> De: Tom Evans <tevans.uk@xxxxxxxxxxxxxx> > Assunto: Re: Question About ACL > Para: users@xxxxxxxxxxxxxxxx > Data: Segunda-feira, 26 de Março de 2012, 8:19 > 2012/3/26 Téssio Fechine <precheca123@xxxxxxxxxxxx> > > > > Hello, > > I am learning apache, and the ironic part is that > reading the apache > > documentation on acl reinforced my doubt in this > matter. > > > > In this part: > > In the following example, all hosts in the apache.org > domain are allowed > > access; all other hosts are denied access. > > > > Order Deny,Allow > > Deny from all > > Allow from apache.org > > > > --- > > My interpretation on this example: > > > > Order Deny,Allow (allow everything, unless > specifically denied) > > Deny from all (deny everything.. kind of > contradictory after the last > > line) > > Allow from apache.org (allow this specific hosts) > > > > --- > > Why not use this, that has fewer steps and seems more > logical?: > > > > Order Allow,Deny (deny by default) > > Allow from apache.org (allow this specific hosts) > > > > I am getting it wrong or what? Why almost every example > I see seems kind > > of contradictory? > > The main differences are when you match both allow and deny, > or match neither. > > With "allow,deny", you must match an "allow", and not match > any > "deny"s to get access, and with "deny,allow", you always get > access > unless you match a "deny". > > This allows you to control whether it is more important that > if you > specifically deny someone that they do not get access, or > whether it > is more important that if you specifically allow someone > that they do > get access. > > Cheers > > Tom > So, constructions like that: Order Deny,Allow (allow by default) Deny from all (deny everything) are indeed kind of pointless, right? Nonetheless it's the most used form, even in the official documentation. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|