Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EB8F2192A5 for ; Thu, 24 Mar 2016 14:52:23 +0000 (UTC) Received: (qmail 49348 invoked by uid 500); 24 Mar 2016 14:52:22 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 49264 invoked by uid 500); 24 Mar 2016 14:52:22 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 49255 invoked by uid 99); 24 Mar 2016 14:52:22 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Mar 2016 14:52:22 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 6F374C9F5C for ; Thu, 24 Mar 2016 14:52:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1 X-Spam-Level: * X-Spam-Status: No, score=1 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id ApGc8v2vFMYl for ; Thu, 24 Mar 2016 14:52:21 +0000 (UTC) Received: from boipeva.ensmp.fr (boipeva.ensmp.fr [194.214.158.136]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTP id 891185F2F2 for ; Thu, 24 Mar 2016 14:52:21 +0000 (UTC) Received: from cri.ensmp.fr (wifi2-mpt-223.paris.ensmp.fr [192.168.153.223]) (authenticated bits=0) by boipeva.ensmp.fr (8.15.2/8.15.1/JMMC-22/Oct/2013) with ESMTPSA id u2OEqDSw002126 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Mar 2016 15:52:13 +0100 Date: Thu, 24 Mar 2016 15:52:13 +0100 (CET) From: fabien@apache.org X-X-Sender: fabien@sto To: httpd-dev Subject: Re: [VOTE] access control for dynamic hosts In-Reply-To: Message-ID: References: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Miltered: at boipeva.ensmp.fr with ID 56F3FF1D.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Auth: USER-ID fabien.coelho X-j-chkmail-Enveloppe: 56F3FF1D.000 from wifi2-mpt-223.paris.ensmp.fr/wifi2-mpt-223.paris.ensmp.fr/192.168.153.223/cri.ensmp.fr/ Hello Yann, > I guess this question is for me, not the doc :) Yep! > [...] So, finally, mentioning that *any* ip/host-based authz should be > combined with other authz/authn (SSL certificates, credentials schemes, > ...) for stronger requirements may be the way to go. I agree that combining authz is the way to go, esp. with sensitive applications which are more and more hosted outside of organizations, or even provided as SaaS. I'm not sure of a good place to discuss authorization policies in general in the documentation though. > Or maybe simply not change the doc since all this might be quite obvious... I would be fine with this solution:-) -- Fabien.