Brad Nicholes wrote:
I finally got around to making the switch so that the default merge
rule is AND rather than OR. However after making the switch, it
occurred to me that since the default rule is AND now, the
AuthzMergeRules default should remain ON. Otherwise the rule
inheritance won't
Brad Nicholes wrote:
So what I am really trying to say is that intra-block logic and
inter-block logic as far as merging goes, are tied together. If we
want to change the way that the logic of two block is merged, we
would also have to change the base state of each independent block.
It's all
On 4/18/2008 at 8:53 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
I could go along with switching the default merging rule from OR to AND,
even within a dir block. The reason why it is OR today was basically
for backward compatibility.
Brad Nicholes wrote:
I could go along with switching the default merging rule from OR to AND,
even within a dir block. The reason why it is OR today was basically
for backward compatibility. Since there really wasn't any kind of logic
before, OR was just the default. If we switch to AND as
On Wed, Apr 16, 2008 at 9:31 PM, Brad Nicholes [EMAIL PROTECTED] wrote:
I could go along with switching the default merging rule from OR to AND,
even within a dir block. The reason why it is OR today was basically for
backward compatibility. Since there really wasn't any kind of logic
On 4/14/2008 at 3:29 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
This is where it starts to go wrong for me. Where it gets confusing
for somebody who is trying to figure out what the configuration
is doing is:
Directory /www/pages
Brad Nicholes wrote:
I'm not real excited about adding a new authz directive. Authn and
authz are already very complex and adding a new directive to the mix will
just help to confuse people even more.
That's a good point. Mostly the idea of an Accept replacement for
Require came up as a
On 4/14/2008 at 12:21 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
I'm not real excited about adding a new authz directive. Authn and
authz are already very complex and adding a new directive to the mix will
just help to confuse people even
Brad Nicholes wrote:
This is where it starts to go wrong for me. Where it gets confusing
for somebody who is trying to figure out what the configuration
is doing is:
Directory /www/pages
SatisfyAll
Require ip 10.10.0.1
Require ldap-group sales
SatisfyOne
On 09.04.2008 19:08, Chris Darroch wrote:
Chris Darroch wrote:
Writing that all out it mostly just seems like a depressingly
large amount of work, but otherwise feels like it might offer a
way forward, both for people upgrading from 2.2 and those starting
fresh with 2.4. Thoughts?
From a
On 4/9/2008 at 11:08 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Chris Darroch wrote:
Here's another thought: for people doing mass virtual hosting,
and who let their customers put authn/z directives into .htaccess
files with AllowOverride AuthConfig, I would
Chris Darroch wrote:
Here's another thought: for people doing mass virtual hosting,
and who let their customers put authn/z directives into .htaccess
files with AllowOverride AuthConfig, I would think it may be
important to ensure that these rules still merge together in the
way they used
Brad Nicholes wrote:
Directory /www/pages
Reject ip 127.0.0.1//Or any other Require directive
/Directory
Directory /www/pages/whatever
...
/Directory
Since the /www/pages/whatever directory did not specify any authz,
what should happen? If the AuthzMergeRules is OFF
On 4/8/2008 at 10:41 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
Directory /www/pages
Reject ip 127.0.0.1//Or any other Require directive
/Directory
Directory /www/pages/whatever
...
/Directory
Since the
Brad Nicholes wrote:
Your assumptions about how the 2.2 per-dir merging is correct.
Unfortunately the same concepts no longer apply to 2.4. The reason
why is this:
Directory /www/pages
SatisfyAll
Require ip 10.10.0.1
Require ldap-group sales
SatisfyOne
Require
On 4/4/2008 at 4:33 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
So here was the thinking behind it when AuthzMergeRules was introduced.
Maybe there is still a bug here that needs to be addressed.
of the authzMergeRules
directive, the above suggestion was my first thought. However I think I
decided not to go this route simply because the same thing could be
accomplished in a less complex way by making the user explicitly decide the
merging rules within the configuration of the directory block itself
On 4/4/2008 at 11:37 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
I've been working with the 2.4 authn/z stuff a bit lately and
what I keep tripping over is that the default authorization merge rule
uses OR logic. For example, if I
Brad Nicholes wrote:
So here was the thinking behind it when AuthzMergeRules was introduced.
Maybe there is still a bug here that needs to be addressed.
http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/[EMAIL PROTECTED]
Perhaps it would make more sense to provide this as an explicit value rather
than
On vs. Off and set the default to the previous behavior. Perhaps something like:
AuthzMergeRules [AND | OR | OVERRIDE] with default being OVERRIDE (if I grok
correctly)
Meaning that any directives specified at
20 matches
Mail list logo