Dave Wreski wrote on 2023/04/11 10:54:
> SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1
> SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout
I have done it in the past, too.
It was like allowing another level of conditions to be attached to Allow and
Deny, depending on the condition that defines the variable and the condition
that undefines the variable, right? :)
This is no longer needed, so change the name to something that makes sense.
SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1
SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2
And let it meet all the requirements.
<RequireAll>
Require all granted
Require not env SOMENAME1
Require env SOMENAME2
</RequireAll>
...According to mod_authz_core.html, it looks like we don't even need SetEnvIf.
<RequireAny>
<RequireAll>
Require all granted
Require not expr "%{HTTP_USER_AGENT} =~ /SomeBot/"
</RequireAll>
Require expr "%{REQUEST_URI} =~ /^linuxfoo/"
</RequireAny>
The outermost <RequireAny> is verbose.
I'm on the teaching side, but I've never used expr, so I don't know if the
syntax is correct. :)
I did my research on it a long time ago and I don't know if it is still
correct...
The result of this access control is broken by the Order, Allow, and Deny
directives :)
Sure, I thought that all of those directives should be allowed by
Order Deny,Allow
or
Allow from all
, but I forgot :)
For now, Order, Allow, and Deny should be removed if they exist somewhere :)
Regards.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
