Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 30922 invoked from network); 22 Sep 2008 17:22:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Sep 2008 17:22:11 -0000 Received: (qmail 89931 invoked by uid 500); 22 Sep 2008 17:22:01 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 89882 invoked by uid 500); 22 Sep 2008 17:22:01 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 89873 invoked by uid 99); 22 Sep 2008 17:22:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Sep 2008 10:22:01 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of poirier@pobox.com designates 207.106.133.19 as permitted sender) Received: from [207.106.133.19] (HELO sasl.smtp.pobox.com) (207.106.133.19) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Sep 2008 17:21:01 +0000 Received: from localhost.localdomain (localhost [127.0.0.1]) by a-sasl-fastnet.sasl.smtp.pobox.com (Postfix) with ESMTP id 8F40E63191 for ; Mon, 22 Sep 2008 13:20:57 -0400 (EDT) Received: from [9.37.243.67] (bi01p1.nc.us.ibm.com [129.33.49.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-sasl-fastnet.sasl.smtp.pobox.com (Postfix) with ESMTPSA id 5ECE563190 for ; Mon, 22 Sep 2008 13:20:57 -0400 (EDT) Message-ID: <48D7D3F7.1080804@pobox.com> Date: Mon, 22 Sep 2008 13:20:55 -0400 From: Dan Poirier User-Agent: Thunderbird 2.0.0.16 (X11/20080724) MIME-Version: 1.0 To: dev@httpd.apache.org Subject: AuthzMergeRules blocks everything in default configuration Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Pobox-Relay-ID: D1CECBB6-88CA-11DD-8744-D0CFFE4BC1C1-25076293!a-sasl-fastnet.pobox.com X-Virus-Checked: Checked by ClamAV on apache.org I hate to re-open this can of worms, but... Unless I'm missing something, in trunk right now, uncommenting includes for the examples like "extra/httpd-manual.conf" does not result in being able to serve the documentation pages. In the main config file: Require all denied blocks all access, and that's inherited by every other or in the configuration, since AuthzMergeRules defaults to On. To make this work, one would have to add AuthzMergeRules Off to every other or in the configuration that isn't a subset of another one that already has it. Doing that makes me wonder what's the point of having it, if we have to turn it off in almost every case to actually serve pages. Or would it make sense to add AuthzMergeRules Off to ? Would that make the rest of the permissions kind of stand alone? I guess then you'd have to add AuthzMergeRules On to any of them whose permissions you wanted inherited by even lower level sections. I read through some previous discussion of the authz inheritance behavior, but it doesn't seem to have considered the effect of having "Require all denied" at the top level, which is overriding everything else by default even when other sections specify other permissions. Dan