httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pepper <pep...@reppep.com>
Subject Re: Significance of evaluation order?
Date Wed, 01 Nov 2006 23:31:05 GMT
At 6:22 PM -0500 2006/11/01, Eric Covener wrote:
>On 11/1/06, Chris Pepper <pepper@reppep.com> wrote:
>>         I (again) banged my head against Order today.
>><http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html#order>
>>says:
>>
>>>Deny,Allow
>>>The Deny directives are evaluated before the Allow directives.
>>>Access is allowed by default. Any client which does not match a Deny
>>>directive or does match an Allow directive will be allowed access to
>>>the server.
>>
>>         I'm used to 'evaluated before' meaning first match applies
>>(firewall style), and any later matches never being checked.
>
>If the incoming host matches both a Deny and an Allow, and Deny is
>evaluated first, then the Allow later on will toggle access back on.
>The result is very different if you don't consider which of the
>Allow/Deny run first, assuming someone matches one of each.
>
>Order Deny,Allow
># Default allow
># Uh oh, these are listed in the opposite order that Apache evaluates them
># Might be a sign of confusion
>Allow from bar.com
>Deny from foo.bar.com
>
>This is in contrast to "stop at first match of either type" or "follow
>the order in httpd.conf".
>
>One reason to think about rewording is that the phrase that talks
>about default access policy comes "after" the phrase about the order
>of evaluation -- but  it's actually a description of the initial
>state.
>
>"Order Deny, Allow: Access is allowed by default, then all Deny
>directives are applied, followed by all Allow directives."

	I think a better wording would be to say that the second 
directive overrides, and sets the default state. 'before' just seems 
confusing.


						Chris
-- 
Chris Pepper:               <http://www.reppep.com/~pepper/>
                             <http://www.reppep.com/weblog/pepper/>
Rockefeller University:     <http://www.rockefeller.edu/>

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message