httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Takashi Sato <taka...@lans-tv.com>
Subject Re: MatchAll description
Date Mon, 24 Nov 2008 15:50:00 GMT
> Takashi Sato wrote:
> 
> > http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#matchall
> > "If none of the directives contained within the <MatchAll> directive fails,

> > and at least one succeeds, then the <MatchAll> directive succeeds. "
> > 
> > According to this, following config would grant an access from 127.0.0.1
> > with no username/password.
> > 
> > <Location /server-info>
> > 	SetHandler server-info
> > 
> > 	AuthType Digest
> >       AuthName "private area"
> >       AuthUserFile "/var/www/password"
> > 
> > 	Match valid-user
> > 	Match ip 127.0.0.0/8
> > </Location>
> > 
> > But actually 127.0.0.1 needs to be "valid-user".
> 
>    Yes, that's true, because the "valid-user" authz provider will
> succeed for any request with a login (it assumes the authn providers
> have authenticated that login), but fail for any request without
> a login.  So in the case you describe, it fails, which means the block
> as a whole fails (since one or more of the directives failed).
> 
>    There are certainly some subtle aspects to all of this, in particular,
> the way that "positive" directives (like Match and Require) can only
> return success or failure, while "negated" directives can only return
> failure or a neutral value.  Then you've got the specific action of
> the various authz providers.

Thanks for explanation. I thought "positive" directives can only return
success or neutral value.
 
>    Here I might think we want to add a note to the docs on the
> valid-user provider that it fails if there's no login.  Would that help,
> do you think?

I'm looking at mod_authz_user.xml, and IMHO it is sufficient.
I feel like add something to mod_authz_core.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message