htaccess: deny abc.def.ghi --- period? or no period?
This is a discussion on htaccess: deny abc.def.ghi --- period? or no period? within the Apache Web Server forums, part of the Web Server and Related Forums category; in an .htaccess file, to deny access to a range of IPs which is it supposed to be? deny abc....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-29-2005
|
|||
|
|||
htaccess: deny abc.def.ghi --- period? or no period?
in an .htaccess file, to deny access to a range of IPs which is it supposed to be? deny abc.def.ghi or deny abc.def.ghi. (ie, - with? or without? a period at the end) because i've seen it both ways, in fact insisted on by different people different ways. ~greg |
|
01-29-2005
|
|||
|
|||
|
Re: htaccess: deny abc.def.ghi --- period? or no period?
*** ~greg escribió/wrote (Sat, 29 Jan 2005 01:23:58 -0500):
> meant > deny from abc.def.ghi > vs > deny from abc.def.ghi. http://httpd.apache.org/docs-2.0/mod...ess.html#allow I see no mention to trailing dots and I can't figure out what they could mean. -- -+ Álvaro G. Vicario - Burgos, Spain +- http://www.demogracia.com (la web de humor barnizada para la intemperie) ++ Manda tus dudas al grupo, no a mi buzón -+ Send your questions to the group, not to my mailbox -- |
|
02-11-2005
|
|||
|
|||
|
Re: htaccess: deny abc.def.ghi --- period? or no period?
Thank you! (---belated.)
Just a couple more questions: ... a trivial one: ----is it 'Deny', or 'deny' (--etc, - i've seen both around). Much more serious --- I'm very confused about "order". Here's one description, -of many ( http://teldis.wuerzburg.de/manual/mod/mod_access.html ) -that says this: ---------------------------------------------------------- deny,allow the deny directives are evaluated before the allow directives. (The initial state is OK.) allow,deny the allow directives are evaluated before the deny directives. (The initial state is FORBIDDEN.) ... Note that in all cases every allow and deny statement is evaluated, there is no "short-circuiting". --------------------------------------- But here's another, -of many ( http://proftpd.oops.org/reference.ph...=Order&class=o ) -that says this instead: -------------------------------------------------- Order allow,deny 1. Check Allow directives. If one or more apply, exit with result: ALLOW 2. Check Deny directives. If one or more apply, exit with result: DENY 3. Exit with default implicit ALLOW Order deny,allow 1. Check Deny directives. If one or more apply, exit with result: DENY 2. Check Allow directives. If one or more apply, exit with result: ALLOW 3. Exit with default implicit: DENY ----------------------------------------------- My problem is that these two seem to directly contradict each other, ---both about the initial (or default) state, --and about the matter of "exiting" (or "short-circuiting.") The pity is that both of these are effective algorithms, - they are the two clearest descriptions I've read about this. I just don't happen to have access to whatever it takes ("httest"?) to determine which is correct. (-or perhaps they are consistent, and I'm just confused in some other way?) ~Greg. ------------------------------------------------------------------- "Alvaro G. Vicario" <kAlvaroNOSPAMTHANKS@terra.es> wrote in message news:d2wgslxxtx89$.24dm7sir5frd$.dlg@40tude.net... > *** ~greg escribió/wrote (Sat, 29 Jan 2005 01:23:58 -0500): >> meant >> deny from abc.def.ghi >> vs >> deny from abc.def.ghi. > > http://httpd.apache.org/docs-2.0/mod...ess.html#allow > > I see no mention to trailing dots and I can't figure out what they could > mean. > > > -- > -+ Álvaro G. Vicario - Burgos, Spain > +- http://www.demogracia.com (la web de humor barnizada para la intemperie) > ++ Manda tus dudas al grupo, no a mi buzón > -+ Send your questions to the group, not to my mailbox > -- |
|
02-11-2005
|
|||
|
|||
|
Re: htaccess: deny abc.def.ghi --- period? or no period?
This one: http://abstract.cs.washington.edu/ma...ess.html#order seems to me to read the most authoritatively. like this: ------------------------------------- Deny,Allow The Deny directives are evaluated before the Allow directives. Access is allowed by default. Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server. Allow,Deny The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server. ---------------------------------- Playing around with the logic to make it clearer (for me..): Deny,Allow == Allow, unless Denied and not Allowed Allow,Deny == Deny, unless Allowed and not Denied. or, schematically: X,Y == Y, unless X and not Y. or better: X,Y == X IFF X & ~Y (else Y) Psychologically, you'd use order X,Y when you want to explicitly specify the X-set (with X-rules, using Y-rules to narrow the set further.) (that was all a question, btw... .. :) ~Greg. ps: http://proftpd.oops.org/reference.ph...=Order&class=o - just seems to be wrong. "~greg" <g_m@remove-comcast.net> wrote in message news:nOadnYDB0PeGAJHfRVn-oA@comcast.com... > Thank you! (---belated.) > > > Just a couple more questions: ... > > a trivial one: > ----is it 'Deny', or 'deny' > (--etc, - i've seen both around). > > > Much more serious > --- I'm very confused about "order". > > Here's one description, -of many ( > http://teldis.wuerzburg.de/manual/mod/mod_access.html > ) > -that says this: > ---------------------------------------------------------- > deny,allow > the deny directives are evaluated before the allow directives. > (The initial state is OK.) > > allow,deny > the allow directives are evaluated before the deny directives. > (The initial state is FORBIDDEN.) > ... > Note that in all cases every allow and deny statement is evaluated, > there is no "short-circuiting". > --------------------------------------- > > > But here's another, -of many ( > http://proftpd.oops.org/reference.ph...=Order&class=o > ) > -that says this instead: > -------------------------------------------------- > Order allow,deny > 1. Check Allow directives. > If one or more apply, exit with result: ALLOW > > 2. Check Deny directives. > If one or more apply, exit with result: DENY > > 3. Exit with default implicit ALLOW > > Order deny,allow > 1. Check Deny directives. > If one or more apply, exit with result: DENY > > 2. Check Allow directives. > If one or more apply, exit with result: ALLOW > > 3. Exit with default implicit: DENY > ----------------------------------------------- > > My problem is that these two seem to directly contradict each other, > ---both about the initial (or default) state, > --and about the matter of "exiting" (or "short-circuiting.") > > The pity is that both of these are effective algorithms, > - they are the two clearest descriptions I've read about > this. > I just don't happen to have access to whatever it takes > ("httest"?) to determine which is correct. > (-or perhaps they are consistent, and I'm just confused > in some other way?) > > ~Greg. > > > > > > > > > ------------------------------------------------------------------- > > "Alvaro G. Vicario" <kAlvaroNOSPAMTHANKS@terra.es> wrote in message news:d2wgslxxtx89$.24dm7sir5frd$.dlg@40tude.net... >> *** ~greg escribió/wrote (Sat, 29 Jan 2005 01:23:58 -0500): >>> meant >>> deny from abc.def.ghi >>> vs >>> deny from abc.def.ghi. >> >> http://httpd.apache.org/docs-2.0/mod...ess.html#allow >> >> I see no mention to trailing dots and I can't figure out what they could >> mean. >> >> >> -- >> -+ Álvaro G. Vicario - Burgos, Spain >> +- http://www.demogracia.com (la web de humor barnizada para la intemperie) >> ++ Manda tus dudas al grupo, no a mi buzón >> -+ Send your questions to the group, not to my mailbox >> -- > > > |
Linear Mode
