Security Basics mailing list archives
Re: order directive confusion
From: Martchukov Anton <vhlist () yandex ru>
Date: Thu, 4 Sep 2003 21:48:23 +0400
On Thu, 04 Sep 2003 02:22:52 +0000 "SB CH" <chulmin2 () hotmail com> wrote:
When I use order directive at apache(httpd.conf), proftpd(proftpd.conf), some confusion.
I also had a lot of trouble with this in Apache. However, I can't comment for proftpd, but it is possibly the same.
When I set like this, I can connect to the directory. <Limit GET> Order deny,allow allow from all deny from all </Limit>
I belive "Order deny,allow" means that if a host satisfies both directives allow and deny, than access will be allowed for such a host.
But I can't connect to the directory below set. <Limit GET> Order allow,deny allow from all deny from all </Limit>
And otherwise. "Order allow,deny" disables access for a host matching both directives. As in your example.
the manual says like this. How an I understand the correct meaning of the order directive?
I was also unclear with the manual, so correct me, if I'm wrong. Hope this helps. -- Martchukov Anton aka VH ======================================== ---------------------------------------------------------------- E-mail: vhlist () yandex ru ICQ: 155279978 Registered Linux User #323324 ================================================================ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- order directive confusion SB CH (Sep 04)
- Re: order directive confusion Martchukov Anton (Sep 04)