On 10 Jun 2013, at 3:35 PM, Eric Covener <cove...@gmail.com> wrote: > I'd like to add an immutable Forbid directive to the core and use it > in some places in the default configuration instead of "require all > denied". > > http://people.apache.org/~covener/forbid.diff > > This protects from a broad <Location or <If being added that > supercedes Directory/Files.
Does Location supercede Directory/Files? My understanding is that if the Directory/Files says no, then the access is denied, regardless of what Location says. Or to state it another way, we are successful until the first directive comes along that says denied. We don't deny, and then later on change our mind and succeed again. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
