Project_Dep_Name mod_authn_socache
End Project Dependency
Begin Project Dependency
+ Project_Dep_Name mod_authnz_fcgi
+ End Project Dependency
+ Begin Project Dependency
Project_Dep_Name mod_authz_core
End Project Dependency
Begin Project Dependency
###############################################################################
+Project: "mod_authnz_fcgi"=.\modules\aaa\mod_authnz_fcgi.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+ Begin Project Dependency
+ Project_Dep_Name libapr
+ End Project Dependency
+ Begin Project Dependency
+ Project_Dep_Name libhttpd
+ End Project Dependency
+}}}
+
+###############################################################################
+
Project: "mod_authnz_ldap"=.\modules\aaa\mod_authnz_ldap.dsp - Package Owner=<4>
Package=<5>
Project_Dep_Name mod_authn_socache
End Project Dependency
Begin Project Dependency
+ Project_Dep_Name mod_authnz_fcgi
+ End Project Dependency
+ Begin Project Dependency
Project_Dep_Name mod_authnz_ldap
End Project Dependency
Begin Project Dependency
###############################################################################
+Project: "mod_authnz_fcgi"=.\modules\aaa\mod_authnz_fcgi.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+ Begin Project Dependency
+ Project_Dep_Name libapr
+ End Project Dependency
+ Begin Project Dependency
+ Project_Dep_Name libaprutil
+ End Project Dependency
+ Begin Project Dependency
+ Project_Dep_Name libhttpd
+ End Project Dependency
+}}}
+
+###############################################################################
+
Project: "mod_authnz_ldap"=.\modules\aaa\mod_authnz_ldap.dsp - Package Owner=<4>
Package=<5>
Changes with Apache 2.4.10
+ *) mod_authnz_fcgi: New module to enable FastCGI authorizer
+ applications to authenticate and/or authorize clients.
+ [Jeff Trawick]
+
*) mod_proxy: Do not try to parse the regular expressions passed by
ProxyPassMatch as URL as they do not follow their syntax.
PR 56074. [Ruediger Pluem]
"modules/aaa/mod_authn_dbm+I+DBM-based authentication control"
"modules/aaa/mod_authn_file+A+file-based authentication control"
"modules/aaa/mod_authn_socache+I+Cached authentication control"
+ "modules/aaa/mod_authnz_fcgi+I+FastCGI authorizer-based authentication and authorization"
"modules/aaa/mod_authnz_ldap+i+LDAP based authentication"
"modules/aaa/mod_authz_core+A+core authorization provider vector module"
"modules/aaa/mod_authz_dbd+I+SQL based authorization and Login/Session support"
trunk patch: http://svn.apache.org/r1587255
+1: druggeri, ylavic, covener
- * Merge mod_authnz_fcgi from trunk.
- trunk:
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml
- and a line each in CMakeLists.txt and modules/aaa/config.m4
- (It was never added to other build systems.)
- See the 2.4.x patch mergeinfo for trunk revisions. I've also added a tiny
- part of r1522544 to create an entry in os/win32/BaseAddr.ref.
- 2.4.x patch: http://people.apache.org/~trawick/authnz_fcgi-2.4.txt
- The patch includes generated doc changes in order to carry eol-style.
- +1: trawick, jim
- +1: gsmith, please include r1588054 (tradional Win build)
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
print "#LoadModule authn_dbm_module modules/mod_authn_dbm.so" > dstfl;
print "LoadModule authn_file_module modules/mod_authn_file.so" > dstfl;
print "#LoadModule authn_socache_module modules/mod_authn_socache.so" > dstfl;
+ print "#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so" > dstfl;
print "#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so" > dstfl;
print "LoadModule authz_core_module modules/mod_authz_core.so" > dstfl;
print "#LoadModule authz_dbd_module modules/mod_authz_dbd.so" > dstfl;
<modulefile>mod_authn_dbm.xml</modulefile>
<modulefile>mod_authn_file.xml</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml</modulefile>
<modulefile>mod_authn_file.xml</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml</modulefile>
<modulefile>mod_authn_file.xml</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml.fr</modulefile>
<modulefile>mod_authn_file.xml.fr</modulefile>
<modulefile>mod_authn_socache.xml.fr</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml.fr</modulefile>
<modulefile>mod_authz_core.xml.fr</modulefile>
<modulefile>mod_authz_dbd.xml.fr</modulefile>
<modulefile>mod_authn_dbm.xml.ja</modulefile>
<modulefile>mod_authn_file.xml.ja</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml.ko</modulefile>
<modulefile>mod_authn_file.xml.ko</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml</modulefile>
<modulefile>mod_authn_file.xml</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<modulefile>mod_authn_dbm.xml</modulefile>
<modulefile>mod_authn_file.xml</modulefile>
<modulefile>mod_authn_socache.xml</modulefile>
+ <modulefile>mod_authnz_fcgi.xml</modulefile>
<modulefile>mod_authnz_ldap.xml</modulefile>
<modulefile>mod_authz_core.xml</modulefile>
<modulefile>mod_authz_dbd.xml</modulefile>
<tr><th><a href="directive-dict.html#Context">Kontext:</a></th><td>Serverkonfiguration</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Kompatibilität:</a></th><td>Available in Apache 2.4.2 and later</td></tr>
</table><p>Die Dokumentation zu dieser Direktive wurde
noch nicht übersetzt. Bitte schauen Sie in die englische
Version.</p><h3>Siehe auch</h3>
<tr><th><a href="directive-dict.html#Context">Kontext:</a></th><td>Serverkonfiguration, Virtual Host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Kompatibilität:</a></th><td>Available in Apache httpd 2.3.9 and later</td></tr>
</table><p>Die Dokumentation zu dieser Direktive wurde
noch nicht übersetzt. Bitte schauen Sie in die englische
Version.</p><h3>Siehe auch</h3>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.4.2 and later</td></tr>
</table>
<p>The <code class="directive">DefaultRuntimeDir</code> directive sets the
directory in which the server will create various run-time files
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. In order to prevent confusion, numbered
(unnamed) backreferences are ignored. Use named groups instead.</p>
-<pre class="prettyprint lang-config"><FileMatch ^(?<sitename>[^/]+)>
+<pre class="prettyprint lang-config"><FilesMatch ^(?<sitename>[^/]+)>
require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
-</FileMatch></pre>
+</FilesMatch></pre>
<h3>See also</h3>
<tr><th><a href="directive-dict.html#Context">Contexto:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Estado:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Módulo:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilidad:</a></th><td>Available in Apache 2.4.2 and later</td></tr>
</table><p>The documentation for this directive has
not been translated yet. Please have a look at the English
version.</p><h3>Consulte también</h3>
<a href="../ja/mod/core.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../tr/mod/core.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Fonctionnalités de base du serveur HTTP Apache toujours
disponibles</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Core</td></tr></table>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 sous Windows et 2.1.5
-sur les autres plates-formes.</td></tr>
</table>
<p>Cette directive permet d'effectuer une optimisation de la socket
d'écoute d'un type de protocole en fonction du système
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.4.2 du serveur HTTP Apache</td></tr>
</table>
<p>La directive <code class="directive">DefaultRuntimeDir</code> permet de
définir le répertoire dans lequel le serveur va créer les différents
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.9 d'Apache</td></tr>
</table>
<p>La directive <code class="directive">ErrorLogFormat</code> permet de
spécifier quelles informations supplémentaires vont être enregistrées
nommées) sont ignorées. Vous devez utiliser à la place des groupes
nommés.</p>
-<pre class="prettyprint lang-config"><FileMatch ^(?<sitename>[^/]+)>
+<pre class="prettyprint lang-config"><FilesMatch ^(?<sitename>[^/]+)>
require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
-</FileMatch></pre>
+</FilesMatch></pre>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>La spécification d'une valeur en millisecondes est
-possible depuis les versions 2.3.2 et supérieures d'Apache httpd</td></tr>
</table>
<p>Le nombre de secondes pendant lesquelles Apache httpd va attendre une
requête avant de fermer la connexion. Le délai peut être défini en
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>Available in Apache 2.4.2 and later</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p><h3>参照</h3>
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>Available in Apache httpd 2.3.9 and later</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p><h3>参照</h3>
<a href="../ja/mod/core.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../tr/mod/core.html" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Apache HTTP Sunucusunda daima mevcut olan çekirdek
özellikler</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Çekirdek</td></tr></table>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 344972:1584704 (outdated) -->
+<!-- English Revision: 344972:1587884 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
-<!-- English Revision: 1040494:1584704 (outdated) -->
+<!-- English Revision: 1040494:1587884 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1585830 -->
+<!-- English Revision: 1585830:1587884 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 669847:1584704 (outdated) -->
+<!-- English Revision: 669847:1587884 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 1562488:1584704 (outdated) -->
