Explanation of Apache 2.4 Require Directives Ordering?

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about programming within the scope defined in the help center.

Closed yesterday.

Why is it that the following order of Location/LocationMatch will only evaluate the latter, but if it is reversed that it will evaluate both as intended?

<Location /basic/website/>
    Require external-group third-party-require-clause-allowing-for-anonymous-access
</Location>
<LocationMatch "^/basic/website/(?<user>[-_\.\w\d]+)/?" >
    Require user %{env:MATCH_USER}
</LocationMatch>

For reference, I am using mod_auth_external 3.3.3 for the third-party require clause.

The intention of the above configuration is to

grant anonymous access (when appropriate)
otherwise grant access according to criteria
finally to ensure that a specific user is always allowed to access their part regardless

asked 2 days ago

carrvo

6777 silver badges15 bronze badges

It is as though when there is a clause that requires the Authentication stage of the pipeline, it ignores all previous clauses that do not require that stage (and can simply proceed to the Authorization stage). Such that clauses that allow for anonymous users must come at the end.

carrvo
– carrvo

2025-11-27 17:28:53 +00:00
Commented 2 days ago

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Explanation of Apache 2.4 Require Directives Ordering? [closed]

0

Hot Network Questions