If I specify a Deny from xx.xx.xx.xx Directive in a <Directory /var/www/html/test-directory/></Directory> block in an Apache vhost configuration.
Then specify a different Deny from yy.yy.yy.yy in a .htaccess file in the same directory, which comes out on top?
It's my understanding that .htaccess should always take priority but in the case of Deny/Allow directives with different IP addresses, will the directives merge?
So both xx.xx.xx.xx and yy.yy.yy.yy are denied?
Or will one override the other?
I will do some tests later but I just wondered if anyone knew what should happen theoretically.
Specifying any number of
Denydirectives works just fine; all are applied. However, they can be overridden by anAllowif you've setOrder Deny,Allow.If you have concerns about the access you're allowing, you should provide a more complete look at your configuration and an explanation of what you're looking to achieve so that we're able to assist.
What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives will be honored if they are found in a .htaccess file.
I have copied this sentence from apache docs, where is explained well how works .htaccess.