]> granicus.if.org Git - apache/commitdiff
documentation rebuild
authorLuca Toscano <elukey@apache.org>
Sun, 24 Jun 2018 07:27:31 +0000 (07:27 +0000)
committerLuca Toscano <elukey@apache.org>
Sun, 24 Jun 2018 07:27:31 +0000 (07:27 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834235 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/mod_authz_core.html.en
docs/manual/mod/mod_authz_core.xml.fr
docs/manual/mod/mod_authz_core.xml.meta
docs/manual/mod/mod_proxy.html.en
docs/manual/mod/mod_proxy.xml.fr
docs/manual/mod/mod_proxy.xml.ja
docs/manual/mod/mod_proxy.xml.meta
docs/manual/mod/mod_ssl.html.en
docs/manual/mod/quickreference.html.en

index f699716a4cf7255a0e23108bb4f04b026cb4f40d..bc61aad3469aa870992657305a2089349f5ad632 100644 (file)
@@ -48,9 +48,9 @@
 </div>
 <div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>
 <ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#logic">Authorization Containers</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
 </ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#authmerging">AuthMerging</a></li>
 <li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
-<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>
-
-    <p>Extended authorization providers can be created within the configuration
-    file and assigned an alias name.  The alias providers can then be referenced
-    through the <code class="directive"><a href="#require">Require</a></code> directive
-    in the same way as a base authorization provider.  Besides the ability to
-    create and alias an extended provider, it also allows the same extended
-    authorization provider to be referenced by multiple locations.
-    </p>
-
-    <h3><a name="example" id="example">Example</a></h3>
-        <p>The example below creates two different ldap authorization provider
-        aliases based on the ldap-group authorization provider.  This example
-        allows a single authorization location to check group membership within
-        multiple ldap hosts:
-        </p>
-
-        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
-    AuthLDAPBindDN cn=youruser,o=ctx
-    AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
-&lt;/AuthzProviderAlias&gt;
-
-&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
-    AuthLDAPBindDN cn=yourotheruser,o=dev
-    AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
-&lt;/AuthzProviderAlias&gt;
-
-Alias "/secure" "/webpages/secure"
-&lt;Directory "/webpages/secure"&gt;
-    Require all granted
-
-    AuthBasicProvider file
-
-    AuthType Basic
-    AuthName LDAP_Protected_Place
-
-    #implied OR operation
-    Require ldap-group-alias1
-    Require ldap-group-alias2
-&lt;/Directory&gt;</pre>
-
-    
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
 <h2><a name="logic" id="logic">Authorization Containers</a></h2>
 
     <p>The authorization container directives
@@ -140,7 +93,7 @@ Alias "/secure" "/webpages/secure"
             Require user superadmin
             &lt;RequireAll&gt;
                 Require group admins
-                Require ldap-group cn=Administrators,o=Airius
+                Require ldap-group "cn=Administrators,o=Airius"
                 &lt;RequireAny&gt;
                     Require group sales
                     Require ldap-attribute dept="sales"
@@ -149,7 +102,7 @@ Alias "/secure" "/webpages/secure"
         &lt;/RequireAny&gt;
         &lt;RequireNone&gt;
             Require group temps
-            Require ldap-group cn=Temporary Employees,o=Airius
+            Require ldap-group "cn=Temporary Employees,o=Airius"
         &lt;/RequireNone&gt;
     &lt;/RequireAll&gt;
 &lt;/Directory&gt;</pre>
@@ -176,7 +129,7 @@ Alias "/secure" "/webpages/secure"
     <code>User-Agent</code> (browser type), <code>Referer</code>, or
     other HTTP request header fields.</p>
 
-    <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+    <pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
 &lt;Directory "/docroot"&gt;
     Require env let_me_in
 &lt;/Directory&gt;</pre>
@@ -268,6 +221,53 @@ Alias "/secure" "/webpages/secure"
   
 
 
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>
+
+    <p>Extended authorization providers can be created within the configuration
+    file and assigned an alias name.  The alias providers can then be referenced
+    through the <code class="directive"><a href="#require">Require</a></code> directive
+    in the same way as a base authorization provider.  Besides the ability to
+    create and alias an extended provider, it also allows the same extended
+    authorization provider to be referenced by multiple locations.
+    </p>
+
+    <h3><a name="example" id="example">Example</a></h3>
+        <p>The example below creates two different ldap authorization provider
+        aliases based on the ldap-group authorization provider.  This example
+        allows a single authorization location to check group membership within
+        multiple ldap hosts:
+        </p>
+
+        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
+    AuthLDAPBindDN "cn=youruser,o=ctx"
+    AuthLDAPBindPassword yourpassword
+    AuthLDAPUrl "ldap://ldap.host/o=ctx"
+&lt;/AuthzProviderAlias&gt;
+
+&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
+    AuthLDAPBindPassword yourotherpassword
+    AuthLDAPUrl "ldap://other.ldap.host/o=dev?cn"
+&lt;/AuthzProviderAlias&gt;
+
+Alias "/secure" "/webpages/secure"
+&lt;Directory "/webpages/secure"&gt;
+    Require all granted
+
+    AuthBasicProvider file
+
+    AuthType Basic
+    AuthName LDAP_Protected_Place
+
+    #implied OR operation
+    Require ldap-group-alias1
+    Require ldap-group-alias2
+&lt;/Directory&gt;</pre>
+
+    
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>
@@ -517,7 +517,7 @@ Require group admin</pre>
 
