homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Inheritence of access control directives
Apache configuration issues

Msg#: 4301288 posted 2:50 pm on Apr 20, 2011 (gmt 0)

Hi all,

please have a look at the following configuration excerpt:

<Directory "C:/www">
Order Allow,Deny
Deny from All

<Directory "C:/www/site">
Allow from All

I initially thought that the directory "d:/www/site" would not be accessible since the second
Directory directive inherits from the first one and the combination of Deny and Allow should result in a double match which in turn (due to the Order directive) should result in a Deny.

But I seem to be wrong (I tried it), but I don't understand why ....

Anybody out there to give me a hint?

Thanx in advance!



Msg#: 4301288 posted 4:24 pm on Apr 20, 2011 (gmt 0)

AFAICT, D: is not covered with any rule, so it is allowed.


Msg#: 4301288 posted 7:43 pm on Apr 20, 2011 (gmt 0)

Thanks for your reply.
Sorry, my fault, I wanted to ask about directory "c:/www/site" of course (not drive D:) ...
Any idea?


Msg#: 4301288 posted 7:10 am on Apr 21, 2011 (gmt 0)

C:/www/site is allowed because you explicitly allowed it (override) in the second rule.


WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4301288 posted 6:54 pm on Apr 25, 2011 (gmt 0)

The directory paths given in the <Directory> containers should be relative to DocumentRoot, not to the filesystem root. Otherwise, this should work.

With "Allow,Deny", the Denys should override the Allows.

See the notes on path-length-based <Directory> processing at [httpd.apache.org...] to confirm your intent.



Msg#: 4301288 posted 7:05 pm on Apr 26, 2011 (gmt 0)

Thanks Jim for your considerations.

I also thought it should work, but it doesn't (I tested it).
It seems that all subdirs inherit access control from its parent dirs, but as soon as you start to specify some Allow or Deny directives in a subdir, they are not merged to the directives of the parent dir, but they overwrite them starting from scratch!

So at the end (since
Order Deny,Allow is the default), the second directive actually seems to be interpreted as

<Directory "C:/www/site">
Order Deny,Allow
Allow from All

I carefully read the Apache docs, but I did not find any hints about this special case...


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved