+ <h3><a name="reqexpr" id="reqexpr">Require expr</a></h3>
+
+ <p>The <code>expr</code> provider allows to base authorization
+ decisions on arbitrary expressions.</p>
+
+ <div class="example"><p><code>
+ Require expr %{TIME_HOUR} >= 9 & %{TIME_HOUR} <= 17 <br />
+ </code></p></div>
+
+ <p>TODO: Include a link to a description of the ap_expr syntax, once we have
+ such a description.</p>
+
+
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>
<dt><code>Require method <var>http-method</var> [<var>http-method</var>]
...</code></dt>
<dd>Access is allowed only for the given HTTP methods.</dd>
+
+ <dt><code>Require expr <var>expression</var> </code></dt>
+ <dd>Access is allowed if <var>expression</var> evaluates to true.</dd>
</dl>
<p>Some of the allowed syntaxes provided by <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>
<p>Other authorization modules that implement require options
include <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>,
<code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code>,
- <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, and
- <code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code>.</p>
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>,
+ <code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code> and <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>.</p>
<p>In most cases, for a complete authentication and authorization
configuration, <code class="directive">Require</code> must be accompanied by
</section>
+ <section id="reqexpr"><title>Require expr</title>
+
+ <p>The <code>expr</code> provider allows to base authorization
+ decisions on arbitrary expressions.</p>
+
+ <example>
+ Require expr %{TIME_HOUR} >= 9 & %{TIME_HOUR} <= 17 <br />
+ </example>
+
+ <p>TODO: Include a link to a description of the ap_expr syntax, once we have
+ such a description.</p>
+
+ </section>
+
+
</section>
<directivesynopsis>
<dt><code>Require method <var>http-method</var> [<var>http-method</var>]
...</code></dt>
<dd>Access is allowed only for the given HTTP methods.</dd>
+
+ <dt><code>Require expr <var>expression</var> </code></dt>
+ <dd>Access is allowed if <var>expression</var> evaluates to true.</dd>
</dl>
<p>Some of the allowed syntaxes provided by <module>mod_authz_user</module>
<p>Other authorization modules that implement require options
include <module>mod_authnz_ldap</module>,
<module>mod_authz_dbm</module>, <module>mod_authz_dbd</module>,
- <module>mod_authz_host</module>, and
- <module>mod_authz_owner</module>.</p>
+ <module>mod_authz_host</module>,
+ <module>mod_authz_owner</module> and <module>mod_ssl</module>.</p>
<p>In most cases, for a complete authentication and authorization
configuration, <directive>Require</directive> must be accompanied by
<li><img alt="" src="../images/down.gif" /> <a href="#envvars">Environment Variables</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#logformats">Custom Log Formats</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#notes">Request Notes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authzproviders">Authorization providers for use with Require</a></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
for the current connection, the note is not set.</dd>
</dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authzproviders" id="authzproviders">Authorization providers for use with Require</a></h2>
+
+ <p><code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides a few authentication providers for use
+ with <code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code>'s
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive.</p>
+
+ <h3><a name="reqssl" id="reqssl">Require ssl</a></h3>
+
+ <p>The <code>ssl</code> provider denies access if a connection is not
+ encrypted with SSL. This is similar to the
+ <code class="directive">SSLRequireSSL</code> directive.</p>
+
+ <div class="example"><p><code>
+ Require ssl
+ </code></p></div>
+
+
+
+ <h3><a name="reqverifyclient" id="reqverifyclient">Require ssl-verify-client</a></h3>
+
+ <p>The <code>ssl</code> provider allows access if the user is
+ authenticated with a valid client certificate. This is only
+ useful if <code>SSLVerifyClient optional</code> is in effect.</p>
+
+ <p>The following example grants access if the user is authenticated
+ either with a client certificate or by username and password.</p>
+
+ <div class="example"><p><code>
+ Require ssl-verify-client<br />
+ Require valid-user
+ </code></p></div>
+
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCACertificateFile" id="SSLCACertificateFile">SSLCACertificateFile</a> <a name="sslcacertificatefile" id="sslcacertificatefile">Directive</a></h2>
fulfilled in order to allow access. It is a very powerful directive because the
requirement specification is an arbitrarily complex boolean expression
containing any number of access checks.</p>
-<div class="warning">
-<p>The implementation of <code>SSLRequire</code> is not thread safe.
- Using <code>SSLRequire</code> inside <code>.htaccess</code> files
- on a threaded <a href="../mpm.html">MPM</a> may cause random crashes.
-</p>
-</div>
<p>
The <em>expression</em> must match the following syntax (given as a BNF
grammar notation):</p>
</section>
+<section id="authzproviders"><title>Authorization providers for use with Require</title>
+
+ <p><module>mod_ssl</module> provides a few authentication providers for use
+ with <module>mod_authz_core</module>'s
+ <directive module="mod_authz_core">Require</directive> directive.</p>
+
+ <section id="reqssl"><title>Require ssl</title>
+
+ <p>The <code>ssl</code> provider denies access if a connection is not
+ encrypted with SSL. This is similar to the
+ <directive>SSLRequireSSL</directive> directive.</p>
+
+ <example>
+ Require ssl
+ </example>
+
+ </section>
+
+ <section id="reqverifyclient"><title>Require ssl-verify-client</title>
+
+ <p>The <code>ssl</code> provider allows access if the user is
+ authenticated with a valid client certificate. This is only
+ useful if <code>SSLVerifyClient optional</code> is in effect.</p>
+
+ <p>The following example grants access if the user is authenticated
+ either with a client certificate or by username and password.</p>
+
+ <example>
+ Require ssl-verify-client<br/>
+ Require valid-user
+ </example>
+
+ </section>
+
+</section>
+
<directivesynopsis>
<name>SSLPassPhraseDialog</name>
<description>Type of pass phrase dialog for encrypted private
fulfilled in order to allow access. It is a very powerful directive because the
requirement specification is an arbitrarily complex boolean expression
containing any number of access checks.</p>
-<note type="warning">
-<p>The implementation of <code>SSLRequire</code> is not thread safe.
- Using <code>SSLRequire</code> inside <code>.htaccess</code> files
- on a threaded <a href="../mpm.html">MPM</a> may cause random crashes.
-</p>
-</note>
<p>
The <em>expression</em> must match the following syntax (given as a BNF
grammar notation):</p>
projects / apache / commitdiff