Why is the "*." bit redundant in the domain part? How do I make sure
something matches "livejournal.com" but not
"ianhickson.livejournal.com"?
allow <livejournal.com> exclude <ianhickson.livejournal.com>
or more generic
allow <livejournal.com> exclude <*.livejournal.com>
Hm. Ok. I'm pretty sure this is confusing enough that it'll be the source
of security holes in future, though.
Does
allow <*.livejournal.com> exclude <livejournal.com>
...exclude everything in livejournal.com? (It seems that it does.)
This would basically be a no-op.
The problem here is that there are potential for security problems no
matter how we do it. If we said that <livejournal.com> didn't include
subdomains many people would likely get bitten by:
deny <livejournal.com>
And then getting bitten by people linking to them from
www.livejournal.com or www2.livejournal.com
/ Jonas