+<!-- English Revision: 1562488:1587884 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr>
Reviewed by: Orhan Berent <berent belgeler.gen.tr>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li>
<li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
texte</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Gère un cache des données d'authentification pour diminuer
la charge des serveurs d'arrière-plan</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Permet d'utiliser un annuaire LDAP pour l'authentification
HTTP de base.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Autorisation basique</dd>
Includes ou SSI)</dd>
<dt><a href="mod_info.html">mod_info</a></dt><dd>Affiche une présentation complète de la configuration du
serveur</dd>
-<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>Extensions ISAPI au coeur d'Apache pour Windows</dd>
+<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>Extensions ISAPI dans Apache pour Windows</dd>
<dt><a href="mod_lbmethod_bybusyness.html" id="L" name="L">mod_lbmethod_bybusyness</a></dt><dd>Algorithme de planification avec répartition de charge de
l'attribution des requêtes en attente pour le module
<code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>テキストファイルを用いたユーザ認証</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>¹®ÀÚÆÄÀÏÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ÀÎÁõ</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve
the load on backends</dd>
+<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</dd>
<dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
for HTTP Basic authentication.</dd>
<dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
--- /dev/null
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: mod_authnz_fcgi.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>mod_authnz_fcgi - Apache HTTP Server</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body>
+<div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.gif" /></div>
+<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Modules</a></div>
+<div id="page-content">
+<div id="preamble"><h1>Apache Module mod_authnz_fcgi</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p>
+</div>
+<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</td></tr>
+<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authnz_fcgi_module</td></tr>
+<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authnz_fcgi.c</td></tr></table>
+<h3>Summary</h3>
+
+ <p>This module allows FastCGI authorizer applications to
+ authenticate users and authorize access to resources. It supports
+ generic FastCGI authorizers which participate in a single phase
+ for authentication and authorization as well as Apache httpd-specific
+ authenticators and authorizors which participate in one or both
+ phases.</p>
+
+ <p>FastCGI authorizers can authenticate using user id and password,
+ such as for Basic authentication, or can authenticate using arbitrary
+ mechanisms.</p>
+</div>
+<div id="quickview"><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
+</ul>
+<h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#invocations">Invocation modes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Additional examples</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#limitations">Limitations</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
+</ul><h3>See also</h3>
+<ul class="seealso">
+<li><a href="../howto/auth.html">Authentication, Authorization,
+and Access Control</a></li>
+<li><code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code></li>
+<li><code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code></li>
+</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="invocations" id="invocations">Invocation modes</a></h2>
+
+ <p>The invocation modes for FastCGI authorizers supported by this
+ module are distinguished by two characteristics, <em>type</em> and
+ auth <em>mechanism</em>.</p>
+
+ <p><em>Type</em> is simply <code>authn</code> for authentication,
+ <code>authz</code> for authorization, or <code>authnz</code> for
+ combined authentication and authorization.</p>
+
+ <p>Auth <em>mechanism</em> refers to the Apache httpd configuration
+ mechanisms and processing phases, and can be <code>
+ AuthBasicProvider</code>, <code>Require</code>, or <code>
+ check_user_id</code>. The first two of these
+ correspond to the directives used to enable participation in the
+ appropriate processing phase.</p>
+
+ <p>Descriptions of each mode:</p>
+
+ <dl>
+ <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
+ <code>AuthBasicProvider</code></dt>
+
+ <dd>In this mode,
+ <code>FCGI_ROLE</code> is set to <code>AUTHORIZER</code> and
+ <code>FCGI_APACHE_ROLE</code> is set to <code>AUTHENTICATOR</code>.
+ The application must be defined as provider type <em>authn</em>
+ using <code class="directive"><a href="#authnzfcgidefineprovider">
+ AuthnzFcgiDefineProvider</a></code> and enabled with
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
+ When invoked, the application is
+ expected to authenticate the client using the provided user id and
+ password. Example application:
+
+<pre class="prettyprint lang-perl">#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+ print "Status: 200\n";
+ print "Variable-AUTHN_1: authn_01\n";
+ print "Variable-AUTHN_2: authn_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ }
+}</pre>
+
+
+ Example configuration:
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
+<Location /protected/>
+ AuthType Basic
+ AuthName "Restricted"
+ AuthBasicProvider FooAuthn
+ Require ...
+</Location></pre>
+
+ </dd>
+
+ <dt><em>Type</em> <code>authz</code>, <em>mechanism</em>
+ <code>Require</code></dt>
+ <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
+ AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
+ <code>AUTHORIZER</code>. The application must be defined as
+ provider type <em>authz</em> using <code class="directive"><a href="#authnzfcgidefineprovider">
+ AuthnzFcgiDefineProvider</a></code>. When invoked, the application
+ is expected to authorize the client using the provided user id and other
+ request data. Example application:
+<pre class="prettyprint lang-perl">#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if $ENV{'REMOTE_PASSWD'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ($ENV{'REMOTE_USER'} eq "foo1") {
+ print "Status: 200\n";
+ print "Variable-AUTHZ_1: authz_01\n";
+ print "Variable-AUTHZ_2: authz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 403\n\n";
+ }
+}</pre>
+
+
+ Example configuration:
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/
+<Location /protected/>
+ AuthType ...
+ AuthName ...
+ AuthBasicProvider ...
+ Require FooAuthz
+</Location></pre>
+
+ </dd>
+
+ <dt><em>Type</em> <code>authnz</code>, <em>mechanism</em>
+ <code>AuthBasicProvider</code> <em>+</em> <code>Require</code></dt>
+
+ <dd>In this mode, which supports the web server-agnostic FastCGI
+ <code>AUTHORIZER</code> protocol, <code>FCGI_ROLE</code> is set to
+ <code>AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is not set.
+ The application must be defined as provider type <em>authnz</em>
+ using <code class="directive"><a href="#authnzfcgidefineprovider">
+ AuthnzFcgiDefineProvider</a></code>. The application is expected to
+ handle both authentication and authorization in the same invocation
+ using the user id, password, and other request data. The invocation
+ occurs during the Apache httpd API authentication phase. If the
+ application returns 200 and the same provider is invoked during the
+ authorization phase (via <code class="directive">Require</code>), mod_authnz_fcgi
+ will return success for the authorization phase without invoking the
+ application. Example application:
+<pre class="prettyprint lang-perl">#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'};
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" &&
+ $ENV{'REQUEST_URI'} =~ m%/bar/.*%) {
+ print "Status: 200\n";
+ print "Variable-AUTHNZ_1: authnz_01\n";
+ print "Variable-AUTHNZ_2: authnz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ }
+}</pre>
+
+
+ Example configuration:
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
+<Location /protected/>
+ AuthType Basic
+ AuthName "Restricted"
+ AuthBasicProvider FooAuthnz
+ Require FooAuthnz
+</Location></pre>
+
+ </dd>
+
+ <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
+ <code>check_user_id</code></dt>
+
+ <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
+ AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
+ <code>AUTHENTICATOR</code>. The application must be defined as
+ provider type <em>authn</em> using <code class="directive"><a href="#authnzfcgidefineprovider">
+ AuthnzFcgiDefineProvider</a></code>. <code class="directive"><a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></code>
+ specifies when it is called. Example application:
+<pre class="prettyprint lang-perl">#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+
+ # This authorizer assumes that the RequireBasicAuth option of
+ # AuthnzFcgiCheckAuthnProvider is On:
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+ print "Status: 200\n";
+ print "Variable-AUTHNZ_1: authnz_01\n";
+ print "Variable-AUTHNZ_2: authnz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ # If a response body is written here, it will be returned to
+ # the client.
+ }
+}</pre>
+
+
+ Example configuration:
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/
+<Location /protected/>
+ AuthType ...
+ AuthName ...
