httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe+gm...@sunstarsys.com>
Subject inconsistency in the "Order" documentation
Date Tue, 27 Mar 2007 02:25:53 GMT
Since forever, the documentation for Order claims this:

==================================================
Ordering is one of:

Deny,Allow
    First, all Allow directives are evaluated; at least one must match,
    or the request is rejected. Next, all Deny directives are
    evaluated. If any matches, the request is rejected. Last, any
    requests which do not match an Allow or a Deny directive are denied
    by default.
Allow,Deny
    First, all Deny directives are evaluated; if any match, the request
    is denied unless it also matches an Allow directive. Any requests
    which do not match any Allow or Deny directives are permitted. 
==================================================

Shouldn't those descriptions be reversed?  If you do reverse them,
it reads more consistently with the rest of the docs on the page:

==================================================
In the following example, all hosts in the apache.org domain are allowed
access; all other hosts are denied access. 

Order Deny,Allow
Deny from all
Allow from apache.org

In the next example, all hosts in the apache.org domain are allowed
access, except for the hosts which are in the foo.apache.org subdomain,
who are denied access. All hosts not in the apache.org domain are denied
access because the default state is to Deny access to the server. 

Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org

On the other hand, if the Order in the last example is changed to
Deny,Allow, all hosts will be allowed access. This happens because,
regardless of the actual ordering of the directives in the configuration
file, the Allow from apache.org will be evaluated last and will override
the Deny from foo.apache.org. All hosts not in the apache.org domain
will also be allowed access because the default state is Allow 
==================================================

I'd be happy to provide a patch for all the docs if
folks agree.

-- 
Joe Schaefer


Mime
View raw message