httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail T." <>
Subject Re: Resolved (sort of): Struggling with AuthMerging
Date Sat, 03 Aug 2013 03:24:41 GMT
02.08.2013 20:17, Ben Reser написав(ла):
> mod_autoindex automatically provides a directory listing of files
> under a path.  However, by default it doesn't display any paths that
> you don't have access to, e.g. .htaccess.  It does this by issuing
> subrequests for those other paths so that authz can run on them.
> (This behavior could be changed with IndexOptions ShowForbidden).
> mod_dav_svn.  Numerous commands in SVN impact other paths than the URI
> (e.g. `svn list` which is similar to the autoindex case above,
> commiting a copy or move which touch two paths one of which is on in
> the URI but rather in the headers).
The modules in your examples /deliberately/ use the authz mechanism to
generate different output based on the results. But what is doing it in
the case I describe -- where the generated content is exactly the same?

Why would anyone want to provide distinct authorization rules to /foo/
and /foo/index.html, for example? What is a possible use-case?

Likewise, why would anyone configure mod_fastcgi to hand off processing
of PHP-files to FPM:

    FastCGIExternalServer   /usr/sbin/php-fpm -socket /var/run/fpm/main.sock
    AddHandler              php-fastcgi     .php
    Action                  php-fastcgi     /php-fpm
    ScriptAlias             /php-fpm        /usr/sbin/php-fpm

but need the /php-fpm/foo/ to have authorization rules different from
those of /foo/?


View raw message