On 08/02/2006 11:00 PM, Brad Nicholes wrote:
> > > No, the default is to merge authz rules. At least that is how I understood > access control to be working by default in the past. There was no concept of > inherited authz before 2.3. Also, Joshua pointed out a flaw in my thinking > which I am looking into now. My bad I did not cite it correctly. I was not talking about the default, but the fact that on and off is explained differently in different sections (at least to my understanding): +Set to 'off' to disable merging. If set to 'off', only the authz rules defined in +the current <Directory> or <Location> block will apply.</description> +<syntax>AuthMergeRules on | off</syntax> +<default>AuthMergeRules on</default> +<contextlist><context>directory</context><context>.htaccess</context> +</contextlist> +<override>AuthConfig</override> + +<usage> + <p>By default all of the authorization rules within a <Directory> + <Location> hierarchy are merged together to form a single + logical authorization operation. If AuthzMergeRules is set to 'on', then + only the authorization rules that are contained with the current + <Directory> or <Location> block are considered. This First 'off' is said to prevent merging (which makes sense), but later on 'on' is said to do just that. Regards RĂ¼diger
