Re: Question About ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> De: Tom Evans <tevans.uk@xxxxxxxxxxxxxx>
> Assunto: Re:  Question About ACL
> Para: users@xxxxxxxxxxxxxxxx
> Data: Segunda-feira, 26 de Março de 2012, 10:14
> 2012/3/26 Téssio Fechine <precheca123@xxxxxxxxxxxx>:
> >
> >> Not at all; you are right that that stanza is
> equivalent to
> >> "Order
> >> Allow,Deny", but the behaviour after adding an
> additional
> >> Allow is
> >> different.
> >>
> >> There isn't one right or wrong way, you just have
> to
> >> understand that
> >> there are two ways, and what the differences are.
> >>
> >> Cheers
> >>
> >> Tom
> >
> > "... but the behaviour after adding an additional Allow
> is different."
> > This is what I am trying to understand, but I can't.
> Can you give me an example of that, please?
> >
> > I am starting learning this now, and I can't see any
> difference in these two cases.. only the lack of logic in
> the first one:
> >
> > Order Deny,Allow       (allow everything, unless
> specifically denied)
> > Deny from all          (now deny everything)
> > Allow from apache.org  (now allow this specific
> hosts)
> >
> > Order Allow,Deny       (deny everything by default)
> > Allow from apache.org  (allow this specific hosts)
> >
> > What I am asking is an example of any situation in
> which the first case is preferable.
> > Thanks!
> >
> 
> Consider what would happen if you wanted to allow apache.org
> but deny
> foo.apache.org. Add a "Deny from foo.apache.org" to both,
> and the
> behaviour is different - the former will allow it, but the
> latter will
> deny it.
> 
> The former also makes it more explicit what is happening,
> whilst the
> latter relies on the person reading it understanding what
> "Order
> Allow,Deny" means.
> 
> Cheers
> 
> Tom

Thanks!
Now I see clearly the point of all this..

> Which is exactly why in 2.4 this syntax goes away entirely.
> See http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require

I have just learned something, and it is already outdated! *crying*

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux