You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2006/08/02 01:34:21 UTC
Re: svn commit: r427780 - in /httpd/httpd/trunk: docs/manual/mod/mod_authz_core.xml modules/aaa/mod_auth.h modules/aaa/mod_authz_core.c
On 8/1/06, bnicholes@apache.org <bn...@apache.org> wrote:
> Author: bnicholes
> Date: Tue Aug 1 15:54:38 2006
> New Revision: 427780
>
> URL: http://svn.apache.org/viewvc?rev=427780&view=rev
> Log:
> Converted the reject directive to be definitive and enabled directory_merge to merge all of the authorization rules and logic.
Can you explain how you do something like the following:
Allow access from anywhere except IPs starting 10.2, but also allow
access from the specific subnet 10.2.1.
Joshua.
Re: svn commit: r427780 - in /httpd/httpd/trunk:
docs/manual/mod/mod_authz_core.xml modules/aaa/mod_
Posted by Brad Nicholes <BN...@novell.com>.
>>> On 8/1/2006 at 5:34 PM, in message
<e4...@mail.gmail.com>, "Joshua
Slive"
<jo...@slive.ca> wrote:
> On 8/1/06, bnicholes@apache.org <bn...@apache.org> wrote:
>> Author: bnicholes
>> Date: Tue Aug 1 15:54:38 2006
>> New Revision: 427780
>>
>> URL: http://svn.apache.org/viewvc?rev=427780&view=rev
>> Log:
>> Converted the reject directive to be definitive and enabled
directory_merge
> to merge all of the authorization rules and logic.
>
> Can you explain how you do something like the following:
>
> Allow access from anywhere except IPs starting 10.2, but also allow
> access from the specific subnet 10.2.1.
>
> Joshua
Good point, I have reverted the reject directive being definitive and
determined that I can achieve the same thing through other means. As
far as answering your question. You can do it now, this way:
<SatisfyAll>
reject ip 10.2
require ip 10.2.1
</SatisfyAll>
Brad