the auth/access commands outside
> of a <Limit>, they should apply to everything. At least, I think that's
> what RST said, and I think I've successfully done that.

Holy smokes.  Why didn't I think of that?  Sheesh.  Yes yes yes.  We
should change access.conf to remove references to <Limit>, and <Limit>
should be documented as "use this *only* when you want a particular set of
access control directives to apply to a particular set of methods".  

It begs the question of whether something like this is legal:

<Directory /blah>
<Limit GET HEAD>
require group anyone
<Limit POST PUT>
require group admin



View raw message