On Tue, 24 Apr 2007 21:12:35 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > One thing that is very important IMHO is that it is possible using > headers to turn off access to a whole server. One usecase for this would > be if a site notices some files are missconfigured and as immediate > security precaution disables access to all files while figuring out what > is wrong. > Another scenario would be a hosting server such as livejournal or > geocities wanting to disable access to all their hosted files even > though other users manage the contents of those files. How about changing: rule ::= "allow" (pattern)+ ("exclude" (pattern)+)? To: rule ::= deny | allow deny ::= "deny" (pattern)+ allow ::= "allow" (pattern)+ ("exclude" (pattern)+)? And then letting the algorithm in section 3 first seek through all explicit deny clauses. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Wednesday, 25 April 2007 09:03:09 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT