Deny and allow summary in Apache configuration file _linux

Today in the company configuration Zend Local Apache environment, found in the zend.conf in the rights control of a few sentences, as follows:

Copy Code code as follows:

<Location/server-status>
SetHandler Server-status
Order Deny,allow
Deny from all
Allow from 127.0.0.1
</Location>

I need to configure virtualhost when I configure the virtual host.

Copy Code code as follows:

<virtualhost *:80>
ServerName Backend
DocumentRoot "D:/program files/zend/apache2/htdocs/public"
setenv application_env "Development"
<directory "D:/program files/zend/apache2/htdocs/public" >
DirectoryIndex index.php
AllowOverride All
Order Allow,deny
Allow from all
</Directory>
</VirtualHost>

I'm interested in the difference between the two order statements, so how do we do it here? Previously associated with the concept of "short-circuit", there are the same, there are different, the following a few examples to analyze.

Copy Code code as follows:

Order Deny,allow
– Note that there is only one comma between the Deny and the Allow, and that it is written in this way, and that the other writing is wrong.
Allow from all
Deny from 219.204.253.8

All can pass.

Copy Code code as follows:

Order Deny,allow
Deny from 219.204.253.8
Allow from all

– All can be passed.

Copy Code code as follows:

Order Allow,deny
Deny from 219.204.253.8
Allow from all

Only 219.204.253.8 cannot pass.

Copy Code code as follows:

Order Allow,deny
Allow from all
Deny from 219.204.253.8

Only 219.204.253.8 cannot pass.

According to the Apache official website explanation, the allow direction affects can pass through a server area the host, this host May through the host name (hostname), the IP address, the IP address range or through other client request the condition. Contrary to the Deny,deny control is not allowed by the server host, the identification of the deny is the host name (hostname), IP address and scope, or environment variables. The order at the top level plays a role in making rules. For example, the above case 1, our order for first check the deny after checking the Allow, then we can take the following two sentences as a list, these two words have no natural order, that is, check the deny time, We found that 219.204.253.8 this host is to meet the rejection conditions, then the second step detection, that is allow inspection, found that allow do is: Allow from all, meaning that all sources can be passed. The key here is that all visitors come in after not a stick to kill, have to undergo two steps verification, then can find all machines can be passed, and the result is consistent.

In case 2, the order sequence is the first deny after the Allow, then our step is found in the Deny Rule 219.204.253.8 is satisfied with the Deny rule, then go to the second step check, found that is still allow all, the result is also all allowed. Here we can conclude that the natural sequence of the two from statements after the order statement is not related, and that the order of the checks is done in a predetermined way.

In this case 3 is easier, our order is first allow after the deny, then deny has the final decision, that is, after allow said after the passage of each visitor also need to refuse to check, found 219.204.253.8 this host is not satisfied, then refused. Case 4 can be analyzed in the same way.