httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Authentication
Date Wed, 02 Oct 2002 23:16:00 GMT

The pattern is:

  <Directory> (and .htaccess'es within those directories)

with the <Limit[Except]>s parsed in the appropriate container.

We repeat <Location> because the original <Location> could
have changed in translate_name, and yes, the URI permissions
or restrictions always override any file-based permissions.

E.g., you could have a 

DocumentRoot /thatpath

Alias /secure-dav/ /thatpath/

<Location /secure-dav>
    Dav On

and even though DAV is OFF in the <Directory /thatpath> ...
the server will still allow a DAV view within the /secure-dav/...

This is how 1.3 and 2.0 have always worked.


At 06:06 PM 10/2/2002, Jerry Baker wrote:
>André Malo says:
>>Sorry, I can't believe, that it worked ever before the way you
>>described. Are you sure, that you've changed nothing else?
>So Location matches are even more important than .htaccess matches? That doesn't make
sense. I would think that a directive in .htaccess is always more specific than one in the
config files.
>Jerry Baker

View raw message