+ AuthnzFcgiCheckAuthnProvider FooAuthn \
+ Authoritative On \
+ RequireBasicAuth Off \
+ UserExpr "%{reqenv:REMOTE_USER}"
+ Require ...
+</Location></pre>
+
+ </dd>
+
+ </dl>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Additional examples</a></h2>
+
+ <ol>
+ <li>If your application supports the separate authentication and
+ authorization roles (<code>AUTHENTICATOR</code> and <code>AUTHORIZER</code>), define
+ separate providers as follows, even if they map to the same
+ application:
+
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
+AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10102/</pre>
+
+
+ Specify the authn provider on
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
+ and the authz provider on
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>:
+
+<pre class="prettyprint lang-config">AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthn
+Require FooAuthz</pre>
+
+ </li>
+
+ <li>If your application supports the generic <code>AUTHORIZER</code> role
+ (authentication and authorizer in one invocation), define a
+ single provider as follows:
+
+<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/</pre>
+
+
+ Specify the authnz provider on both <code class="directive">AuthBasicProvider</code>
+ and <code class="directive">Require</code>:
+
+<pre class="prettyprint lang-config">AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthnz
+Require FooAuthnz</pre>
+
+ </li>
+</ol>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="limitations" id="limitations">Limitations</a></h2>
+
+ <p>The following are potential features which are not currently
+ implemented:</p>
+
+ <dl>
+ <dt>Apache httpd access checker</dt>
+ <dd>The Apache httpd API <em>access check</em> phase is a separate
+ phase from authentication and authorization. Some other FastCGI
+ implementations implement this phase, which is denoted by the
+ setting of <code>FCGI_APACHE_ROLE</code> to <code>ACCESS_CHECKER</code>.</dd>
+
+ <dt>Local (Unix) sockets or pipes</dt>
+ <dd>Only TCP sockets are currently supported.</dd>
+
+ <dt>Support for mod_authn_socache</dt>
+ <dd>mod_authn_socache interaction should be implemented for
+ applications which participate in Apache httpd-style
+ authentication.</dd>
+
+ <dt>Support for digest authentication using AuthDigestProvider</dt>
+ <dd>This is expected to be a permanent limitation as there is
+ no authorizer flow for retrieving a hash.</dd>
+
+ <dt>Application process management</dt>
+ <dd>This is expected to be permanently out of scope for
+ this module. Application processes must be controlled by
+ other means. For example, <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code> can be used to
+ start them.</dd>
+
+ <dt>AP_AUTH_INTERNAL_PER_URI</dt>
+ <dd>All providers are currently registered as
+ AP_AUTH_INTERNAL_PER_CONF, which means that checks are not
+ performed again for internal subrequests with the same
+ access control configuration as the initial request.</dd>
+
+ <dt>Protocol data charset conversion</dt>
+ <dd>If mod_authnz_fcgi runs in an EBCDIC compilation
+ environment, all FastCGI protocol data is written in EBCDIC
+ and expected to be received in EBCDIC.</dd>
+
+ <dt>Multiple requests per connection</dt>
+ <dd>Currently the connection to the FastCGI authorizer is
+ closed after every phase of processing. For example, if the
+ authorizer handles separate <em>authn</em> and <em>authz</em>
+ phases then two connections will be used.</dd>
+
+ <dt>URI Mapping</dt>
+ <dd>URIs from clients can't be mapped, such as with the <code class="directive">
+ ProxyPass</code> used with FastCGI responders.</dd>
+
+ </dl>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="logging" id="logging">Logging</a></h2>
+
+ <ol>
+ <li>Processing errors are logged at log level <code>error</code>
+ and higher.</li>
+ <li>Messages written by the application are logged at log
+ level <code>warn</code>.</li>
+ <li>General messages for debugging are logged at log level
+ <code>debug</code>.</li>
+ <li>Environment variables passed to the application are
+ logged at log level <code>trace2</code>. The value of the
+ <code>REMOTE_PASSWD</code> variable will be obscured,
+ but <strong>any other sensitive data will be visible in the
+ log</strong>.</li>
+ <li>All I/O between the module and the FastCGI application,
+ including all environment variables, will be logged in printable
+ and hex format at log level <code>trace5</code>. <strong>All
+ sensitive data will be visible in the log.</strong></li>
+ </ol>
+
+ <p><code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> can be used
+ to configure a log level specific to mod_authnz_fcgi. For
+ example:</p>
+
+<pre class="prettyprint lang-config">LogLevel info authnz_fcgi:trace8</pre>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthnzFcgiCheckAuthnProvider" id="AuthnzFcgiCheckAuthnProvider">AuthnzFcgiCheckAuthnProvider</a> <a name="authnzfcgicheckauthnprovider" id="authnzfcgicheckauthnprovider">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr>
+</table>
+ <p>This directive is used to enable a FastCGI authorizer to
+ handle a specific processing phase of authentication or
+ authorization.</p>
+
+ <p>Some capabilities of FastCGI authorizers require enablement
+ using this directive instead of
+ <code class="directive">AuthBasicProvider</code>:</p>
+
+ <ul>
+ <li>Non-Basic authentication; generally, determining the user
+ id of the client and returning it from the authorizer; see the
+ <code>UserExpr</code> option below</li>
+ <li>Selecting a custom response code; for a non-200 response
+ from the authorizer, the code from the authorizer will be the
+ status of the response</li>
+ <li>Setting the body of a non-200 response; if the authorizer
+ provides a response body with a non-200 response, that body
+ will be returned to the client; up to 8192 bytes of text are
+ supported</li>
+ </ul>
+
+ <dl>
+ <dt><em>provider-name</em></dt>
+ <dd>This is the name of a provider defined with <code class="directive">
+ AuthnzFcgiDefineProvider</code>.</dd>
+
+ <dt><code>None</code></dt>
+ <dd>Specify <code>None</code> to disable a provider enabled
+ with this directive in an outer scope, such as in a parent
+ directory.</dd>
+
+ <dt><em>option</em></dt>
+ <dd>The following options are supported:
+
+ <dl>
+ <dt>Authoritative On|Off (default On)</dt>
+ <dd>This controls whether or not other modules are allowed
+ to run when this module has a FastCGI authorizer configured
+ and it fails the request.</dd>
+
+ <dt>DefaultUser <em>userid</em></dt>
+ <dd>When the authorizer returns success and <code>UserExpr</code>
+ is configured and evaluates to an empty string (e.g., authorizer
+ didn't return a variable), this value will be used as the user
+ id. This is typically used when the authorizer has a concept of
+ guest, or unauthenticated, users and guest users are mapped to
+ some specific user id for logging and other purposes.</dd>
+
+ <dt>RequireBasicAuth On|Off (default Off)</dt>
+ <dd>This controls whether or not Basic auth is required
+ before passing the request to the authorizer. If required,
+ the authorizer won't be invoked without a user id and
+ password; 401 will be returned for a request without that.</dd>
+
+ <dt>UserExpr <em>expr</em> (no default)</dt>
+ <dd>When Basic authentication isn't provided by the client
+ and the authorizer determines the user, this expression,
+ evaluated after calling the authorizer, determines the
+ user. The expression follows <a href="../expr.html">
+ ap_expr syntax</a> and must resolve to a string. A typical
+ use is to reference a <code>Variable-<em>XXX</em></code>
+ setting returned by the authorizer using an option like
+ <code>UserExpr "%{reqenv:<em>XXX</em>}"</code>. If
+ this option is specified and the user id can't be retrieved
+ using the expression after a successful authentication, the
+ request will be rejected with a 500 error.</dd>
+
+ </dl>
+ </dd>
+ </dl>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthnzFcgiDefineProvider" id="AuthnzFcgiDefineProvider">AuthnzFcgiDefineProvider</a> <a name="authnzfcgidefineprovider" id="authnzfcgidefineprovider">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr>
+</table>
+ <p>This directive is used to define a FastCGI application as
+ a provider for a particular phase of authentication or
