httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: 401 response with reject ip?
Date Wed, 26 Jul 2006 15:11:36 GMT

>>>>On Mon, Jul 24, 2006 at  9:02 AM, in message <>,

>    Well, I think that the following patch in mod_authz_core.c fixes the problem that
you are looking at:
> @@ -628,16 +633,25 @@
>          switch (auth_result) {
>              case AUTHZ_DENIED:
> +            case AUTHZ_NEUTRAL:

It seems that this patch is incomplete as AUTHZ_NEUTRAL is not defined.
Furthermore doesn't mod_authz_host has to return AUTHZ_NEUTRAL?

> However, this brings up the question, what does "reject" actually mean?  "Require" means
that if true then authorization
> is granted otherwise authorization is denied.  "Reject" obviously means that if true,
then authorization is denied but
> it does not necessarily mean the opposite.  So in the case that you defined:
>><location />
>>  reject ip
> obviously if the request is coming from then the request is denied.  But if
the request comes from some other
> ip address, is authorization automatically granted?  I don't think it is.  There still
needs to be a "Require" statement
> in the configuration somewhere.

It does give me access when I get there from an IP != without any
further require directive. I don't know if this is works as designed or a bug.



View raw message