You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by la...@apache.org on 1998/07/22 01:11:54 UTC

Re: documentation/1952: interaction between "allow/deny" and "require" is not clearly documented

[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]


Synopsis: interaction between "allow/deny" and "require" is not clearly documented

State-Changed-From-To: open-closed
State-Changed-By: lars
State-Changed-When: Tue Jul 21 16:11:53 PDT 1998
State-Changed-Why:

The behaviour you describe is correct (it's a feature :-).

If you use Require and Satisfy Any in a subdirectory
you tell Apache that everyone can access the resource
with the correct id/password. If you want to limit
the access to one or more domains you have to use
the deny directive for the directory or parent directory.

If you've limited access in one directory and want
to make a sub-directory accessible to everyone it is
always possible to use "order allow,deny" and "allow from
all".

But all this *is* explained in the documentation.