You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@hotwired.com> on 1995/11/30 03:34:25 UTC

access control

I'm finding the documentation on access control to be confusing given
the behaviour.  Consider this:

    DocumentRoot /var/www

    <Directory />
    order mutual-failure
    allow from 204.62.132.
    </Directory>

    <Directory /var/www>
    Options All Multiviews
    deny from 204.62.132.32
    </Directory>

A server running this denies only the host 204.62.132.32, and allows
everything else.  But the documentation says:

    If multiple directory sections match the directory (or its parents)
    containing a document, then the directives are applied in the order
    of shortest match first, interspersed with the directives from
    the .htaccess files.

Which seems more like it would merge the directives.  I think I
understand why it doesn't merge the directives, but it's not clear how
things override.  There seem to be 'classes' of directives, and if any
member of a class is present then all directives in that class from
shorter matches are ignored.

What is the easiest way to ensure a server denies access based on ip?
(Aside from me going and playing with our firewall.)  My config files
are m4-ized and so I'm just sticking all the allow/denies into my macros.
But that generates a huge config file.

Dean