+ authorization.</p>
+
+ <dl>
+ <dt><em>type</em></dt>
+ <dd>This must be set to <em>authn</em> for authentication,
+ <em>authz</em> for authentication, or <em>authnz</em> for
+ a generic FastCGI authorizer which performs both checks.</dd>
+
+ <dt><em>provider-name</em></dt>
+ <dd>This is used to assign a name to the provider which is
+ used in other directives such as
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
+ and
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>.</dd>
+
+ <dt><em>backend-address</em></dt>
+ <dd>This specifies the address of the application, in the form
+ <em>fcgi://hostname:port/</em>. The application process(es)
+ must be managed independently, such as with
+ <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code>.</dd>
+ </dl>
+
+</div>
+</div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<!-- $LastChangedRevision:$ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<modulesynopsis metafile="mod_authnz_fcgi.xml.meta">
+
+<name>mod_authnz_fcgi</name>
+<description>Allows a FastCGI authorizer application to handle Apache
+httpd authentication and authorization</description>
+<status>Extension</status>
+<sourcefile>mod_authnz_fcgi.c</sourcefile>
+<identifier>authnz_fcgi_module</identifier>
+
+<summary>
+ <p>This module allows FastCGI authorizer applications to
+ authenticate users and authorize access to resources. It supports
+ generic FastCGI authorizers which participate in a single phase
+ for authentication and authorization as well as Apache httpd-specific
+ authenticators and authorizors which participate in one or both
+ phases.</p>
+
+ <p>FastCGI authorizers can authenticate using user id and password,
+ such as for Basic authentication, or can authenticate using arbitrary
+ mechanisms.</p>
+</summary>
+
+<seealso><a href="../howto/auth.html">Authentication, Authorization,
+and Access Control</a></seealso>
+<seealso><module>mod_auth_basic</module></seealso>
+<seealso><program>fcgistarter</program></seealso>
+
+<section id="invocations"><title>Invocation modes</title>
+
+ <p>The invocation modes for FastCGI authorizers supported by this
+ module are distinguished by two characteristics, <em>type</em> and
+ auth <em>mechanism</em>.</p>
+
+ <p><em>Type</em> is simply <code>authn</code> for authentication,
+ <code>authz</code> for authorization, or <code>authnz</code> for
+ combined authentication and authorization.</p>
+
+ <p>Auth <em>mechanism</em> refers to the Apache httpd configuration
+ mechanisms and processing phases, and can be <code>
+ AuthBasicProvider</code>, <code>Require</code>, or <code>
+ check_user_id</code>. The first two of these
+ correspond to the directives used to enable participation in the
+ appropriate processing phase.</p>
+
+ <p>Descriptions of each mode:</p>
+
+ <dl>
+ <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
+ <code>AuthBasicProvider</code></dt>
+
+ <dd>In this mode,
+ <code>FCGI_ROLE</code> is set to <code>AUTHORIZER</code> and
+ <code>FCGI_APACHE_ROLE</code> is set to <code>AUTHENTICATOR</code>.
+ The application must be defined as provider type <em>authn</em>
+ using <directive module="mod_authnz_fcgi">
+ AuthnzFcgiDefineProvider</directive> and enabled with
+ <directive module="mod_auth_basic">AuthBasicProvider</directive>.
+ When invoked, the application is
+ expected to authenticate the client using the provided user id and
+ password. Example application:
+
+<highlight language="perl">
+#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+ print "Status: 200\n";
+ print "Variable-AUTHN_1: authn_01\n";
+ print "Variable-AUTHN_2: authn_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ }
+}
+</highlight>
+
+ Example configuration:
+<highlight language="config">
+AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
+<Location /protected/>
+ AuthType Basic
+ AuthName "Restricted"
+ AuthBasicProvider FooAuthn
+ Require ...
+</Location>
+</highlight>
+ </dd>
+
+ <dt><em>Type</em> <code>authz</code>, <em>mechanism</em>
+ <code>Require</code></dt>
+ <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
+ AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
+ <code>AUTHORIZER</code>. The application must be defined as
+ provider type <em>authz</em> using <directive module="mod_authnz_fcgi">
+ AuthnzFcgiDefineProvider</directive>. When invoked, the application
+ is expected to authorize the client using the provided user id and other
+ request data. Example application:
+<highlight language="perl">
+#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if $ENV{'REMOTE_PASSWD'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ($ENV{'REMOTE_USER'} eq "foo1") {
+ print "Status: 200\n";
+ print "Variable-AUTHZ_1: authz_01\n";
+ print "Variable-AUTHZ_2: authz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 403\n\n";
+ }
+}
+</highlight>
+
+ Example configuration:
+<highlight language="config">
+AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/
+<Location /protected/>
+ AuthType ...
+ AuthName ...
+ AuthBasicProvider ...
+ Require FooAuthz
+</Location>
+</highlight>
+ </dd>
+
+ <dt><em>Type</em> <code>authnz</code>, <em>mechanism</em>
+ <code>AuthBasicProvider</code> <em>+</em> <code>Require</code></dt>
+
+ <dd>In this mode, which supports the web server-agnostic FastCGI
+ <code>AUTHORIZER</code> protocol, <code>FCGI_ROLE</code> is set to
+ <code>AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is not set.
+ The application must be defined as provider type <em>authnz</em>
+ using <directive module="mod_authnz_fcgi">
+ AuthnzFcgiDefineProvider</directive>. The application is expected to
+ handle both authentication and authorization in the same invocation
+ using the user id, password, and other request data. The invocation
+ occurs during the Apache httpd API authentication phase. If the
+ application returns 200 and the same provider is invoked during the
+ authorization phase (via <directive>Require</directive>), mod_authnz_fcgi
+ will return success for the authorization phase without invoking the
+ application. Example application:
+<highlight language="perl">
+#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'};
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" &&
+ $ENV{'REQUEST_URI'} =~ m%/bar/.*%) {
+ print "Status: 200\n";
+ print "Variable-AUTHNZ_1: authnz_01\n";
+ print "Variable-AUTHNZ_2: authnz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ }
+}
+</highlight>
+
+ Example configuration:
+<highlight language="config">
+AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
+<Location /protected/>
+ AuthType Basic
+ AuthName "Restricted"
+ AuthBasicProvider FooAuthnz
+ Require FooAuthnz
+</Location>
+</highlight>
+ </dd>
+
+ <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
+ <code>check_user_id</code></dt>
+
+ <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
+ AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
+ <code>AUTHENTICATOR</code>. The application must be defined as
+ provider type <em>authn</em> using <directive module="mod_authnz_fcgi">
+ AuthnzFcgiDefineProvider</directive>. <directive
+ module="mod_authnz_fcgi">AuthnzFcgiCheckAuthnProvider</directive>
+ specifies when it is called. Example application:
+<highlight language="perl">
+#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+ die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+ die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+
+ # This authorizer assumes that the RequireBasicAuth option of
+ # AuthnzFcgiCheckAuthnProvider is On:
+ die if !$ENV{'REMOTE_PASSWD'};
+ die if !$ENV{'REMOTE_USER'};
+
+ print STDERR "This text is written to the web server error log.\n";
+
+ if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+ $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+ print "Status: 200\n";
+ print "Variable-AUTHNZ_1: authnz_01\n";
+ print "Variable-AUTHNZ_2: authnz_02\n";
+ print "\n";
+ }
+ else {
+ print "Status: 401\n\n";
+ # If a response body is written here, it will be returned to
+ # the client.
+ }
+}
+</highlight>
+
+ Example configuration:
+<highlight language="config">
+AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/
+<Location /protected/>
+ AuthType ...
+ AuthName ...
+ AuthnzFcgiCheckAuthnProvider FooAuthn \
+ Authoritative On \
+ RequireBasicAuth Off \
+ UserExpr "%{reqenv:REMOTE_USER}"
+ Require ...
+</Location>
+</highlight>
+ </dd>
+
+ </dl>
+
+</section>
+
+<section id="examples"><title>Additional examples</title>
+
+ <ol>
+ <li>If your application supports the separate authentication and
+ authorization roles (<code>AUTHENTICATOR</code> and <code>AUTHORIZER</code>), define
+ separate providers as follows, even if they map to the same
+ application:
+
+<highlight language="config">
+AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
+AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10102/
+</highlight>
+
+ Specify the authn provider on
+ <directive module="mod_auth_basic">AuthBasicProvider</directive>
+ and the authz provider on
+ <directive module="mod_authz_core">Require</directive>:
+
+<highlight language="config">
+AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthn
+Require FooAuthz
+</highlight>
+ </li>
+
+ <li>If your application supports the generic <code>AUTHORIZER</code> role
+ (authentication and authorizer in one invocation), define a
+ single provider as follows:
+
+<highlight language="config">
+AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
+</highlight>
+
+ Specify the authnz provider on both <directive>AuthBasicProvider</directive>
+ and <directive>Require</directive>:
+
+<highlight language="config">
+AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthnz
+Require FooAuthnz
+</highlight>
+ </li>
+</ol>
+</section>
+
+<section id="limitations"><title>Limitations</title>
+
+ <p>The following are potential features which are not currently
+ implemented:</p>
+
+ <dl>
+ <dt>Apache httpd access checker</dt>
+ <dd>The Apache httpd API <em>access check</em> phase is a separate
+ phase from authentication and authorization. Some other FastCGI
+ implementations implement this phase, which is denoted by the
+ setting of <code>FCGI_APACHE_ROLE</code> to <code>ACCESS_CHECKER</code>.</dd>
+
+ <dt>Local (Unix) sockets or pipes</dt>
+ <dd>Only TCP sockets are currently supported.</dd>
+
+ <dt>Support for mod_authn_socache</dt>
+ <dd>mod_authn_socache interaction should be implemented for
+ applications which participate in Apache httpd-style
+ authentication.</dd>
+
+ <dt>Support for digest authentication using AuthDigestProvider</dt>
+ <dd>This is expected to be a permanent limitation as there is
+ no authorizer flow for retrieving a hash.</dd>
+
+ <dt>Application process management</dt>
+ <dd>This is expected to be permanently out of scope for
+ this module. Application processes must be controlled by
+ other means. For example, <program>fcgistarter</program> can be used to
+ start them.</dd>
+
+ <dt>AP_AUTH_INTERNAL_PER_URI</dt>
+ <dd>All providers are currently registered as
+ AP_AUTH_INTERNAL_PER_CONF, which means that checks are not
+ performed again for internal subrequests with the same
+ access control configuration as the initial request.</dd>
+
+ <dt>Protocol data charset conversion</dt>
+ <dd>If mod_authnz_fcgi runs in an EBCDIC compilation
+ environment, all FastCGI protocol data is written in EBCDIC
+ and expected to be received in EBCDIC.</dd>
+
+ <dt>Multiple requests per connection</dt>
+ <dd>Currently the connection to the FastCGI authorizer is
+ closed after every phase of processing. For example, if the
+ authorizer handles separate <em>authn</em> and <em>authz</em>
+ phases then two connections will be used.</dd>
+
+ <dt>URI Mapping</dt>
+ <dd>URIs from clients can't be mapped, such as with the <directive>
+ ProxyPass</directive> used with FastCGI responders.</dd>
+
+ </dl>
+
+</section>
+
+<section id="logging"><title>Logging</title>
+
+ <ol>
+ <li>Processing errors are logged at log level <code>error</code>
+ and higher.</li>
+ <li>Messages written by the application are logged at log
+ level <code>warn</code>.</li>
+ <li>General messages for debugging are logged at log level
+ <code>debug</code>.</li>
+ <li>Environment variables passed to the application are
+ logged at log level <code>trace2</code>. The value of the
+ <code>REMOTE_PASSWD</code> variable will be obscured,
+ but <strong>any other sensitive data will be visible in the
+ log</strong>.</li>
+ <li>All I/O between the module and the FastCGI application,
+ including all environment variables, will be logged in printable
+ and hex format at log level <code>trace5</code>. <strong>All
+ sensitive data will be visible in the log.</strong></li>
+ </ol>
+
+ <p><directive module="core">LogLevel</directive> can be used
+ to configure a log level specific to mod_authnz_fcgi. For
+ example:</p>
+
+<highlight language="config">
+LogLevel info authnz_fcgi:trace8
+</highlight>
+
+</section>
+
+<directivesynopsis>
+<name>AuthnzFcgiDefineProvider</name>
+<description>Defines a FastCGI application as a provider for
+authentication and/or authorization</description>
+<syntax>AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></syntax>
+<default>none</default>
+<contextlist><context>server config</context></contextlist>
+<usage>
+ <p>This directive is used to define a FastCGI application as
+ a provider for a particular phase of authentication or
+ authorization.</p>
+
+ <dl>
+ <dt><em>type</em></dt>
+ <dd>This must be set to <em>authn</em> for authentication,
+ <em>authz</em> for authentication, or <em>authnz</em> for
+ a generic FastCGI authorizer which performs both checks.</dd>
+
+ <dt><em>provider-name</em></dt>
+ <dd>This is used to assign a name to the provider which is
+ used in other directives such as
+ <directive module="mod_auth_basic">AuthBasicProvider</directive>
+ and
+ <directive module="mod_authz_core">Require</directive>.</dd>
+
+ <dt><em>backend-address</em></dt>
+ <dd>This specifies the address of the application, in the form
+ <em>fcgi://hostname:port/</em>. The application process(es)
+ must be managed independently, such as with
+ <program>fcgistarter</program>.</dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthnzFcgiCheckAuthnProvider</name>
+<description>Enables a FastCGI application to handle the check_authn
+authentication hook.</description>
+<syntax>AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</syntax>
+<default>none</default>
+<contextlist><context>directory</context></contextlist>
+<usage>
+ <p>This directive is used to enable a FastCGI authorizer to
+ handle a specific processing phase of authentication or
+ authorization.</p>
+
+ <p>Some capabilities of FastCGI authorizers require enablement
+ using this directive instead of
+ <directive>AuthBasicProvider</directive>:</p>
+
+ <ul>
+ <li>Non-Basic authentication; generally, determining the user
+ id of the client and returning it from the authorizer; see the
+ <code>UserExpr</code> option below</li>
+ <li>Selecting a custom response code; for a non-200 response
+ from the authorizer, the code from the authorizer will be the
+ status of the response</li>
+ <li>Setting the body of a non-200 response; if the authorizer
+ provides a response body with a non-200 response, that body
+ will be returned to the client; up to 8192 bytes of text are
+ supported</li>
+ </ul>
+
+ <dl>
+ <dt><em>provider-name</em></dt>
+ <dd>This is the name of a provider defined with <directive>
+ AuthnzFcgiDefineProvider</directive>.</dd>
+
+ <dt><code>None</code></dt>
+ <dd>Specify <code>None</code> to disable a provider enabled
+ with this directive in an outer scope, such as in a parent
+ directory.</dd>
+
+ <dt><em>option</em></dt>
+ <dd>The following options are supported:
+
+ <dl>
+ <dt>Authoritative On|Off (default On)</dt>
+ <dd>This controls whether or not other modules are allowed
+ to run when this module has a FastCGI authorizer configured
+ and it fails the request.</dd>
+
+ <dt>DefaultUser <em>userid</em></dt>
+ <dd>When the authorizer returns success and <code>UserExpr</code>
+ is configured and evaluates to an empty string (e.g., authorizer
+ didn't return a variable), this value will be used as the user
+ id. This is typically used when the authorizer has a concept of
+ guest, or unauthenticated, users and guest users are mapped to
+ some specific user id for logging and other purposes.</dd>
+
+ <dt>RequireBasicAuth On|Off (default Off)</dt>
+ <dd>This controls whether or not Basic auth is required
+ before passing the request to the authorizer. If required,
+ the authorizer won't be invoked without a user id and
+ password; 401 will be returned for a request without that.</dd>
+
+ <dt>UserExpr <em>expr</em> (no default)</dt>
+ <dd>When Basic authentication isn't provided by the client
+ and the authorizer determines the user, this expression,
+ evaluated after calling the authorizer, determines the
+ user. The expression follows <a href="../expr.html">
+ ap_expr syntax</a> and must resolve to a string. A typical
+ use is to reference a <code>Variable-<em>XXX</em></code>
+ setting returned by the authorizer using an option like
+ <code>UserExpr "%{reqenv:<em>XXX</em>}"</code>. If
+ this option is specified and the user id can't be retrieved
+ using the expression after a successful authentication, the
+ request will be rejected with a 500 error.</dd>
+
+ </dl>
+ </dd>
+ </dl>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- GENERATED FROM XML: DO NOT EDIT -->
+
+<metafile reference="mod_authnz_fcgi.xml">
+ <basename>mod_authnz_fcgi</basename>
+ <path>/mod/</path>
+ <relpath>..</relpath>
+
+ <variants>
+ <variant>en</variant>
+ </variants>
+</metafile>
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.1 and later</td></tr></table>
<h3>Summary</h3>
- <p>This module provides authentication front-ends such as
+ <p>This module allows authentication front-ends such as
<code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> to authenticate users through
an ldap directory.</p>
<code>ldap-filter</code>. Other authorization types may also be
used but may require that additional authorization modules be loaded.</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the LDAP require directives.</p>
<h3><a name="requser" id="requser">Require ldap-user</a></h3>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.4.6.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.4.5.</td></tr>
</table>
<p>A bind password to use in conjunction with the bind DN. Note
that the bind password is probably sensitive data, and should be
<p>If the value begins with exec: the resulting command will be
executed and the first line returned to standard output by the
program will be used as the password.</p>
-<div class="example"><pre>#Password used as-is
+<pre class="prettyprint lang-config">#Password used as-is
AuthLDAPBindPassword secret
#Run /path/to/program to get my password
AuthLDAPBindPassword exec:/path/to/program
#Run /path/to/otherProgram and provide arguments
-AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre></div>
+AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre>
+
</div>
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_authnz_ldap.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_authnz_ldap.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Permet d'utiliser un annuaire LDAP pour l'authentification
HTTP de base.</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1555539 -->
+<!-- English Revision: 1555539:1587324 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#login">Database Login</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login integration</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration example</a></li>
</ul><h3>See also</h3>
<ul class="seealso">
authorization types with <code>dbd-group</code>, <code>dbd-login</code> and
<code>dbd-logout</code>.</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the DBD require directives.</p>
<h3><a name="reqgroup" id="reqgroup">Require dbd-group</a></h3>
For usage details, see the configuration example below.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="client" id="client">Client Login</a></h2>
+<h2><a name="client" id="client">Client Login integration</a></h2>
<p>Some administrators may wish to implement client-side session
management that works in concert with the server-side login/logout
capabilities offered by this module, for example, by setting or unsetting
-an HTTP cookie or other such token when a user logs in or out.
