Reputation: 14346
Apache access control: Interaction between <Directory> and Order/Allow/Deny
Apache's Order/Allow/Deny directives are permitted within a <Directory> context. What happens when a set of these directives is present within a <Directory> for the current directory and within a <Directory> for a parent?
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order gives an order - Allow and Deny are evaluated depending on the Order directive.
http://httpd.apache.org/docs/2.2/mod/core.html#directory gives another order - <Directory> directives are applied "shortest match first".
Which of these takes precedence?
Considering the first order, if we have "Order Allow, Deny", the link says "First, all Allow directives are evaluated [...] Next, all Deny directives are evaluated. If any matches, the request is rejected" - does this include Allow/Deny directives within <Directory> directives for parents? Does a Deny in a parent directory thus override an "Allow" in the current directory?
Upvotes: 0
Views: 1214
Answers (1)
Related Questions
- .htaccess, order allow, deny, deny from all: confusion
- Usage of both "Order Deny,Allow" and "RewriteRule"
- Apache - How to deny directory but allow one file in that directory
- htaccess "order" Deny, Allow, Deny
- Restrict access to apache 2.4 directory but allow certain files
- htaccess use of Order Deny,Allow
- Disallow folder browsing but allow file requests (Apache)
- Apache - Deny listing directory but allow access to all subfolders
- Access control of linked file/folder on server
- Disable directory browsing in httpd.conf versus .htaccess on apaches