Created at 08:20 Aug 24, 2005 by steve, last modified at 08:20 Aug 24, 2005
The following article will look at the Order directive and how it effects the processing of the Allow and Deny directive. The BrowseOrder directive uses the same processing reasoning.
The Order Directive states how it will process the information.
Order Deny,Allow looks at the Deny directive and then the Allow directive.
Order Allow,Deny looks at the Allow directive and then the Deny directive.
The Allow and Deny directive dictates who has access to that information.
Here are some examples:
<Location /> Order deny,allow Deny from all Allow from 127.0.0.1 Allow from 192.10.2.6 </Location>What is happening?
The Order directives says look at the Deny directive then the Allow directive.
So, the Deny directive is looked at first and says everyone is denied access. Then, the Allow directive is looked at. Access is allowed to 127.0.0.1 and 192.10.2.6.
What would happen if the above example looked like this?
<Location /> Order deny,allow Allow from 127.0.0.1 Allow from 192.10.2.6 Deny from All </Location>Nothing would change. As determined by the Order directive, the Deny directive is looked at first, then the Allow directive.
Still I not fully understand how are Allow/Deny directives processed, how is taken when there is no Allow or Deny directive, when processing ends and how is calculated final result for accessed host. Eg.: I want permit access only from interface eth1, but from network 1.2.3.0/8 (going via this interface) I want access only for host 1.2.3.254, rest of this network must be forbidden. For this case, will rules:
Order Allow,Deny Allow @(eth1) Allow 1.2.3.254 Deny Allow 1.2.3.0/8work as I expected? Reply