-To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an
+an HTTP cookie or other such token when a user logs in or out.</p>
+
<p>To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an
optional hook that will be run whenever a user's status is updated in
the database. Other session management modules can then use the hook
to implement functions that start and end client-side sessions.</p>
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_authz_dbd.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_authz_dbd.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation en groupe et reconnaissance d'identité avec base
SQL</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1555540 -->
+<!-- English Revision: 1555540:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
a user is allowed to access a resource. mod_authz_dbm extends the
authorization types with <code>dbm-group</code>.</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the DBM require directives.</p>
<h3><a name="reqgroup" id="reqgroup">Require dbm-group</a></h3>
<a href="../fr/mod/mod_authz_dbm.html" title="Français"> fr </a> |
<a href="../ko/mod/mod_authz_dbm.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur les groupes à l'aide de fichiers
DBM</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1555541 -->
+<!-- English Revision: 1555541:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 111480:1555541 (outdated) -->
+<!-- English Revision: 111480:1587031 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ko</variant>
</variants>
</metafile>
authorization types with <code>group</code> and <code>group-file</code>.
</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the groupfile require directives.</p>
<h3><a name="reqgroup" id="reqgroup">Require group</a></h3>
<a href="../ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../ko/mod/mod_authz_groupfile.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur les groupes à l'aide de fichiers
textes</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1555543 -->
+<!-- English Revision: 1555543:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 574882:1555543 (outdated) -->
+<!-- English Revision: 574882:1587031 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:1555543 (outdated) -->
+<!-- English Revision: 151408:1587031 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
</variants>
access an area of the server. Access can be controlled by
hostname, IP Address, or IP Address range.</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the host require directives.</p>
<h3><a name="reqip" id="reqip">Require ip</a></h3>
<h3><a name="reqlocal" id="reqlocal">Require local</a></h3>
+
<p>The <code>local</code> provider allows access to the server if any
of the following conditions is true:</p>
+
<h3><a name="proxy" id="proxy">Security Note</a></h3>
<p>If you are proxying content to your server, you need to be aware
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_authz_host.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_authz_host.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisations de groupe basées sur l'hôte (nom ou adresse
IP)</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1555545 -->
+<!-- English Revision: 1555545:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
authorization types with <code>user</code> and <code>valid-user</code>.
</p>
- <p>Since v2.
5.0, <a href="../expr.html">expressions</a> are supported
+ <p>Since v2.
4.8, <a href="../expr.html">expressions</a> are supported
within the user require directives.</p>
<h3><a name="requser" id="requser">Require user</a></h3>
<a href="../ja/mod/mod_authz_user.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../ko/mod/mod_authz_user.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur l'utilisateur</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>authz_user_module</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1555548 -->
+<!-- English Revision: 1555548:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 635137:1555548 (outdated) -->
+<!-- English Revision: 635137:1587031 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:1555548 (outdated) -->
+<!-- English Revision: 151408:1587031 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
</variants>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define a default URL for requests that don't map to a file</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>FallbackResource disabled | <var>local-url</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>None - httpd will return 404 (Not Found)</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>disabled - httpd will return 404 (Not Found)</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<a href="../ko/mod/mod_dir.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_dir.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Permet la redirection des adresses se terminant par un
répertoire sans slash de fin et la mise à disposition des fichiers index
de répertoire</td></tr>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Définit une URL par défaut pour les requêtes qui ne ciblent
aucun fichier</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>FallbackResource disabled <var>url-locale</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>Aucune - httpd renvoie un code d'erreur 404 (Not Found)</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>FallbackResource disabled | <var>url-locale</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>disabled - httpd renvoie un code d'erreur 404 (Not Found)</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel, répertoire, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">AllowOverride:</a></th><td>Indexes</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1577905 -->
+<!-- English Revision: 1577905:1586470 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 420990:1577905 (outdated) -->
+<!-- English Revision: 420990:1586470 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:1577905 (outdated) -->
+<!-- English Revision: 151408:1586470 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
<variant outdated="yes">tr</variant>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 1554501:1577905 (outdated) -->
+<!-- English Revision: 1554501:1586470 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr>
Reviewed by: Orhan Berent <berent belgeler.gen.tr>
en spécifiant <code>change=no</code>.
</p>
- <p><var>drapeaux protocole</var> peut contenir un ou plusieurs
+ <p><var>drapeaux_protocole</var> peut contenir un ou plusieurs
drapeaux parmi les suivants :</p>
<dl>
taille</dd>
<dt><code>change=1:1</code></dt>
- <dd>>Le filtre modifie le contenu, mais pas sa taille</dd>
+ <dd>Le filtre modifie le contenu, mais pas sa taille</dd>
<dt><code>byteranges=no</code></dt>
<dd>Le filtre ne peut pas traiter de réponses à des sous-requêtes et
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Default condition was temporarily changed to "always" in 2.3.9 and 2.3.10. SetIfEmpty available since 2.4.7.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Default condition was temporarily changed to "always" in 2.3.9 and 2.3.10.<br />
+SetIfEmpty and note available in 2.4.7 and later.</td></tr>
</table>
<p>This directive can replace, merge or remove HTTP response
headers. The header is modified just after the content handler
<dt><code>setifempty</code></dt>
<dd>The request header is set, but only if there is no previous header
- with this name. Available in 2.4.7 and later.</dd>
+ with this name.<br />
+ Available in 2.4.7 and later.</dd>
<dt><code>unset</code></dt>
<dd>The response header of this name is removed, if it exists.
<dd>The value of the named response <var>header</var> is copied into an
internal note whose name is given by <var>value</var>. This is useful
if a header sent by a CGI or proxied resource is configured to be unset
- but should also be logged.</dd>
+ but should also be logged.<br />
+ Available in 2.4.7 and later.</dd>
</dl>
designed to expose the values obtained by <code>getloadavg()</code>
and this represents the current load average, the 5 minute average, and
the 15 minute average. The value is preceded by <code>l=</code> with each
- average separated by <code>/</code>.
+ average separated by <code>/</code>.<br />
+ Available in 2.4.4 and later.
</td></tr>
<tr><td><code>%i</code></td>
<td>The current idle percentage of httpd (0 to 100) based on available
- processes and threads. The value is preceded by <code>i=</code>.
