httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: 401 response with reject ip?
Date Wed, 26 Jul 2006 15:11:36 GMT

>>>>On Mon, Jul 24, 2006 at  9:02 AM, in message <44C4E0FA.8060205@apache.org>,
> 

> 
> 
>    Well, I think that the following patch in mod_authz_core.c fixes the problem that
you are looking at:
> 
> @@ -628,16 +633,25 @@
> 
>          switch (auth_result) {
>              case AUTHZ_DENIED:
> +            case AUTHZ_NEUTRAL:

It seems that this patch is incomplete as AUTHZ_NEUTRAL is not defined.
Furthermore doesn't mod_authz_host has to return AUTHZ_NEUTRAL?

> 
> 
> However, this brings up the question, what does "reject" actually mean?  "Require" means
that if true then authorization
> is granted otherwise authorization is denied.  "Reject" obviously means that if true,
then authorization is denied but
> it does not necessarily mean the opposite.  So in the case that you defined:
> 
> 
>><location />
>>  reject ip 127.0.0.1
>></location>
> 
> 
> obviously if the request is coming from 127.0.0.1 then the request is denied.  But if
the request comes from some other
> ip address, is authorization automatically granted?  I don't think it is.  There still
needs to be a "Require" statement
> in the configuration somewhere.

It does give me access when I get there from an IP != 127.0.0.1 without any
further require directive. I don't know if this is works as designed or a bug.

Regards

RĂ¼diger



Mime
View raw message