httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: A related random question
Date Sat, 19 Oct 1996 09:44:36 GMT
Alexei Kosut wrote:
> 
> On Wed, 16 Oct 1996, Ben Laurie wrote:
> 
> > I agree. I'm slightly less convinced that <File> should override <Location>
but
> > the point is moot.
> 
> It is? Why? Actually, I've been thinking about this, and the more I
> think about it, the more I'm beginning to think that maybe I should
> swap <Files> and <Location> (well, server-config <Files> at least -
> the ones in .htaccess will always have to come last).

Err, actually, as I see it, it goes <Directory ...>, then .htaccess, then
<Location ...>, then <Files ...>. <Directory ...> and <Location ...>
are not
permitted in .htaccess files, but <Files ...> is. Whether it gets used is
another question, though. If it does, I fail to see how...

> The same sort of
> reasoning applies:
> 
> <Directory />
> allow from none
> deny from all
> </Directory>
> 
> <Files ~ "\.(html|gif)$">
> allow from all
> deny from none
> </Files>
> 
> <Location /status>
> SetHandler server-status
> deny from all
> allow from my.domain.only
> </Location>
> 
> The user would probably want a request to /status/.html from a
> non-my.domain.only site to be denied. I can't think of a good reason
> for <Files> sections to override <Location> ones. It just seemed like
> a good arbitrary decision to make at the time.
> 
> Anyone have any opinions one way or the other? We have yet to release
> a release with <Files> in it, so it's defenitely not to late to change
> it. (anyone who runs unreleased software does so at their own risk).

I think locations should override files.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.            Apache Group member (http://www.apache.org)

Mime
View raw message