+ processes and threads. The value is preceded by <code>i=</code>.<br />
+ Available in 2.4.4 and later.
</td></tr>
<tr class="odd"><td><code>%b</code></td>
<td>The current busy percentage of httpd (0 to 100) based on available
- processes and threads. The value is preceded by <code>b=</code>.
+ processes and threads. The value is preceded by <code>b=</code>.<br />
+ Available in 2.4.4 and later.
</td></tr>
<tr><td><code>%{VARNAME}e</code></td>
<td>The contents of the <a href="../env.html">environment
<dt><code>setifempty</code></dt>
<dd>The request header is set, but only if there is no previous header
- with this name. Available in 2.4.7 and later.</dd>
+ with this name.<br />
+ Available in 2.4.7 and later.</dd>
<dt><code>unset</code></dt>
<dd>The request header of this name is removed, if it exists. If
<a href="../ja/mod/mod_headers.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
<a href="../ko/mod/mod_headers.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Personnalisation des en-têtes de requêtes et de réponses
HTTP</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<pre class="prettyprint lang-config">Header set Set-Cookie testcookie "expr=-z %{req:Cookie}"</pre>
</li>
+ <li>
+ Ajoute un en-tête de mise en cache pour les réponses avec un
+ code d'état HTTP de 200
+ <pre class="prettyprint lang-config">Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200"</pre>
+
+ </li>
</ol>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>L'argument optionnel <var>condition</var> permet de déterminer
sur quelle table interne d'en-têtes de réponses cette directive va
- opérer. D'autres composants du serveur peuvent avoir stocké leurs
- en-têtes de réponses dans la table correspondant à
- <code>onsuccess</code> ou dans celle correspondant à
- <code>always</code>. Dans ce contexte, "Always" fait référence au
- choix d'envoyer les en-têtes que vous ajoutez aux réponses, qu'elle
- soient avec succès ou échouées ; par contre, si votre action est une
- fonction d'un en-tête existant, vous devrez lire la documentation de
- manière plus approfondie car dans ce cas, les choses se compliquent.</p>
-
- <p>Vous pouvez avoir à changer la valeur par défaut
- <code>onsuccess</code> en <code>always</code> dans des circonstances
- similaires à celles exposées plus loin. Notez aussi que la répétition
+ opérer. En dépit du nom, la valeur par défaut de
+ <code>onsuccess</code> ne limite <em>pas</em> une <var>action</var>
+ aux réponses avec un code d'état de 2xx. Les en-têtes définis sous
+ cette condition sont encore utilisés quand par exemple une requête
+ est mandatée ou générée par un programme CGI avec <em>succès</em>,
+ et ceci même dans le cas où ils ont généré un code d'échec.</p>
+
+ <p>Lorsque votre action est une fonction agissant sur un en-tête
+ existant, vous pourrez être amené à spécifier une condition
+ <code>always</code>, en fonction de la table interne dans laquelle
+ l'en-tête original a été défini. La table qui correspond à
+ <code>always</code> est utilisée pour les réponses d'erreur générées
+ localement ainsi que pour les réponses qui ont abouti.
+ Notez aussi que la répétition
de cette directive avec les deux conditions peut être pertinente
dans certains scénarios, car <code>always</code> n'englobe pas
<code>onsuccess</code> en ce qui concerne les en-têtes existants :</p>
<ul>
- <li>Vous ajoutez un en-tête à une réponse échouée (non-2xx),
+ <li>Vous ajoutez un en-tête à une réponse
+ générée localement et échouée
+ (non-2xx),
une redirection par exemple, et dans ce cas, seule la table
correspondant à <code>always</code> est utilisée dans la réponse
définitive.</li>
condition par défaut <code>onsuccess</code>.</li>
</ul>
+ <p>Outre le paramètre <var>condition</var> décrit ci-dessus, vous
+ pouvez limiter une action en fonction de codes d'état HTTP, par
+ exemple pour les requêtes mandatées ou générées par un programme
+ CGI. Voir l'exemple qui utilise %{REQUEST_STATUS} dans la section
+ ci-dessus.</p>
+
<p>L'action que cette directive provoque est déterminée par le
premier argument (ou par le second argument si une
<var>condition</var> est spécifiée). Il peut prendre
courante, ainsi que la charge moyenne pendant les cinq et les
quinze dernières minutes. Chaque valeur est précédée de
<code>l=</code> et séparée des autres par un slash
- <code>/</code>.
+ <code>/</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td><code>%i</code></td>
<td>Le pourcentage de disponibilité de httpd (0 à 100) basé sur
le nombre de threads et de processus disponibles. La valeur est
- précédée de <code>i=</code>.
+ précédée de <code>i=</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr class="odd"><td><code>%b</code></td>
<td>Le pourcentage d'utilisation de httpd (0 à 100) basé sur
le nombre de threads et de processus disponibles. La valeur est
- précédée de <code>b=</code>.
+ précédée de <code>b=</code>.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td><code>%{NOM_VARIABLE}e</code></td>
<td>Le contenu de la <a href="../env.html">variable
directives <code class="directive">Header</code> sont traitées juste avant
l'envoi de la réponse sur le réseau. Cela signifie qu'il est
possible de définir et/ou modifier la plupart des en-têtes, à
- l'exception de ceux qui sont ajoutés par le filtre HTTP
- d'en-tête, comme Content-Type.</p>
+ l'exception de certains en-têtes qui sont ajoutés par le filtre
+ d'en-tête HTTP. Avant la version 2.2.12, il n'était pas
+ possible de modifier l'en-tête Content-Type avec cette directive.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1586470 -->
+<!-- English Revision: 1586470:1587098 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 151408:1584082 (outdated) -->
+<!-- English Revision: 151408:1587098 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:1584082 (outdated) -->
+<!-- English Revision: 151408:1587098 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<a href="../fr/mod/mod_isapi.html" title="Français"> fr </a> |
<a href="../ko/mod/mod_isapi.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
-<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Extensions ISAPI au coeur d'Apache pour Windows</td></tr>
+<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Extensions ISAPI dans Apache pour Windows</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>isapi_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Fichier Source:</a></th><td>mod_isapi.c</td></tr>
<tr><th><a href="module-dict.html#Compatibility">Compatibilité:</a></th><td>Win32 only</td></tr></table>
<h3>Sommaire</h3>
- <p>Ce module implémente l'API des extensions <strong>Internet Server</strong>
- (l'application IIS de Microsoft). Il
- permet à Apache pour Windows de servir les extensions <strong>Internet Server</strong>
- (par exemple les modules .dll ISAPI), compte tenu des
+ <p>Ce module implémente l'API des extensions du Serveur Internet. Il
+ permet à Apache pour Windows de servir les extensions du Serveur
+ Internet (par exemple les modules .dll ISAPI), compte tenu des
restrictions spécifiées.</p>
<p>Les modules d'extension ISAPI (fichiers .dll) sont des modules
gestionnaire était <code>isapi-isa</code> au lieu de
<code>isapi-handler</code>. Depuis les versions de développement 2.3
du serveur Apache, <code>isapi-isa</code> n'est plus valide, et vous
- devrez modifier votre configuration pour utiliser
- <code>isapi-handler</code> à sa place.</div>
+ devrez éventuellement modifier votre configuration pour utiliser
+ <code>isapi-handler</code> à la place.</div>
<p>Le serveur Apache ne propose aucun moyen de conserver en mémoire
un module chargé. Vous pouvez cependant précharger et garder un
<p>Que vous ayez ou non préchargé une extension ISAPI, ces dernières
- sont toutes soumises aux mêmes restrictions et possèdent les mêmes
+ sont toutes soumises au mêmes restrictions et possèdent les mêmes
permissions que les scripts CGI. En d'autres termes, <code class="directive"><a href="../mod/core.html#options">Options</a></code> <code>ExecCGI</code> doit être
défini pour le répertoire qui contient le fichier .dll ISAPI.</p>
<p>Si aucune option de configuration particulière n'est spécifiée,
certains serveurs, comme Microsoft IIS, chargent l'extension ISAPI
dans le serveur et la conservent en mémoire jusqu'à ce que
- l'utilisation de cette dernière devienne trop élevée. Apache, en
- revanche, charge et décharge réellement l'extension ISAPI chaque fois
+ l'utilisation de cette dernière devienne trop élevée. Apache, par
+ contre, charge et décharge réellement l'extension ISAPI chaque fois
qu'elle est invoquée, si la directive <code class="directive"><a href="#isapicachefile">ISAPICacheFile</a></code> n'a pas été spécifiée.