 <h3>See also</h3>
 <ul>
-<li><a href="../howto/access.html">Access control howto</a></li>
+<li><a href="../howto/access.html">Access Control howto</a></li>
 <li><a href="#logic">Authorization Containers</a></li>
 <li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>
 <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
index e5adbb70bdc38f2b3b71a4afbcac4a723a7569d5..d210fbac45a9fa2fc3db217a0968fa2c322eb58f 100644 (file)
@@ -3,7 +3,7 @@
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
-<!-- English Revision : 1829392 -->
+<!-- English Revision: 1829392:1834205 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
index 5023ce74e38c5033f07d45090b67a59a8e15fea6..248771933a9e8b2688556aaea1c42b82a23108ab 100644 (file)
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>
index 4cc1eb5e25c3f1460c0b18b80d3217c2201d701a..77ba17e8234fcb8c33836e8c7f0981587da57f79 100644 (file)
@@ -1218,6 +1218,14 @@ ProxyPass "/mirror/foo" "http://backend.example.com"</pre>
         to override the <code class="directive">ProxyIOBufferSize</code> for a specific worker.
         This must be at least 512 or set to 0 for the system default of 8192.
     </td></tr>
+    <tr><td>responsefieldsize</td>
+        <td>8192</td>
+        <td>Adjust the size of the proxy response field buffer. The buffer size
+            should be at least the size of the largest expected header size from
+            a proxied response. Setting the value to 0 will use the system
+            default of 8192 bytes.<br />
+        Available in Apache HTTP Server 2.4.34 and later.
+    </td></tr>
     <tr><td>keepalive</td>
         <td>Off</td>
         <td><p>This parameter should be used when you have a firewall between your
@@ -1501,9 +1509,10 @@ ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofail
     environment variables will not exist when this interpolation happens,
     so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
     for complex rules.  Also note that interpolation is not supported
-    within the scheme portion of a URL.  Dynamic determination of the
-    scheme can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> as in the
-    following example.</p>
+    within the scheme/hostname/port portion of a URL. Dynamic determination of
+    those fields can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+    The following example describes how to use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+    to dynamically set the scheme to http or https:</p>
 
     <pre class="prettyprint lang-config">RewriteEngine On
 
@@ -1564,7 +1573,12 @@ ProxyPassReverse  "/mirror/foo/" "https://backend.example.com/"</pre>
     and causes them to substitute the value of an environment
     variable <code>varname</code> for the string <code>${varname}</code>
     in configuration directives if the <var>interpolate</var> option is set.</p>
-    <p>Keep this turned off (for server performance) unless you need it!</p>
+    <p>The scheme/hostname/port portion of <code class="directive">ProxyPass</code> cannot
+    contain variables, please consider using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> instead.</p>
+    <p>Keep this turned off (for server performance) unless you need it!
+    Adding variables to <code class="directive">ProxyPass</code> for example may lead to
+    using the default mod_proxy's workers configured (that don't allow any fine
+    tuning like connections reuse, etc..).</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
index 0a8b807901eb8e43a5055863e41358c440fa9f62..ccaf2f38bdd6de758cdadac59c6febf613ba3418 100644 (file)
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1834093 -->
+<!-- English Revision: 1834093:1834234 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
index 1513833c81569212d0380432dec360582eb373b9..ff6875f44e469ae199115440f5656700f548d289 100644 (file)
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 344971:1834093 (outdated) -->
+<!-- English Revision: 344971:1834234 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
index 38a79fdda73051e6f035124b21c4af3bff8e6129..f0185375d448127624a8715f7540d52668653323 100644 (file)
@@ -8,7 +8,7 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
     <variant outdated="yes">ja</variant>
   </variants>
 </metafile>
index b95bd247af2193a77af92e047549561ce01cc00d..1d214fcfa376857541a3cdb3c048881ec6a632fe 100644 (file)
@@ -1077,16 +1077,18 @@ the certificate being verified.</p>
 <div class="directive-section"><h2><a name="SSLOCSPEnable" id="SSLOCSPEnable">SSLOCSPEnable</a> <a name="sslocspenable" id="sslocspenable">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable OCSP validation of the client certificate chain</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLOCSPEnable on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLOCSPEnable on|leaf|off</code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLOCSPEnable off</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Mode <em>leaf</em> available in httpd 2.4.34 and later</td></tr>
 </table>
 <p>This option enables OCSP validation of the client certificate
 chain.  If this option is enabled, certificates in the client's
 certificate chain will be validated against an OCSP responder after
-normal verification (including CRL checks) have taken place.</p>
+normal verification (including CRL checks) have taken place. In 
+mode 'leaf', only the client certificate itself will be validated.</p>
 
 <p>The OCSP responder used is either extracted from the certificate
 itself, or derived by configuration; see the
index 8e63834d974c7644b0d0e9aae7cdeb97430b1190..981b5ba5166f894d6144068e3acb528c23561237 100644 (file)
@@ -1018,7 +1018,7 @@ handshake</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Option to prefer the server's cipher preference order</td></tr>
 <tr><td><a href="mod_ssl.html#sslinsecurerenegotiation">SSLInsecureRenegotiation on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Option to enable support for insecure renegotiation</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslocspdefaultresponder">SSLOCSDefaultResponder <em>uri</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Set the default responder URI for OCSP validation</td></tr>
-<tr><td><a href="mod_ssl.html#sslocspenable">SSLOCSPEnable on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable OCSP validation of the client certificate chain</td></tr>
+<tr><td><a href="mod_ssl.html#sslocspenable">SSLOCSPEnable on|leaf|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable OCSP validation of the client certificate chain</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslocspnoverify">SSLOCSPNoverify <em>On/Off</em></a></td><td> Off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">skip the OCSP responder certificates verification</td></tr>
 <tr><td><a href="mod_ssl.html#sslocspoverrideresponder">SSLOCSPOverrideResponder on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Force use of the default responder URI for OCSP validation</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslocspproxyurl">SSLOCSPProxyURL <em>url</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Proxy URL to use for OCSP requests</td></tr>