From: "Roy T. Fielding" <[EMAIL PROTECTED]>
Sent: Monday, August 27, 2001 4:23 PM
> > Just a question, but what if you are using .htaccess files to partition things
> > up for virtual hosts? For example, I am running a server and both Roy and
> > Bill have sites on it. Since I am a control freak, I refuse to give either
> > access
> > to httpd.conf, but because I am also lazy, I have allowed both to use
> > .htaccess files. In that case, don't people need to be able to put
> > <localtion> directives inside of .htaccess files?
>
> I would think that the appropriate thing to do in that situation is
> shoot the admin. [Or just tell them to use the config option that
> separates httpd.conf into a tree of separately owned directories.]
I still believe that there are fundemental per-vhost issues with eliminating
the <Location > walk following whatever 'walkers' are configured by a given
module/storage scheme.
As a 'permission granted', there really is nothing wrong with using <Location >
blocks. Restricting permissions with <Location > is futile, of course.
Take this example
DocumentRoot "/userland/web/sites"
<Directory "/userland/web/sites">
Allow from all
Deny from none
</Directory>
Alias /DAVSpace/ "/userland/web/sites/"
<Location "/DAVSpace/">
Dav On
Order deny,allow
Allow from localhost
Require valid-user
Satisfy Any
</Location>
This configuration would be impossible without the trailing <Location > config.
Note we don't walk that config any more. Since the request for /DAVSpace/myfile
was satisfied on the first try, the URI didn't change during the directory walk,
the premerged location will be reused. That's the benefit of my patch last night.
Bill
