>>>>On Mon, Jul 24, 2006 at 9:02 AM, in message <[EMAIL PROTECTED]>,
>
>
>
> Well, I think that the following patch in mod_authz_core.c fixes the
> problem that you are looking at:
>
> @@ -628,16 +633,25 @@
>
> switch (auth_result) {
> case AUTHZ_DENIED:
> + case AUTHZ_NEUTRAL:
It seems that this patch is incomplete as AUTHZ_NEUTRAL is not defined.
Furthermore doesn't mod_authz_host has to return AUTHZ_NEUTRAL?
>
>
> However, this brings up the question, what does "reject" actually mean?
> "Require" means that if true then authorization
> is granted otherwise authorization is denied. "Reject" obviously means that
> if true, then authorization is denied but
> it does not necessarily mean the opposite. So in the case that you defined:
>
>
>><location />
>> reject ip 127.0.0.1
>></location>
>
>
> obviously if the request is coming from 127.0.0.1 then the request is denied.
> But if the request comes from some other
> ip address, is authorization automatically granted? I don't think it is.
> There still needs to be a "Require" statement
> in the configuration somewhere.
It does give me access when I get there from an IP != 127.0.0.1 without any
further require directive. I don't know if this is works as designed or a bug.
Regards
RĂ¼diger
