httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: Significance of evaluation order?
Date Fri, 03 Nov 2006 20:57:45 GMT
On 11/3/06, Rich Bowen <rbowen@rcbowen.com> wrote:
>
> On Nov 3, 2006, at 15:33, robert.kennington@yahoo.com wrote:
>
> >   Here are some proposed definitions:
> >
> > Order Allow, Deny:  Initially a flag for each incoming URL is set
> > to Deny.  Then all Allow directives (i.e. "Allow foobar.org") are
> > applied followed by all Deny directives regardless or which order
> > the Allow and Deny directives appear after the Order directive.
> >
> > Order Deny, Allow:  Initially a flag for each incoming URL is set
> > to Allow.  Then all Deny directives (i.e. "Allow foobar.org") are
> > applied followed by all Allow directives regardless of which order
> > the Allow and Deny directives appear after the Order directive.
>
> +1. These are an improvement over what we have, and will alleviate
> much confusion.

I'm all for improvements, but this suggestions has lots of problem:
- No space after the comma between Allow and Deny.
- "for each incoming URL" is superfluous and confusing.
- The mini example "(i.e. ...)" doesn't add anything
- Why introduce the concept of a "flag"?  I think it just obscures things.
- It doesn't solve Chris' initially reported confusion, which is that
it needs to be specified that the last evaluated directive wins.

How about:

Deny,Allow
The access state is initially set to <em>allowed</em>.  The Deny
directives are then evaluated, followed by the Allow directives, with
the last matching directive setting the final access state.  Clients
are allowed access if they do not match any Deny directive
<strong>or</strong> they do match an Allow directive.

Allow,Deny
The access state is initially set to <em>denied</em>.  The allow
directives are then evaluated, followed by the Deny directives, with
the last matching directive setting the final access state.  Clients
are allowed access if they do not match any Deny directive
<strong>and</strong> they do match an allow directive.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message