You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2006/08/02 01:34:21 UTC

Re: svn commit: r427780 - in /httpd/httpd/trunk: docs/manual/mod/mod_authz_core.xml modules/aaa/mod_auth.h modules/aaa/mod_authz_core.c

On 8/1/06, bnicholes@apache.org <bn...@apache.org> wrote:
> Author: bnicholes
> Date: Tue Aug  1 15:54:38 2006
> New Revision: 427780
>
> URL: http://svn.apache.org/viewvc?rev=427780&view=rev
> Log:
> Converted the reject directive to be definitive and enabled directory_merge to merge all of the authorization rules and logic.

Can you explain how you do something like the following:

Allow access from anywhere except IPs starting 10.2, but also allow
access from the specific subnet 10.2.1.

Joshua.

Re: svn commit: r427780 - in /httpd/httpd/trunk: docs/manual/mod/mod_authz_core.xml modules/aaa/mod_

Posted by Brad Nicholes <BN...@novell.com>.

>>> On 8/1/2006 at 5:34 PM, in message
<e4...@mail.gmail.com>, "Joshua
Slive"
<jo...@slive.ca> wrote:
> On 8/1/06, bnicholes@apache.org <bn...@apache.org> wrote:
>> Author: bnicholes
>> Date: Tue Aug  1 15:54:38 2006
>> New Revision: 427780
>>
>> URL: http://svn.apache.org/viewvc?rev=427780&view=rev 
>> Log:
>> Converted the reject directive to be definitive and enabled
directory_merge 
> to merge all of the authorization rules and logic.
> 
> Can you explain how you do something like the following:
> 
> Allow access from anywhere except IPs starting 10.2, but also allow
> access from the specific subnet 10.2.1.
> 
> Joshua

Good point, I have reverted the reject directive being definitive and
determined that I can achieve the same thing through other means.  As
far as answering your question.  You can do it now, this way:

<SatisfyAll>
   reject ip 10.2
   require ip 10.2.1
</SatisfyAll>


Brad