You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Whit Blauvelt <wh...@transpect.com> on 2003/10/27 22:19:13 UTC
[users@httpd] So AllowOverride None in Directory should still allow Location to override?
Since it seems Location can override even when AllowOverride None is set in
Directory ... isn't this kind of fishy design? Can a Location statement, for
instance, go in an .htaccess file and give access where the Directory
directives would be thought to lock it out?
With the evaluation order being Directory -> Location it would seem that
AllowOverrides None in Directory would preclude overrides in a normal Set ->
Subset logical relationship. That is, the subset might have exceptions, but
only those that are allowed it by the superset. Directory being at the
system level whould be the broader, more fundamental set.
Of course, there's no necessary reason to obey the norms of set theory -
except that many of us have been educated in it and take it for granted in
design logic.
Whit
On Mon, Oct 27, 2003 at 03:31:03PM -0500, Joshua Slive wrote:
> You'll see that <Location> sections are evaluated after <Directory>
> sections and therefore override them.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] So AllowOverride None in Directory should still
allow Location to override?
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 27 Oct 2003, Whit Blauvelt wrote:
> Since it seems Location can override even when AllowOverride None is set in
> Directory ... isn't this kind of fishy design?
You missunderstand the AllowOverride directive. It affects only .htaccess
files. It has no effect on anything in httpd.conf. See:
http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride
> Can a Location statement, for
> instance, go in an .htaccess file and give access where the Directory
> directives would be thought to lock it out?
<Location> is not allowed in .htaccess. See the "Context" here:
http://httpd.apache.org/docs-2.0/mod/core.html#location
But, if AllowOverride is set to Limit or All, then .htaccess files
certainly can override a restrictive <Directory> section. That is why
AllowOverride should be set to none unless you want to allow this.
I agree that the merging rules are a little convoluted. But on the other
hand, I can't think of anything that would be much simpler.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org