nginx 0.6.25 *) Change: now the "server_name_in_redirect" directive is used instead of the "server_name" directive's special "*" parameter. *) Change: now wildcard and regex names can be used as main name in a "server_name" directive. *) Change: the "satisfy_any" directive was replaced by the "satisfy" directive. *) Workaround: old worker processes might hog CPU after reconfiguration if they was run under Linux OpenVZ. *) Feature: the "min_delete_depth" directive. *) Bugfix: the COPY and MOVE methods did not work with single files. *) Bugfix: the ngx_http_gzip_static_module did not allow the ngx_http_dav_module to work; bug appeared in 0.6.23. *) Bugfix: socket leak in HTTPS mode if deferred accept was used. Thanks to Ben Maurer. *) Bugfix: nginx could not be built without PCRE library; bug appeared in 0.6.23.

--- a/src/http/modules/ngx_http_access_module.c
+++ b/src/http/modules/ngx_http_access_module.c
@@ -116,7 +116,7 @@ ngx_http_access_handler(ngx_http_request
             if (rule[i].deny) {
                 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
-                if (!clcf->satisfy_any) {
+                if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) {
                     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                                   "access forbidden by rule");
                 }