Re: Question About ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> De: Tom Evans <tevans.uk@xxxxxxxxxxxxxx>
> Assunto: Re:  Question About ACL
> Para: users@xxxxxxxxxxxxxxxx
> Data: Segunda-feira, 26 de Março de 2012, 8:19
> 2012/3/26 Téssio Fechine <precheca123@xxxxxxxxxxxx>
> >
> > Hello,
> > I am learning apache, and the ironic part is that
> reading the apache
> > documentation on acl reinforced my doubt in this
> matter.
> >
> > In this part:
> > In the following example, all hosts in the apache.org
> domain are allowed
> > access; all other hosts are denied access.
> >
> > Order Deny,Allow
> > Deny from all
> > Allow from apache.org
> >
> > ---
> > My interpretation on this example:
> >
> > Order Deny,Allow   (allow everything, unless
> specifically denied)
> > Deny from all   (deny everything.. kind of
> contradictory after the last
> > line)
> > Allow from apache.org   (allow this specific hosts)
> >
> > ---
> > Why not use this, that has fewer steps and seems more
> logical?:
> >
> > Order Allow,Deny   (deny by default)
> > Allow from apache.org   (allow this specific hosts)
> >
> > I am getting it wrong or what? Why almost every example
> I see seems kind
> > of contradictory?
> 
> The main differences are when you match both allow and deny,
> or match neither.
> 
> With "allow,deny", you must match an "allow", and not match
> any
> "deny"s to get access, and with "deny,allow", you always get
> access
> unless you match a "deny".
> 
> This allows you to control whether it is more important that
> if you
> specifically deny someone that they do not get access, or
> whether it
> is more important that if you specifically allow someone
> that they do
> get access.
> 
> Cheers
> 
> Tom
> 

So, constructions like that:

Order Deny,Allow   (allow by default)
Deny from all      (deny everything)

are indeed kind of pointless, right? Nonetheless it's the most used form, even in the official documentation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux