<br><div class="gmail_quote">On 7 April 2011 17:52, lhmwzy <span dir="ltr">&lt;<a href="mailto:lhmwzy@gmail.com">lhmwzy@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
in 0.9.7<br>
 use:<br>
<br>
        location ^~ /ks/admin<br>
        {<br>
                satisfy any;<br>
                allow <a href="http://10.68.136.241/32" target="_blank">10.68.136.241/32</a>;<br>
                allow <a href="http://10.66.23.80/32" target="_blank">10.66.23.80/32</a>;<br>
                deny all;<br>
                auth_basic &quot;passwd&quot;;<br>
                auth_basic_user_file ksadminpasswd;<br>
       }<br>
<br>
when IP is not 10.68.136.241 or 10.66.23.80, people can still visit<br>
/ks/admin,not prompt for user and passwd.<br>
<br>
Is this a bug?<br><br></blockquote><div><br></div><div>Don&#39;t you want satisfy <b>all</b>?</div><div> </div></div>