httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Darroch <>
Subject Re: AuthzMergeRules blocks everything in default configuration
Date Thu, 04 Dec 2008 20:30:14 GMT
Hi --

Eric Covener wrote:

> I had meant iif containers are used, I'd like their name to
> communicate the "require" or "reject" part while the authz providers
> would be "match"-like (because the Require on the inside is confusing
> when surrounted by all the variations)

   Yes, I thought that was a good point; my further thought was that
the container names can't imply require/reject either though, because
they can be nested and so their meaning can be inverted if they're
contained in a negated context.

Roy T. Fielding wrote:

> But we are already using *Match all over the place to indicate the
> use of regex matching. :(

   These are good points; I hadn't thought of the "overlap" with
LocationMatch and friends.

   A lot of the other obvious access-control-related words and terms
are also already in use, especially for older authorization directives
(e.g., Allow, Deny, Order, Limit, Require, Satisfy, etc.)  In order
to avoid confusion, we should probably stay away from all of these too.

   Perhaps something like Check or Test would suffice, maybe prefixed
with Authz?  Hopefully someone else has a good idea, or at least
stronger opinions.  :-)


GPG Key ID: 366A375B
GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B

View raw message