From: André Malo Date: Tue, 24 Apr 2007 15:22:22 +0000 (+0000) Subject: `build extraclean all` X-Git-Tag: 2.0.60~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df792462bc9fed52ee3b62dca4d04728e71268d0;p=thirdparty%2Fapache%2Fhttpd.git `build extraclean all` git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@531980 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_access.html.en b/docs/manual/mod/mod_access.html.en index fe9d54cbc28..1fc8a50ab9e 100644 --- a/docs/manual/mod/mod_access.html.en +++ b/docs/manual/mod/mod_access.html.en @@ -86,7 +86,7 @@ server

The Allow directive affects which hosts can access an area of the server. Access can be controlled by - hostname, IP Address, IP Address range, or by other + hostname, IP address, IP address range, or by other characteristics of the client request captured in environment variables.

@@ -229,39 +229,78 @@ evaluated. Module:mod_access -

The Order directive controls the default - access state and the order in which Allow and Deny directives are evaluated. - Ordering is one of

+

The Order directive, along with the + Allow and Deny directives, controls a + three-pass access control system. The first pass processes either + all Allow or all + Deny directives, as + specified by the Order directive. The second + pass parses the rest of the directives (Deny or Allow). The third pass applies to + all requests which do not match either of the first two.

+ +

Note that all Allow + and Deny directives are + processed, unlike a typical firewall, where only the first match is + used. The last match is effective (also unlike a typical firewall). + Additionally, the order in which lines appear in the configuration + files is not significant -- all Allow lines are processed as one + group, all Deny lines are + considered as another, and the default state is considered by + itself.

+ +

Ordering is one of:

Deny,Allow
-
The Deny directives - are evaluated before the Allow directives. Access is - allowed by default. Any client which does not match a - Deny directive or does - match an Allow - directive will be allowed access to the server.
+
First, all Allow + directives are evaluated; at least one must match, or the request + is rejected. Next, all Deny directives are evaluated. If + any matches, the request is rejected. Last, any requests which do + not match an Allow or a + Deny directive are + denied by default.
Allow,Deny
-
The Allow - directives are evaluated before the Deny directives. Access is denied - by default. Any client which does not match an Allow directive or does match a - Deny directive will be - denied access to the server.
+
First, all Deny + directives are evaluated; if any match, the request is denied + unless it also matches an Allow directive. Any requests + which do not match any Allow or Deny directives are + permitted.
Mutual-failure
-
Only those hosts which appear on the Allow list and do not appear on - the Deny list are - granted access. This ordering has the same effect as Order - Allow,Deny and is deprecated in favor of that - configuration.
+
This order has the same effect as Order + Allow,Deny and is deprecated in its favor.
-

Keywords may only be separated by a comma; no whitespace is - allowed between them. Note that in all cases every Allow and Deny statement is evaluated.

+

Keywords may only be separated by a comma; no whitespace + is allowed between them.

+ + + + + + + + + + + + + + + + + + + + + + + +
MatchAllow,Deny resultDeny,Allow result
Match Allow onlyRequest allowedRequest allowed
Match Deny onlyRequest deniedRequest denied
No matchDefault to second directive: DeniedDefault to second directive: Allowed
Match both Allow & DenyFinal match controls: DeniedFinal match controls: Allowed

In the following example, all hosts in the apache.org domain are allowed access; all other hosts are denied access.

@@ -273,10 +312,9 @@ evaluated.

In the next example, all hosts in the apache.org domain are - allowed access, except for the hosts which are in the - foo.apache.org subdomain, who are denied access. All hosts not - in the apache.org domain are denied access because the default - state is to deny access to the server.

+ allowed access, except for the hosts which are in the foo.apache.org + subdomain, who are denied access. All hosts not in the apache.org + domain are denied access because the default state is to Deny access to the server.

Order Allow,Deny
@@ -284,20 +322,20 @@ evaluated. Deny from foo.apache.org

-

On the other hand, if the Order in the last - example is changed to Deny,Allow, all hosts will - be allowed access. This happens because, regardless of the - actual ordering of the directives in the configuration file, - the Allow from apache.org will be evaluated last - and will override the Deny from foo.apache.org. - All hosts not in the apache.org domain will also - be allowed access because the default state will change to - allow.

- -

The presence of an Order directive can affect - access to a part of the server even in the absence of accompanying - Allow and Deny directives because of its effect - on the default access state. For example,

+

On the other hand, if the Order in the + last example is changed to Deny,Allow, all hosts will + be allowed access. This happens because, regardless of the actual + ordering of the directives in the configuration file, the + Allow from apache.org will be evaluated last and will + override the Deny from foo.apache.org. All hosts not in + the apache.org domain will also be allowed access + because the default state is Allow.

+ +

The presence of an Order directive can + affect access to a part of the server even in the absence of + accompanying Allow and + Deny directives because + of its effect on the default access state. For example,

<Directory /www>
@@ -307,20 +345,20 @@ evaluated. </Directory>

-

will deny all access to the /www directory - because the default access state will be set to - deny.

+

will Deny all access + to the /www directory because the default access state + is set to Deny.

-

The Order directive controls the order of access - directive processing only within each phase of the server's +

The Order directive controls the order of + access directive processing only within each phase of the server's configuration processing. This implies, for example, that an Allow or Deny directive occurring in a - <Location> section will - always be evaluated after an Allow or Deny directive occurring in a - <Directory> section or - .htaccess file, regardless of the setting of the - Order directive. For details on the merging - of configuration sections, see the documentation on How Directory, Location and Files sections + <Location> section + will always be evaluated after an Allow or Deny directive occurring in a + <Directory> + section or .htaccess file, regardless of the setting of + the Order directive. For details on the + merging of configuration sections, see the documentation on How Directory, Location and Files sections work.

diff --git a/docs/manual/mod/mod_access.xml.ja b/docs/manual/mod/mod_access.xml.ja index 083ee4b4d7f..3d11630e2c0 100644 --- a/docs/manual/mod/mod_access.xml.ja +++ b/docs/manual/mod/mod_access.xml.ja @@ -1,7 +1,7 @@ - +