Bug 53069 - "Require not ip" generates error
Summary: "Require not ip" generates error
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-12 23:34 UTC by orrd101
Modified: 2012-05-13 08:39 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description orrd101 2012-04-12 23:34:13 UTC
According to the docs http://httpd.apache.org/docs/2.4/howto/access.html the way to block in IP address is like this:

  Require not ip 10.252.46.165

But that always generates this server error:

  .htaccess: negative Require directive has no effect in <RequireAny> directive

No, I'm not using a <RequireAny> directive anywhere in the .htaccess file or even anywhere in my Apache configuration file.
Comment 1 orrd101 2012-04-13 22:42:17 UTC
Thanks to someone who replied in a support forum, this is apparently the correct usage:

<Directory xxxxx/> 
<RequireAll> 
Require all granted 
Require not ip 10.252.46.165
</RequireAll> 
</Directory> 

I recommend that the documentation page at http://httpd.apache.org/docs/2.4/howto/access.html and the error message "negative Require directive has no effect in <RequireAny> directive" should be changed to make this more clear for other users.  The information on the documentation page and in the error message are both misleading.
Comment 2 Daniel Gruno 2012-05-13 08:01:48 UTC
Moving to docs@ ownership
Comment 3 Daniel Gruno 2012-05-13 08:39:50 UTC
Although this is actually covered in http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require, I have made some changes to the access howto to emphasize that a negation cannot stand on its own.

As for the RequireAny block, it is always implied when you do not specify an evaluation method yourself, and is covered in the mod_authz_core documentation, and I quote: "When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like <RequireAll>, they are implicitly contained within a <RequireAny> directive."