DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37752>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37752 Summary: .htaccess: 'Order' directive doesn't meet specs Product: Apache httpd-1.3 Version: 1.3.33 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Auth/Access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Consider the following .htaccess content: <Limit GET> Order Allow,Deny Satisfy any Allow from My.Network Require valid-user Deny from Evil.Network </Limit> The idea is to always deny access from Evil.Network, even with a valid user identification. According to the definition of 'Order' this setup should work: <quote> Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server. </quote> But it doesn't work; apparently the explicit Deny is ignored. Note that 'Require' in not explicitly mentioned in the 'Order' directive specs, but by all means and purposes it appears to be regarded as, and is acting as, an 'Allow'. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
