On 5/2/07, Brad Nicholes <[EMAIL PROTECTED]> wrote:
Yeah, that's where I mentioned that things might look a little confusing. There actually is a good reason to have both and yes some of the functionality can overlap. The reason for having mod_authz_host is so that host, IP, ENV, etc. can be used during authorization as well. This really wasn't as issue in 2.2 because the AND/OR/NOT logic didn't exist yet. Now that you can apply this type of logic to authorization, allowing host, IP, ENV, etc. to be part of that, make sense. If we moved mod_authz_host back to the 2.2 version, in the first place it would no longer be authz but just mod_access again and you wouldn't be able to include host, IP, ENV, etc. as part of an authorization rule. But I agree that mod_access_compat name no longer makes sense.
What kinds of configurations are we actually talking about where Require ip could do things that Order/Allow/Satisfy could not? I guess you are talking about things like <SatisfyOne> <SatisfyAll> Require user john Require ip 192.0.0 </SatisfyAll> <SatisfyAll> Require user bob Require ip 191.0.0 </SatisfyAll> </SatisfyOne> Is that kind of configuration really common enough to justify the added complexity of two different access-control systems? (It can be accomplished in current versions using some Alias/Location hacks or with mod_rewrite.) My opinion is that either we get rid of Require ip or we fix the hook ordering so that Order/Allow/Satisfy/etc can really be deprecated. Joshua.
