httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [vote] 2.1.9 as beta
Date Wed, 02 Nov 2005 20:26:40 GMT
Colm MacCarthaigh wrote:
> 
> I think the text "Deny from all" is a particularly dangerous thing to
> have not work as advertised! No matter how well documented :/

The question though, is where can Deny from all be expected to work?

Certainly not in <Directory /foo> - the cached entity no longer lives there.

Perhaps in <Location /foo> - but running the full handlers, dealing with all
the regex'es all over again defeats the purpose of running a fast cache.

Certainly in <VirtualHost www.cachedhost.example.com> ... although authnz
doesn't work correctly there in the first place ;-)

And certainly globally, if I ran a large mass vhost, yet knew full well that
a list of proxies would corrupt my content, I might

   Deny from 10.123.55.0/24

but again, authn/authz doesn't work globally.

We can discuss 'enabling' the map to storage for <Location > and running the
authz stack, but we would have to ensure we bypass the filesystem dir/files
entities.  The deepest relevant level is <Location >.

And maybe, have you considered a <CachedLocation > / <CachedLocationMatch >
container for mod_cache?  This would have the benefit that very long lists
of directives would be ignored/not merged, in favor of a much shorter and
very specific list that benefits the cache by keeping it fast, while giving
the user the option to tweak the behavior of content, once cached.




Mime
View raw message