Apache "Order Allow,Deny" vs "Order Mutual-failure"?

Apache "Order Allow,Deny" vs "Order Mutual-failure"?

Post by Joshua Sliv » Fri, 29 Sep 2000 04:00:00




> After reading the Apache documentation (and the O'Reilly book, and another
> book on security) I was still really confused about the 3 choices for
> "Order" in Allow /Deny access rules. So I looked at the source, and now it
> seems to me the documentation is wrong, and "Order Allow,Deny" is exactly
> the same as "Order Mutual-failure".

I think I agree with you, and I can't find anyone who disagrees.
Maybe they were different at some point in the remote past, but they
seem to do exactly the same thing now.

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

Apache "Order Allow,Deny" vs "Order Mutual-failure"?

Post by Joshua Sliv » Sat, 30 Sep 2000 10:34:59



>>I think I agree with you, and I can't find anyone who disagrees.
>>Maybe they were different at some point in the remote past, but they
>>seem to do exactly the same thing now.
> Thanks for that... I did get one mail reply from someone who thought that
> "Mutual-failure" allows another authentication method (past host access) to
> override a failure of host access lists. It sounded good, but there is no
> evidence in the code or documentation that it is in fact true.
> Do you think I should put it in as an Apache bug, at least against the
> documentation?

I'll make sure that a comment gets added to the docs, so you don't
need to worry about putting in a bug report.  (If you find any
more doc bugs, feel free to report them in the bug database.)

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/