httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Téssio Fechine <precheca...@yahoo.com.br>
Subject Re: [users@httpd] Question About ACL
Date Tue, 27 Mar 2012 12:47:04 GMT


> De: Tom Evans <tevans.uk@googlemail.com>
> Assunto: Re: [users@httpd] Question About ACL
> Para: users@httpd.apache.org
> Data: Segunda-feira, 26 de Março de 2012, 10:14
> 2012/3/26 Téssio Fechine <precheca123@yahoo.com.br>:
> >
> >> Not at all; you are right that that stanza is
> equivalent to
> >> "Order
> >> Allow,Deny", but the behaviour after adding an
> additional
> >> Allow is
> >> different.
> >>
> >> There isn't one right or wrong way, you just have
> to
> >> understand that
> >> there are two ways, and what the differences are.
> >>
> >> Cheers
> >>
> >> Tom
> >
> > "... but the behaviour after adding an additional Allow
> is different."
> > This is what I am trying to understand, but I can't.
> Can you give me an example of that, please?
> >
> > I am starting learning this now, and I can't see any
> difference in these two cases.. only the lack of logic in
> the first one:
> >
> > Order Deny,Allow       (allow everything, unless
> specifically denied)
> > Deny from all          (now deny everything)
> > Allow from apache.org  (now allow this specific
> hosts)
> >
> > Order Allow,Deny       (deny everything by default)
> > Allow from apache.org  (allow this specific hosts)
> >
> > What I am asking is an example of any situation in
> which the first case is preferable.
> > Thanks!
> >
> 
> Consider what would happen if you wanted to allow apache.org
> but deny
> foo.apache.org. Add a "Deny from foo.apache.org" to both,
> and the
> behaviour is different - the former will allow it, but the
> latter will
> deny it.
> 
> The former also makes it more explicit what is happening,
> whilst the
> latter relies on the person reading it understanding what
> "Order
> Allow,Deny" means.
> 
> Cheers
> 
> Tom

Thanks!
Now I see clearly the point of all this..

> Which is exactly why in 2.4 this syntax goes away entirely.
> See http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require

I have just learned something, and it is already outdated! *crying*

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message