httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Téssio Fechine <precheca...@yahoo.com.br>
Subject Re: [users@httpd] Question About ACL
Date Mon, 26 Mar 2012 12:23:01 GMT


> De: Tom Evans <tevans.uk@googlemail.com>
> Assunto: Re: [users@httpd] Question About ACL
> Para: users@httpd.apache.org
> Data: Segunda-feira, 26 de Março de 2012, 8:19
> 2012/3/26 Téssio Fechine <precheca123@yahoo.com.br>
> >
> > Hello,
> > I am learning apache, and the ironic part is that
> reading the apache
> > documentation on acl reinforced my doubt in this
> matter.
> >
> > In this part:
> > In the following example, all hosts in the apache.org
> domain are allowed
> > access; all other hosts are denied access.
> >
> > Order Deny,Allow
> > Deny from all
> > Allow from apache.org
> >
> > ---
> > My interpretation on this example:
> >
> > Order Deny,Allow   (allow everything, unless
> specifically denied)
> > Deny from all   (deny everything.. kind of
> contradictory after the last
> > line)
> > Allow from apache.org   (allow this specific hosts)
> >
> > ---
> > Why not use this, that has fewer steps and seems more
> logical?:
> >
> > Order Allow,Deny   (deny by default)
> > Allow from apache.org   (allow this specific hosts)
> >
> > I am getting it wrong or what? Why almost every example
> I see seems kind
> > of contradictory?
> 
> The main differences are when you match both allow and deny,
> or match neither.
> 
> With "allow,deny", you must match an "allow", and not match
> any
> "deny"s to get access, and with "deny,allow", you always get
> access
> unless you match a "deny".
> 
> This allows you to control whether it is more important that
> if you
> specifically deny someone that they do not get access, or
> whether it
> is more important that if you specifically allow someone
> that they do
> get access.
> 
> Cheers
> 
> Tom
> 

So, constructions like that:

Order Deny,Allow   (allow by default)
Deny from all      (deny everything)

are indeed kind of pointless, right? Nonetheless it's the most used form, even in the official
documentation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message