Yes. According to documentation at
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require :
When multiple |Require| directives are used in a single configuration
section <https://httpd.apache.org/docs/2.4/sections.html#merging> and
are not contained in another authorization directive like
|<RequireAll>
<https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall>|,
they are implicitly contained within a |<RequireAny>
<https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany>| directive.
Thus the first one to authorize a user authorizes the entire request,
and subsequent |Require| directives are ignored.
You can make your intent more clear with:
<Directory "/srv/cdn/utility">
AllowOverride None
php_value include_path "/srv/cdn/phpinclude"
<RequireAny>
Require local
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 10.1.2.3
</RequireAny>
</Directory>
Also, "Require local" seem to have only appeared in documentation to
version 2.5. Are you using 2.5 already?
--
With Best Regards,
Marat Khalili
On 01/04/16 12:15, Michael A. Peters wrote:
Take the following :
<Directory "/srv/cdn/utility">
AllowOverride None
php_value include_path "/srv/cdn/phpinclude"
Require local
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 10.1.2.3
</Directory>
I assume that would allow connections from the local host, from the
IPv6 specified, and from the IPv4 specified - but would refuse
connections from anywhere else?
Out of town and can't really test to see.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
