I am a little frustrated by the changes to authorization since 2.2. I don't understand why they were needed in the first place, nor why we need two different but equally incomprehensible ways to configure the same things.
I totally understand the desire to make the implementation more modular and to make a more sensible Satisfy logic, but I don't understand the need for Match (as opposed to just extending Require) and the odd changes in defaults (multiple Require defaults to MatchAny semantics, but multiple Match defaults to MatchAll). The relevant doc links are, for 2.2: http://httpd.apache.org/docs/2.2/howto/auth.html http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html http://httpd.apache.org/docs/2.2/mod/core.html#require http://httpd.apache.org/docs/2.2/mod/core.html#satisfy and for trunk: http://httpd.apache.org/docs/trunk/howto/auth.html http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html I suggest that we do the following: 1) make the new directives self-documenting remove MatchNotAll (nobody needs this) s/MatchAny/RequireAny/ig; s/MatchAll/RequireAll/ig; s/MatchNotAny/RequireNone/ig; s/(MergeAuthz|AuthzMerge)/AuthMerging/ig; (off | and | or) 2) move new Match functionality to Require 3) default for multiple Require* is RequireAny - implies that "Require" and "Require not" are only mixed when used within a RequireAll or RequireNone container. In other words, we have one set of authorization directives with Require being backward-compatible with old configs, and the authz docs can tell one story of how to build more and more complex configurations using the same directives. Does that make sense to folks? I don't have much experience with the auth directives (never had much use for them at my sites), so let me know if I've overlooked something. ....Roy
