You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@hotwired.com> on 1995/11/30 03:34:25 UTC
access control
I'm finding the documentation on access control to be confusing given
the behaviour. Consider this:
DocumentRoot /var/www
<Directory />
order mutual-failure
allow from 204.62.132.
</Directory>
<Directory /var/www>
Options All Multiviews
deny from 204.62.132.32
</Directory>
A server running this denies only the host 204.62.132.32, and allows
everything else. But the documentation says:
If multiple directory sections match the directory (or its parents)
containing a document, then the directives are applied in the order
of shortest match first, interspersed with the directives from
the .htaccess files.
Which seems more like it would merge the directives. I think I
understand why it doesn't merge the directives, but it's not clear how
things override. There seem to be 'classes' of directives, and if any
member of a class is present then all directives in that class from
shorter matches are ignored.
What is the easiest way to ensure a server denies access based on ip?
(Aside from me going and playing with our firewall.) My config files
are m4-ized and so I'm just sticking all the allow/denies into my macros.
But that generates a huge config file.
Dean