httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: Bad choice of directory names for info- & status-modules
Date Thu, 25 Jul 1996 00:58:55 GMT
On Wed, 24 Jul 1996, Roy T. Fielding wrote:

> It seems weird to me to have a Files directive as well.  I have always
> been of the opinion that authorization and access should be controlled
> at the namespace level (with URLs) and not at the filesystem level.

Well, Apache already controls access at the filesystem level - even if you
ignore <Directory>, you still have .htaccess files, which are about as
filesystem as you can get. And many sites rely on them. <Files> is an
extension of that - it allows users who already have .htaccess files to
fine-tune that control. Which I think is a useful feature.

> BTW, what are the precedence rules?  Does access have to satisfy all
> directives which match, or only the most explicit (which begs the question
> of which is more explicit if they are all wildcards)?

Precedence is an interesting thing. First, <Directory> sections are
matched (in descending filesystem order), then <Location> sections are
matched (in the order they appear in the config file), then (if you apply
my patch), <Files> sections are applied (first any that appear in the
config file, then the ones in .htaccess files, again in descending
filesystem order.)

If a directive appears in more than one section that applies to the same
file, the behavior is defined by the module that handles it. For example,
AddType will just merge type. The auth and access directives (I believe)
override the previous one. So, the short answer is, for auth and access,
<Files> overrides <Location> with overrides <Directory>.

-- Alexei Kosut <>            The Apache HTTP Server

View raw message