httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: AuthzMergeRules blocks everything in default configuration
Date Mon, 03 Nov 2008 19:52:14 GMT

On 11/03/2008 08:12 PM, Chris Darroch wrote:
> Dan Poirier wrote:
>> I'd find it much easier to understand if we had fewer directives, and
>> just built up the more complicated ideas by writing boolean
>> expressions, which most of us already know how to cope with.
>   Perhaps, and the underlying code should support a range of alternative
> configuration schemes; if someone wants to add an expression parser,
> that should be feasible.
>   My own perspective was that I wanted to satisfy number of goals,
> in descending order of priority:
>   First, and most important, I wanted to ensure default 2.2-style
> authz.  Imagine administrating a large mass virtual hosting service
> whose customers have uploaded thousands of .htaccess files, and trying
> to upgrade to 2.4.  Clearly, those .htaccess files need to work exactly
> as before.  Even if we supplied a batch conversion script that could
> find and auto-upgrade them, customers would later upload their own private
> copies of their old files, thus inadvertently breaking their sites.
>   So, that meant an OR-like context for Require directives, and
> no merging of authz configurations by default.  This whole thread
> started because I was trying mod_authz_dbd and noticed it didn't
> work as expected because AuthzMergeRules was On (i.e., "OR") by default.
> (In my previous message I described switching to an AND-like default
> context for Require directives, but realized before committing that
> that would break with this prime directive of backwards-compatibility.)
>   So, if people could please test with 2.2-style authz configurations
> and make sure everything works as expected, that would be superb.

One of the authz tests breaks on trunk since a long time (I think it
started to break after Brad refactored the code):

# Running under perl version 5.008008 for linux
# Current time local: Mon Nov  3 20:46:36 2008
# Current time GMT:   Mon Nov  3 19:46:36 2008
# Using version 1.25
# Using Apache/ version 1.31
ok 1
not ok 2
# Failed test 2 in t/http11/basicauth.t at line 24
ok 3
FAILED test 2
        Failed 1/3 tests, 66.67% okay
Failed Test          Stat Wstat Total Fail  Failed  List of Failed
t/http11/basicauth.t                3    1  33.33%  2
Failed 1/1 test scripts, 0.00% okay. 1/3 subtests failed, 66.67% okay.

I was hoping that your patches would fix this, but sadly they did not.
>From what I reviewed, the authz code should now react similar to the
2.2.x authz code, but apprently it does not.
As you have crawled that deeply in the authz code you seem to be
the natural person to have a look at this failing test :-).
I think this would be greatly appreciated.
Otherwise I think it is cool work that can be used for very
complex configuration needs.



View raw message