Hi,
looking at comment
http://httpd.apache.org/docs/current/en/mod/mod_authn_core.html#comment_751,
I think that what is proposed is not enough and that turning:
Order deny,allow
Allow from all
into
Require all granted
is not correct.
"Require all granted" would bypass the "Require valid-user", wouldn't it?
So I think that the best fix would be just to remove the 2
Order...Allow... lines from the example, just as in the other example
above it.
Correct?
The same way, in
http://httpd.apache.org/docs/current/en/mod/mod_info.html#security,
I think that the example:
<Location "/server-info">
SetHandler server-info
Order allow,deny
# Allow access from server itself
Allow from 127.0.0.1
# Additionally, allow access from local workstation
Allow from 192.168.1.17
</Location>
should be turned in:
<Location "/server-info">
SetHandler server-info
# Allow access from server itself
Require ip 127.0.0.1
# Additionally, allow access from local workstation
Require ip 192.168.1.17
</Location>
or
<Location "/server-info">
SetHandler server-info
# Allow access from server itself or from a local workstation
Require ip 127.0.0.1 192.168.1.17
</Location>
Correct?
CJ
