httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: "Forbid" directive in core?
Date Mon, 10 Jun 2013 14:17:40 GMT
On 10 Jun 2013, at 3:35 PM, Eric Covener <> wrote:

> I'd like to add an immutable Forbid directive to the core and use it
> in some places in the default configuration instead of "require all
> denied".
> This protects from a broad <Location or <If being added that
> supercedes Directory/Files.

Does Location supercede Directory/Files?

My understanding is that if the Directory/Files says no, then the access is denied, regardless
of what Location says. Or to state it another way, we are successful until the first directive
comes along that says denied. We don't deny, and then later on change our mind and succeed


View raw message