I hate to re-open this can of worms, but...
Unless I'm missing something, in trunk right now, uncommenting includes
for the examples like "extra/httpd-manual.conf" does not result in being
able to serve the documentation pages.
In the main config file:
<Directory />
Require all denied
</Directory>
blocks all access, and that's inherited by every other <Directory> or
<Location> in the configuration, since AuthzMergeRules defaults to On.
To make this work, one would have to add AuthzMergeRules Off to every
other <Directory> or <Location> in the configuration that isn't a subset
of another one
that already has it.
Doing that makes me wonder what's the point of having it, if we have to
turn it
off in almost every case to actually serve pages.
Or would it make sense to add AuthzMergeRules Off to <Directory />?
Would that
make the rest of the permissions kind of stand alone? I guess then
you'd have
to add AuthzMergeRules On to any of them whose permissions you wanted
inherited by even lower level sections.
I read through some previous discussion of the authz inheritance
behavior, but
it doesn't seem to have considered the effect of having "Require all
denied" at
the top level, which is overriding everything else by default even when
other
sections specify other permissions.
Dan
