httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert.kenning...@yahoo.com
Subject Re: Significance of evaluation order?
Date Fri, 03 Nov 2006 23:09:54 GMT
> ... lots of problem

Thanks for clarifying the spaces. State's fine.  

> "Clients are allowed access if they do not match any Deny directive <strong>or</strong>
they do match an Allow directive." 

This language is a rehash of the old language.  Logically, it's correct but difficult to read.

Whereas, "Then all Allow directives are applied followed by all Deny directives " takes a
different approach to describing how the state is changed when the initial state is Deny.


I thought it clarified Chris's initial confusion as it states the Deny directives are applied
last but I guess I did not specify the last directive WINS. But, which last directive?

> that the last evaluated directive wins. 

in the Allow,Deny isn't it the LAST DENY directive that wins and vice versa for the latter
case?  Or, better yet, of the DENY directives, are they processed in sequential order after
the ALLOW directives?

Bob K. 

----- Original Message ----
From: Joshua Slive <joshua@slive.ca>
To: docs@httpd.apache.org
Sent: Friday, November 3, 2006 3:57:45 PM
Subject: Re: Significance of evaluation order?

On 11/3/06, Rich Bowen <rbowen@rcbowen.com> wrote:
>
> On Nov 3, 2006, at 15:33, robert.kennington@yahoo.com wrote:
>
> >   Here are some proposed definitions:
> >
> > Order Allow, Deny:  Initially a flag for each incoming URL is set
> > to Deny.  Then all Allow directives (i.e. "Allow foobar.org") are
> > applied followed by all Deny directives regardless or which order
> > the Allow and Deny directives appear after the Order directive.
> >
> > Order Deny, Allow:  Initially a flag for each incoming URL is set
> > to Allow.  Then all Deny directives (i.e. "Allow foobar.org") are
> > applied followed by all Allow directives regardless of which order
> > the Allow and Deny directives appear after the Order directive.
>
> +1. These are an improvement over what we have, and will alleviate
> much confusion.

I'm all for improvements, but this suggestions has lots of problem:
- No space after the comma between Allow and Deny.
- "for each incoming URL" is superfluous and confusing.
- The mini example "(i.e. ...)" doesn't add anything
- Why introduce the concept of a "flag"?  I think it just obscures things.
- It doesn't solve Chris' initially reported confusion, which is that
it needs to be specified that the last evaluated directive wins.

How about:

Deny,Allow
The access state is initially set to <em>allowed</em>.  The Deny
directives are then evaluated, followed by the Allow directives, with
the last matching directive setting the final access state.  Clients
are allowed access if they do not match any Deny directive
<strong>or</strong> they do match an Allow directive.

Allow,Deny
The access state is initially set to <em>denied</em>.  The allow
directives are then evaluated, followed by the Deny directives, with
the last matching directive setting the final access state.  Clients
are allowed access if they do not match any Deny directive
<strong>and</strong> they do match an allow directive.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message