httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pepper <pep...@reppep.com>
Subject Re: Significance of evaluation order?
Date Wed, 08 Nov 2006 15:26:19 GMT
At 9:40 AM -0500 2006/11/08, Joshua Slive wrote:
>On 11/4/06, Chris Pepper <pepper@reppep.com> wrote:
>
>>Note that Allow and Deny directives are processed <strong>in
>>ascending order</strong>, unlike a typical firewall, where only the
>>first match counts.
>
>That's all fine with me.  But I really don't find "in ascending order"
>to mean anything in particular.  Is that firewall terminology?  I'd
>just say something along the lines of "Note that the <strong>last
>evaluated</strong> Allow or Deny directive sets the final access
>state."

	It needs to be clear that a 'Deny' coming after an 'Allow' 
wins. I was thinking of priorities that climb as you advance through 
the passes, as opposed to firewalls, which never see conflicting 
rules because they stop at the first match.

	Does this table clarify or just confuse? It could also be 
rendered as a couple bulleted lists, but I think it's helpful to see 
the A,D results in relation to the D,A results.

	If we can agree on content, I'll convert to XML and submit.

<table border="1">
	<tr>
		<th>Allow,Deny Match</th>
		<th>Allow,Deny Result</th>
		<th>Deny,Allow Result</th>
	</tr><tr>
		<th>Match Allow only</th>
		<td>Request Allowed</td>
		<td>Request Allowed</td>
	</tr><tr>
		<th>Match Deny only</th>
		<td>Request Denied</td>
		<td>Request Denied</td>
	</tr><tr>
		<th>No match</th>
		<td>Default to second directive (Denied)</td>
		<td>Default to second directive (Allowed)</td>
	</tr><tr>
		<th>Match both Allow &amp; Deny directives</th>
		<td>Final match 'wins': request Denied</td>
		<td>Final match 'wins': request Allowed</td>
	</tr>
</table>


						Thanks,


						Chris
-- 
Chris Pepper:               <http://www.reppep.com/~pepper/>
                             <http://www.reppep.com/weblog/pepper/>
Rockefeller University:     <http://www.rockefeller.edu/>
Mime
View raw message