httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christophe JAILLET <christophe.jail...@wanadoo.fr>
Subject Question about some examples in the doc
Date Fri, 17 Apr 2015 20:57:23 GMT
Hi,

looking at comment 
http://httpd.apache.org/docs/current/en/mod/mod_authn_core.html#comment_751,
I think that what is proposed is not enough and that turning:
    Order deny,allow
    Allow from all
into
    Require all granted

is not correct.


"Require all granted" would bypass the "Require valid-user", wouldn't it?

So I think that the best fix would be just to remove the 2 
Order...Allow... lines from the example, just as in the other example 
above it.

Correct?




The same way, in 
http://httpd.apache.org/docs/current/en/mod/mod_info.html#security,
I think that the example:
<Location "/server-info">
     SetHandler server-info
     Order allow,deny
     # Allow access from server itself
     Allow from 127.0.0.1
     # Additionally, allow access from local workstation
     Allow from 192.168.1.17
</Location>

should be turned in:
<Location "/server-info">
     SetHandler server-info
     # Allow access from server itself
     Require ip 127.0.0.1
     # Additionally, allow access from local workstation
     Require ip 192.168.1.17
</Location>

or
<Location "/server-info">
     SetHandler server-info
     # Allow access from server itself or from a local workstation
     Require ip 127.0.0.1 192.168.1.17
</Location>

Correct?

CJ


Mime
View raw message