 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
11 messages in ru.sysoev.nginxRe: doc: limit_except| From | Sent On | Attachments |
|---|---|---|
| Gregg Reynolds | Mar 15, 2007 11:11 am | |
| Igor Sysoev | Mar 15, 2007 11:23 am | |
| Igor Sysoev | Mar 15, 2007 11:29 am | |
| Gregg Reynolds | Mar 15, 2007 1:51 pm | |
| Igor Sysoev | Mar 16, 2007 12:00 am | |
| Gregg Reynolds | Mar 16, 2007 1:59 am | |
| Igor Sysoev | Mar 16, 2007 2:17 am | |
| Gregg Reynolds | Mar 16, 2007 4:17 am | |
| Igor Sysoev | Mar 16, 2007 4:26 am | |
| Gregg Reynolds | Mar 16, 2007 7:37 am | |
| Igor Sysoev | Mar 16, 2007 8:10 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: doc: limit_except | Actions... |
|---|---|---|
| From: | Gregg Reynolds (dev-...@public.gmane.org) | |
| Date: | Mar 16, 2007 1:59:14 am | |
| List: | ru.sysoev.nginx | |
On 3/16/07, Igor Sysoev <is...@rambler-co.ru> wrote:
May be "restrict_methods_except" ? Note, that directive should certainly speсify unrestricted methods.
And I do not want to use it for authorization only.
I wonder if we're talking about the same thing. I mean only to observe that the semantics of limit_except and the directives within its scope all have something to do with authorization. Consider:
allow/deny - authorization granted/denied based on ipaddr auth_basic auth_basic_user_file - authorization granted/denied based on user identity proxy_pass - authorization granted absolutely (??) perl - authorization granted absolutely (??)
Or have I misunderstood the design intention? The last two items don't really seem to control authorization so much as selection of a mechanism or routing. E.g. proxy_pass in a limit_except means "use this proxy for messages with this method".
Is that the idea?
The Apache documentation uses the term "access control directives" to describe the contents of LimitExcept. That won't quite work with nginx, since proxy_pass and perl aren't themselves access controllers. Correct? That argues strongly for a name that differs from LimitExcept, so as to avoid giving the impression that the semantics are the same.
"restrict_methods_except" - I'll have to ponder that. "Restrict" is a preferable to "limit", IMO. On the other hand, it leaves the impression that the enclosed directives are restrictions, which isn't quite accurate. Also the combination of either limit or restrict with "except" - to me that clouds the logic - we have args, and we have the block, to which do these things apply? The name should ideally make it obvious. I think the trouble (for me) is that limit_except combines things from different categories, so it's hard to name accurately.
BTW if I go on a bit about stuff like this it's not because I'm religious about what ends up in the syntax. I just like the writing challenge of finding le mot juste.
Thanks,
gregg