> -----Original Message-----
> From: Ian Holsman [mailto:[EMAIL PROTECTED]]
> What I am suggesting is to move some of these configurations to
> <Location /> where they belong.
I don't see any config directives that "belong" in <Location />.
Please be more specific before you do anything.
>
> (BTW.. there are NO '<location>' directives installed in the
> httpd-std.conf)
There are commented out location directives for /server-status and
/server-info
In general, I think this is proper. Most people serve content from the
filesystem. When serving content from the filesystem, <directory> should be
used in preference to <location> for the reasons I mentioned a couple days
ago in another thread. We should not be encouraging people to use
<location> except in specific circumstances.
> the code 'fix' I am proposing (if any) is to change the 'Options' to
> default to 'OPT_NONE' instead of 'OPT_ALL'. (which is what it currently
> does)
+1
In the same spirit, I would not mind changing Order to default to
allow,deny.
This would have the effect of denying access to the server unless an Allow
is used. Both these changes have the potential to break existing
configurations. But most existing configurations will not be affected
because they explictly set Order and Options.
Joshua.
