On 10 Jun 2013, at 14:35, Eric Covener wrote: > I'd like to add an immutable Forbid directive to the core and use it > in some places in the default configuration instead of "require all > denied". > > http://people.apache.org/~covener/forbid.diff > > This protects from a broad <Location or <If being added that > supercedes Directory/Files. > > I thought someone might object to the duplication w/ AAA or the > presence in the core, so opting for RTC.
Why indeed in core? The interaction of different scopes - not least Location vs filesystem paths - is a source of regular confusion. I'm not sure adding another directive with different, one-off semantics helps. Does it really override <Location>/<If> in all circumstances? Could it create (new) gotchas with Alias, internal Rewrites, or similar mapping functions? Also the comment "Irrevocably forbids access to the enclosing scope" could easily be read as going up a level in a hierarchy (it confused me momentarily, and I had the context of the complete patch to figure out what you meant by saying "enclosing" rather than "current" or just "this"). -- Nick Kew
