Apache access list - Does order matter ?

[William Muriithi]

Afternoon,

I have read that apache access list order matter but I am sometimes
get confused as I have seen plenty of place where allow is ahead of
deny. Now, I got to say that a bit inconsistent. Does it actually
matter? Would it be safe to allows use "deny all" before allowing
specific IPs?

How does apache process them?  Or rather at what instance should once
start with "allow all" before then using deny?

See example below from the apache documentations.

=============

Access control by environment variable

mod_authz_host, in conjunction with mod_setenvif, can be used to
restrict access to your website based on the value of arbitrary
environment variables. This is done with the Allow from env= and Deny
from env= syntax.

SetEnvIf User-Agent BadBot GoAway=1
Order allow,deny
Allow from all
Deny from env=GoAway

Warning:

Access control by User-Agent is an unreliable technique, since the
User-Agent header can be set to anything at all, at the whim of the
end user.

In the above example, the environment variable GoAway is set to 1 if
the User-Agent matches the string BadBot. Then we deny access for any
request when this variable is set. This blocks that particular user
agent from the site.

An environment variable test can be negated using the =! syntax:

Allow from env=!GoAway

=========================

William
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists