You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@organic.com> on 1996/07/30 06:40:08 UTC

"order not allowed here"

I'm getting this error with the following .htaccess file on hyperreal, in 
http://hyperreal.com/~brian/aptest/:

  Options Includes FollowSymLinks
  <Limit GET>
  order deny,allow
  deny from all
  allow from .organic.com
  </Limit>

Requests get a server error response like:

[Mon Jul 29 21:32:43 1996] access to
/export/home/brian/public_html/aptest/.htaccess failed for
h32.n145.organic.com, reason: order not allowed here

If I comment out the <Limit> directives, no difference.  If I comment out
"order", then it complains about "deny" similarly, and then on about
"allow".  What could be causing this?  I've been upgrading hyperreal's
servers about once every couple of days to keep up with the cvs tree, and
this has appeared within the last week or so.  Any ideas?  

By the way, the only access.conf setting which should affect that is

  <Directory /export/> 
  Options All Multiviews
  AllowOverride Indexes Options FileInfo AuthConfig 
  XBitHack Full
  </Directory>

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS

Re: "order not allowed here"

Posted by Alexei Kosut <ak...@organic.com>.

On Mon, 29 Jul 1996, Brian Behlendorf wrote:

> On Mon, 29 Jul 1996, Brian Behlendorf wrote:
> > > No... I meant a "Limit" in the AllowOverride. As in "AllowOverride Indexes
> > > Options FileInfo AuthConfig Limit".
> > 
> > Whoa, okay, yes, I had to add that.  I've never considered that I needed
> > to add it before, but it did clear up the problem.  Weird.  Did we just do
> > something which could have made the check for that more conservative?  

I don't think so.

> I'll also add, the error message probably should have said "<Limit> not
> allowed here" instead of "order not allowed here", no?

No... <Limit> is actually allowed everwhere. The "Limit" AllowOverride
option applies to those directives scoped as being activated by the Limit
override bit (order, deny and allow are the only ones in the Apache
distribution). So, correctly, it's the order directive that's not
allowed.

Don't forget you can use <Limit> to affect things not affected by "Limit",
namely authentication. The Auth* directives (which are allowed by the
"AuthConfig" override) also can be placed into a <Limit> section. It's a
tad confusing, I'll grant that.

-- Alexei Kosut <ak...@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/

Re: "order not allowed here"

Posted by Brian Behlendorf <br...@organic.com>.

On Mon, 29 Jul 1996, Brian Behlendorf wrote:
> > No... I meant a "Limit" in the AllowOverride. As in "AllowOverride Indexes
> > Options FileInfo AuthConfig Limit".
> 
> Whoa, okay, yes, I had to add that.  I've never considered that I needed
> to add it before, but it did clear up the problem.  Weird.  Did we just do
> something which could have made the check for that more conservative?  

I'll also add, the error message probably should have said "<Limit> not
allowed here" instead of "order not allowed here", no?

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS

Re: "order not allowed here"

Posted by Brian Behlendorf <br...@organic.com>.

On Mon, 29 Jul 1996, Alexei Kosut wrote:
> On Mon, 29 Jul 1996, Brian Behlendorf wrote:
> 
> > > >   <Directory /export/> 
> > > >   Options All Multiviews
> > > >   AllowOverride Indexes Options FileInfo AuthConfig 
> > > 
> > > Shouldn't there be a "Limit" in there somewhere? The order, allow and deny
> > > directives are all tagged OR_LIMIT, so that'd make sense to me.
> > > 
> > > >   XBitHack Full
> > > >   </Directory>
> > 
> > There was a <Limit GET> in the .htaccess file, but not in the <Directory
> > /export> section.
> 
> No... I meant a "Limit" in the AllowOverride. As in "AllowOverride Indexes
> Options FileInfo AuthConfig Limit".

Whoa, okay, yes, I had to add that.  I've never considered that I needed
to add it before, but it did clear up the problem.  Weird.  Did we just do
something which could have made the check for that more conservative?  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS

Re: "order not allowed here"

Posted by Alexei Kosut <ak...@organic.com>.

On Mon, 29 Jul 1996, Brian Behlendorf wrote:

> > >   <Directory /export/> 
> > >   Options All Multiviews
> > >   AllowOverride Indexes Options FileInfo AuthConfig 
> > 
> > Shouldn't there be a "Limit" in there somewhere? The order, allow and deny
> > directives are all tagged OR_LIMIT, so that'd make sense to me.
> > 
> > >   XBitHack Full
> > >   </Directory>
> 
> There was a <Limit GET> in the .htaccess file, but not in the <Directory
> /export> section.

No... I meant a "Limit" in the AllowOverride. As in "AllowOverride Indexes
Options FileInfo AuthConfig Limit".

-- Alexei Kosut <ak...@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/

Re: "order not allowed here"

Posted by Brian Behlendorf <br...@organic.com>.

On Mon, 29 Jul 1996, Alexei Kosut wrote:
> On Mon, 29 Jul 1996, Brian Behlendorf wrote:
> 
> > [Mon Jul 29 21:32:43 1996] access to
> > /export/home/brian/public_html/aptest/.htaccess failed for
> > h32.n145.organic.com, reason: order not allowed here
> 
> [...]
> 
> >   <Directory /export/> 
> >   Options All Multiviews
> >   AllowOverride Indexes Options FileInfo AuthConfig 
> 
> Shouldn't there be a "Limit" in there somewhere? The order, allow and deny
> directives are all tagged OR_LIMIT, so that'd make sense to me.
> 
> >   XBitHack Full
> >   </Directory>

There was a <Limit GET> in the .htaccess file, but not in the <Directory
/export> section.

But, I thought it was safe to remove <Limit> completely, and the
restrictions would then apply to all methods... yes?

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS

Re: "order not allowed here"

Posted by Alexei Kosut <ak...@organic.com>.

On Mon, 29 Jul 1996, Brian Behlendorf wrote:

> [Mon Jul 29 21:32:43 1996] access to
> /export/home/brian/public_html/aptest/.htaccess failed for
> h32.n145.organic.com, reason: order not allowed here

[...]

>   <Directory /export/> 
>   Options All Multiviews
>   AllowOverride Indexes Options FileInfo AuthConfig 

Shouldn't there be a "Limit" in there somewhere? The order, allow and deny
directives are all tagged OR_LIMIT, so that'd make sense to me.

>   XBitHack Full
>   </Directory>

-- Alexei Kosut <ak...@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/