httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Takashi Sato <>
Subject MatchAll description
Date Sat, 15 Nov 2008 02:09:25 GMT
"If none of the directives contained within the <MatchAll> directive fails, 
and at least one succeeds, then the <MatchAll> directive succeeds. "

According to this, following config would grant an access from
with no username/password.

<Location /server-info>
	SetHandler server-info

	AuthType Digest
        AuthName "private area"
        AuthUserFile "/var/www/password"

	Match valid-user
	Match ip

But actually needs to be "valid-user".
Considering difference between MatchAll and MatchAny, 
this is correct behavior.
The How to says different thing from mod_authz_core doc:
"To authorize the request, none of the negated directives can match
their parameters, while all of the positive directives must match their
parameters (or else return a neutral result)."

mod_authz_core doc should be fixed ?

I'm not sure which is better for this mail, docs@ or dev@.


View raw message