>>> On 8/2/2006 at 3:39 PM, in message <[EMAIL PROTECTED]>, Ruediger Pluem <[EMAIL PROTECTED]> wrote:
> > On 08/02/2006 11:00 PM, Brad Nicholes wrote: > >> >> >> No, the default is to merge authz rules. At least that is how I understood > access control to be working by default in the past. There was no concept of > inherited authz before 2.3. Also, Joshua pointed out a flaw in my thinking > which I am looking into now. > > My bad I did not cite it correctly. I was not talking about the default, but > the fact that on and off is explained > differently in different sections (at least to my understanding): > > +Set to 'off' to disable merging. If set to 'off', only the authz rules > defined in > +the current <Directory> or <Location> block will > apply.</description> > +<syntax>AuthMergeRules on | off</syntax> > +<default>AuthMergeRules on</default> > +<contextlist><context>directory</context><context>.htaccess</context> > +</contextlist> > +<override>AuthConfig</override> > + > +<usage> > + <p>By default all of the authorization rules within a <Directory> > + <Location> hierarchy are merged together to form a single > + logical authorization operation. If AuthzMergeRules is set to 'on', > then > + only the authorization rules that are contained with the current > + <Directory> or <Location> block are considered. This > > First 'off' is said to prevent merging (which makes sense), but later on > 'on' is > said to do just that. > > > Regards > > RĂ¼dige Right, I got it now. Thanks Brad
