Access control, finally sinking in

Started by Gregg, August 24, 2010, 03:12:32 AM

Previous topic - Next topic

Gregg

I've hated the removal of Order, Allow, Deny and Satisfy (though I've never used Satisfy). Because I'd go look at Require in runtime directives in the Docs and what I'd get is nothing different than in 2.2. Require user Bob, or Deny group bozos. How the heck am I supposed to deal with something like;

Order Allow,Deny
Deny from all
Allow from 127.0.0

Well, I finally found it and see what is going on. Require has been expanded, but different things are in different modules.
So if you want any kind of access control in this sense, you'll need mod_authz_host loaded (which is default).

I guess it saves one line of configuration, the Order one, BUT it does have some cool things.

Require ip 10.0.0.0/255.0.0.0
Require ip 10.1.0.0/16
Require env let_me_in
Require host .net example.edu

This just sounds odd;

Require all denied

Hopefully "not" works

Require not env keep_them_out

Of course there is mod_access_compat, it gives us back Order, Allow, Deny and Satisfy. It seems to not work in SSL however, but I need to test this further before I can say for sure.