On 12 Jul 2019, at 01:46, Graham Leggett <minf...@sharp.fm> wrote: > I am having the exact same problem with Directory and DirectoryMatch. When > there are Ifs in a Directory, the Directory overrides the DirectoryMatch, > even though the DirectoryMatch is more specific and should “win” (win meaning > be merged on top of all that has gone before it).
Here is a simpler example: <Directory /home/${HOST}/storage> Dav on SSLVerifyClient optional <If "%{SSL_CLIENT_VERIFY} == 'SUCCESS' || %{SSL_CLIENT_VERIFY} == 'GENEROUS'"> require valid-user </If> <Else> require valid-user </Else> </Directory> <Directory /home/${HOST}/storage/home> require all denied <—— has no effect </Directory> Why, when a valid user is logged in (via cert or not cert), does httpd grant access to the file /home/${HOST}/storage/home/foo? Most specifically, why does “require all denied” have no effect when a file matches that directory section? Regards, Graham —
smime.p7s
Description: S/MIME cryptographic signature