https://bz.apache.org/bugzilla/show_bug.cgi?id=65252
Rich Bowen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Rich Bowen <[email protected]> --- Fixed in trunk (r1933555) and 2.4 (r1933556). Rewrote the StrictRequire documentation to use the modern 2.4 authorization terminology (RequireAny) instead of the legacy Satisfy directive. Clarified that StrictRequire enforces SSLRequireSSL/SSLRequire denials unconditionally, regardless of other authorization settings. To answer the reporter's questions: StrictRequire still works with the 2.4 auth model — it runs in the fixup phase (after authorization), so it overrides any RequireAny that might otherwise grant access. Thanks for the report. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
