On 08/02/2006 12:54 AM, [EMAIL PROTECTED] wrote: > Author: bnicholes > Date: Tue Aug 1 15:54:38 2006 > New Revision: 427780 > > URL: http://svn.apache.org/viewvc?rev=427780&view=rev > Log: > Converted the reject directive to be definitive and enabled directory_merge > to merge all of the authorization rules and logic. > > Modified: > httpd/httpd/trunk/docs/manual/mod/mod_authz_core.xml > httpd/httpd/trunk/modules/aaa/mod_auth.h > httpd/httpd/trunk/modules/aaa/mod_authz_core.c > > Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.xml > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.xml?rev=427780&r1=427779&r2=427780&view=diff > ============================================================================== > --- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.xml (original) > +++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.xml Tue Aug 1 15:54:38 > 2006 > @@ -112,8 +112,8 @@ > > <directivesynopsis> > <name>Reject</name> > -<description>Rejects which authenticated users can access > -a resource</description> > +<description>Rejects authenticated users or host based > +requests from accessing a resource</description> > <syntax>Reject <var>entity-name</var> [<var>entity-name</var>] ...</syntax> > <contextlist><context>directory</context><context>.htaccess</context> > </contextlist> > @@ -122,10 +122,12 @@ > <usage> > <p>This directive is similar to the > <directive module="mod_authz_core">Require</directive> directive however > - it rejects which authenticated users can access a resource. The > + it rejects which authenticated users or host based requests from > accessing a resource. The > restrictions are processed by authorization modules. See the > <directive module="mod_authz_core">Require</directive> directive for > details > - about usage.</p> > + about usage. If found as part of the authorization rules, the reject > directive > + is definitive. In other words, if the reject statements is satisfied, > the entire request > + is automatically rejected no matter what other require rules may > exist.</p> > </usage> > > <seealso><a href="../howto/auth.html">Authentication, Authorization, > @@ -220,6 +222,31 @@ > > <seealso><a href="../howto/auth.html">Authentication, Authorization, > and Access Control</a></seealso> > + > +</directivesynopsis> > + > +<directivesynopsis type="section"> > +<name>AuthzMergeRules</name> > +<description>Set to 'on' to allow the parent's <Directory> or > <Location> > +authz rules to be merged into the current <Directory> or > <Location>. > +Set to 'off' to disable merging. If set to 'off', only the authz rules > defined in > +the current <Directory> or <Location> block will > apply.</description> > +<syntax>AuthMergeRules on | off</syntax> > +<default>AuthMergeRules on</default> > +<contextlist><context>directory</context><context>.htaccess</context> > +</contextlist> > +<override>AuthConfig</override> > + > +<usage> > + <p>By default all of the authorization rules within a <Directory> > + <Location> hierarchy are merged together to form a single > + logical authorization operation. If AuthzMergeRules is set to 'on', then
Shouldn't that be 'off' above? Regards RĂ¼diger
