httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Order Mutual-failure
Date Tue, 26 Sep 2000 01:46:32 GMT
I've never been able to figure this out either.  What the heck is
"Order Mutual-failure" supposed to do?

From: (ljb)
Newsgroups: comp.infosystems.www.servers.unix
Subject: Apache "Order Allow,Deny" vs "Order Mutual-failure"?
Date: 26 Sep 2000 01:15:32 GMT
Organization: MindSpring Enterprises
Lines: 26
Message-ID: <8qotbk$7i2$>
X-no-archive: yes
User-Agent: slrn/ (UNIX)

After reading the Apache documentation (and the O'Reilly book, and another
book on security) I was still really confused about the 3 choices for
"Order" in Allow /Deny access rules. So I looked at the source, and now it
seems to me the documentation is wrong, and "Order Allow,Deny" is exactly
the same as "Order Mutual-failure". Look at this summary of the code in
mod_access.c (Apache 1.3.12) check_dir_access(), and tell me if I'm wrong.

    if (a->order[method] == ALLOW_THEN_DENY) {
        ret = FORBIDDEN;
        if (find_allowdeny(r, a->allows, method)) ret = OK;
        if (find_allowdeny(r, a->denys, method)) ret = FORBIDDEN;
    else /* (a->order[method] == MUTUAL_FAILURE) */ {
        if (find_allowdeny(r, a->allows, method)
            && !find_allowdeny(r, a->denys, method))
            ret = OK;
            ret = FORBIDDEN;

To me, both cases above (ALLOW_THEN_DENY and MUTUAL_FAILURE) result
in the exact same value of "ret" for any set of returns from
find_allowdeny(). Am I wrong? Can someone show me a case where
"Order Allow,Deny" differs from "Order Mutual-failure"?

View raw message