--- Joshua Slive <[EMAIL PROTECTED]> wrote:
> Comments VERY welcome.
Looks good. I just have a few comments:
1)
The first argument to this directive is always from. The subsequent
arguments can
take three different forms. If Allow from all is specified, then all hosts
are
allowed access. To allow only particular hosts or groups of hosts to access
the
server, the host can be specified in any of the following formats:"
For the Allow from all part, how about an additional qualifier:
... If Allow from all is specified, then all hosts are allowed access except
those that are specifically denied through the Deny directive (see also
the Order directive for more information about this interaction). ...
Or something like that. =-)
2) In Allow/Deny, is a leading/trailing period required for partial matches? I
don't
remember.
3)
SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from env=let_me_in
</Directory>
In this case browsers with the user-agent string KnockKnock/2.0 will be
allowed access, and all others will be denied.
Just to be picky, doesn't the SetEnvIf regex used here actually allow any
user-agent
string BEGINNING with KnockKnock/2.0 (since there's no trailing $ on the
regex)? I think
that actually is the behavior you want, so don't change the SetEnvIf... just
stick a
"beginning" in the description there somewhere.
4)
Deny,Allow
the Deny directives are evaluated before the Allow directives. (The
initial
state is OK.)
Allow,Deny
the Allow directives are evaluated before the Deny directives. (The
initial
state is FORBIDDEN.)"
Changing "The initial state is FOO" in these two descriptions might make it
more clear
what's going on... it's currently worded in kind of a programmer-friendly way.
Maybe make it say "The default behavior is to FOO clients neither specifically
allowed
nor denied."
5) See my previous email about the short-circuiting thing.
6)
Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org
Note that if the Order in the last example is changed to Deny,Allow, then all
hosts
will be allowed access since the default state will be OK, and the Allow from
apache.org will be evaluated last and will override the Deny from
foo.apache.org.
This part tripped me up... it's a perfectly valid and correct example, it just
wasn't
100% obvious. How about this:
Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org
If the Order is changed to Deny,Allow, however, all clients will end up being
allowed access. That's because with Deny,Allow, the default is to allow,
and because the Allow from apache.org will be evaluated last and will
override the Deny from foo.apache.org (regardless of their actual order in
the configuration file).
It's not much of a change... I don't even know if it helps any. What do you
think?
--Cliff
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
