You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brad Nicholes <BN...@novell.com> on 2006/08/02 23:47:30 UTC
Re: svn commit: r427780 - in
/httpd/httpd/trunk: docs/manual/mod/mod_authz_core.xml
modules/aaa/mod_
>>> On 8/2/2006 at 3:39 PM, in message <44...@apache.org>, Ruediger
Pluem <rp...@apache.org> wrote:
>
> On 08/02/2006 11:00 PM, Brad Nicholes wrote:
>
>>
>>
>> No, the default is to merge authz rules. At least that is how I understood
> access control to be working by default in the past. There was no concept of
> inherited authz before 2.3. Also, Joshua pointed out a flaw in my thinking
> which I am looking into now.
>
> My bad I did not cite it correctly. I was not talking about the default, but
> the fact that on and off is explained
> differently in different sections (at least to my understanding):
>
> +Set to 'off' to disable merging. If set to 'off', only the authz rules
> defined in
> +the current <Directory> or <Location> block will apply.</description>
> +<syntax>AuthMergeRules on | off</syntax>
> +<default>AuthMergeRules on</default>
> +<contextlist><context>directory</context><context>.htaccess</context>
> +</contextlist>
> +<override>AuthConfig</override>
> +
> +<usage>
> + <p>By default all of the authorization rules within a <Directory>
> + <Location> hierarchy are merged together to form a single
> + logical authorization operation. If AuthzMergeRules is set to 'on',
> then
> + only the authorization rules that are contained with the current
> + <Directory> or <Location> block are considered. This
>
> First 'off' is said to prevent merging (which makes sense), but later on
> 'on' is
> said to do just that.
>
>
> Regards
>
> RĂ¼dige
Right, I got it now. Thanks
Brad