httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Re: Significance of evaluation order?
Date Sat, 04 Nov 2006 14:25:49 GMT
On Nov 4, 2006, at 12:11:36 AM, Chris Pepper <> wrote:
>    I think there should be some explanation of the names (at 
> least to help remember what they are). How's this?
> The Allow and Deny directives (and the Order directive) control a 
> three-pass access control method. The first pass processes all Allow 
> or Deny directives, as specified by the Order directive. The second 
> pass parses the rest of the directives (Deny or Allow). The third 
> "default" pass applies to all requests which do not match either of 
> the first two.
> Note that Allow and Deny directives are processed <strong>in 
> ascending order</strong>, unlike a typical firewall, where only the 
> first match counts. Additionally, the order in which lines appear in 
> the configuration files is not significant -- all Allow lines are 
> processed as a group, and all Deny lines are considered together.
> Allow,Deny
> First, all Allow directives are evaluated; at least one must match, 
> or the request is rejected. Next, all Deny directives are evaluated. 
> If any matches, the request is rejected. Last, any requests which do 
> not match an Allow or a Deny directive are denied by default.
> Deny,Allow
> First, all Deny directives are evaluated; if any match, the request 
> is denied <strong>unless</strong> it also matches an Allow directive. 
> Any requests which do not match any Allow or Deny directives are 
> permitted.
Good intro.  Definitions are easy to follow and quickly recall.

+1. Chris's revision is an improvement over what we have, and will alleviate much confusion.

Bob K.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message