Ce n'est pas très performant, mais le modèle de mémoire d'Apache
fait que cette méthode est la plus efficace. De nombreux modules
<code>GetServerVariable</code>, ainsi que les valeurs
<code>ALL_HTTP</code> et <code>ALL_RAW</code>.</p>
- <p>Depuis
Apache httpd 2.0+, <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> propose des
+ <p>Depuis
httpd 2.0, <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> propose des
fonctionnalités supplémentaires introduites dans les versions
actualisées de la spécification ISAPI, ainsi qu'une émulation
limitée des entrées/sorties asynchrones et la sémantique
- <code>TransmitFile</code>. Apache httpd supporte également le préchargement
+ <code>TransmitFile</code>. Apache httpd supporte aussi le préchargement
des .dlls ISAPI à des fins de performances.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr>
</table>
- <p>Cette directive permet de spécifier une liste de noms de fichiers, séparés par des
- espaces, devant être chargés au démarrage
+ <p>Cette directive permet de spécifier une liste, séparés par des
+ espaces, de noms de fichiers devant être chargés au démarrage
du serveur Apache, et rester en mémoire jusqu'à l'arrêt du serveur.
Cette directive peut être répétée pour chaque fichier .dll ISAPI
souhaité. Le chemin complet du fichier doit être spécifié. Si le
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ISAPIFakeAsync" id="ISAPIFakeAsync">ISAPIFakeAsync</a> <a name="isapifakeasync" id="isapifakeasync">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Émulation du support des entrées/sorties asynchrones pour
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Emulation du support des entrées/sorties asynchrones pour
les appels ISAPI</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>ISAPIFakeAsync on|off</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>ISAPIFakeAsync off</code></td></tr>
<variants>
<variant>en</variant>
- <variant outdated="yes">fr</variant>
+ <variant>fr</variant>
<variant outdated="yes">ko</variant>
</variants>
</metafile>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
- <p>This directive, if enabled by the <code>LDAPReferrals</code> directive,
+ <p>This directive, if enabled by the <code class="directive">LDAPReferrals</code> directive,
limits the number of referral hops that are followed before terminating an
LDAP query.</p>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>The <var>default</var> parameter is available in Apache 2.4.7 and later</td></tr>
</table>
<p>Some LDAP servers divide their directory among multiple domains and use referrals
to direct a client when a domain boundary is crossed. This is similar to a HTTP redirect.
explicitly configures the referral chasing in the underlying SDK.</p>
- <p><code class="directive">LDAPReferrals</code> takes the takes the following values:
- </p>
+ <p><code class="directive">LDAPReferrals</code> takes the following values:</p>
<dl>
<dt>"on"</dt>
<dd> <p> When set to "on", the underlying SDK's referral chasing state
registered.</p></dd>
</dl>
- <p> The directive <code>LDAPReferralHopLimit</code> works in conjunction with
+ <p>The directive <code class="directive">LDAPReferralHopLimit</code> works in conjunction with
this directive to limit the number of referral hops to follow before terminating the LDAP query.
When referral processing is enabled by a value of "On", client credentials will be provided,
- via a rebind callback, for any LDAP server requiring them. </p>
+ via a rebind callback, for any LDAP server requiring them.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
fallait être très prudent lors de l'exploitation des journaux
bruts.</p>
- <p>A la différence de la version 1.3, dans httpd 2.0, les chaînes
+ <p>A la différence de la version 1.3, depuis httpd 2.0, les chaînes
de format <code>%b</code> et <code>%B</code> ne représentent pas
le nombre d'octets envoyés au client, mais simplement la taille en
octets de la réponse HTTP (les deux étant différents, par exemple,
<a href="../ko/mod/mod_log_config.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_log_config.html" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Sunucuya yapılan isteklerin günlük kayıtlarının tutulması
</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Temel</td></tr>
<variants>
<variant>en</variant>
- <variant outdated="yes">fr</variant>
+ <variant>fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
<variant outdated="yes">tr</variant>
<td>Bytes sent, including headers, cannot be zero.</td></tr>
<tr><td><code>%S</code></td>
<td>Bytes transferred (received and sent), including request and headers,
- cannot be zero. This is the combination of %I and %O.</td></tr>
+ cannot be zero. This is the combination of %I and %O.<br />
+ Available in Apache 2.4.7 and later</td></tr>
</table>
<p>Usually, the functionality is used like this:</p>
<a href="../ko/mod/mod_logio.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_logio.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Journalisation des octets en entrée et en sortie pour
chaque requête</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<a href="../ko/mod/mod_logio.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_logio.html" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Her isteğin girdi ve çıktı uzunluklarının günlüklenmesi.
</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Eklenti</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1523269 -->
+<!-- English Revision: 1523269:1587098 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 420990:1523269 (outdated) -->
+<!-- English Revision: 420990:1587098 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding='EUC-KR' ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 420990:1523269 (outdated) -->
+<!-- English Revision: 420990:1587098 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
- <variant>tr</variant>
+ <variant outdated="yes">tr</variant>
</variants>
</metafile>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 1523269 -->
+<!-- English Revision: 1523269:1587098 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr>
Reviewed by: Orhan Berent <berent belgeler.gen.tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.5.0 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.4.5 and later</td></tr>
</table>
<p>Provides a means of adding a Lua function as an input filter.
As with output filters, input filters work as coroutines,
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.5.0 and later</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.4.5 and later</td></tr>
</table>
<p>Provides a means of adding a Lua function as an output filter.
As with input filters, output filters work as coroutines,
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_lua.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_lua.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Fournit des points d'entrée Lua dans différentes parties du
traitement des requêtes httpd</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1576896 -->
+<!-- English Revision: 1576896:1587324 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.5.0
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.5 and later.</td></tr>
</table>
<p>This directive will cause the current server/vhost to "inherit" ProxyPass
Balancers and Workers defined in the main server. This can cause issues and
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.</td></tr>
</table>
<p>This directive will cause the shared memory storage associated
with the balancers and balancer members to be persisted across
identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs
using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p>
- <p>From 2.5.0 onwards, named groups and backreferences are captured and
+ <p>From 2.4.8 onwards, named groups and backreferences are captured and
written to the environment with the corresponding name prefixed with
"MATCH_" and in upper case. This allows elements of URLs to be referenced
from within <a href="../expr.html">expressions</a> and modules like
<div class="note"><strong>Note: </strong>This directive cannot be used within a
<code><Directory></code> context.</div>
-
+
<div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
usually be set <strong>off</strong> when using
<code class="directive">ProxyPass</code>.</div>
and it depends on the backend application server that support sessions.
If the backend application server uses different name for cookies
and url encoded id (like servlet containers) use | to to separate them.
- The first part is for the cookie the second for the path.
+ The first part is for the cookie the second for the path.<br />
+ Available in Apache HTTP Server 2.4.4 and later.
</td></tr>
<tr><td>stickysessionsep</td>
<td>"."</td>
<td>Off</td>
<td>If set, an IO read timeout after a request is sent to the backend will
force the worker into error state. Worker recovery behaves the same as other
- worker errors.
+ worker errors.<br />
Available in Apache HTTP Server 2.4.5 and later.
</td></tr>
<tr><td>nonce</td>
in error state. There might be cases where an already overloaded backend
can get into deeper trouble if the recovery of all workers is enforced
without considering the retry parameter of each worker. In this case
- set to <code>Off</code>.
+ set to <code>Off</code>.<br />
+ Available in Apache HTTP Server 2.4.2 and later.
</td></tr>
</table>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later.
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later.
and later.</td></tr>
</table>
<p>This directive will cause the current server/vhost to "inherit"
<a href="../fr/mod/mod_proxy.html" title="Français"> fr </a> |
<a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Serveur mandataire/passerelle multi-protocole</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>proxy_module</td></tr>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.5.0 du serveur
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.4.5 du serveur
HTTP Apache.</td></tr>
</table>
<p>Cette directive permet d'attribuer au serveur virtuel courant
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>BalancerPersist n'est disponible qu'à partir de la
- version 2.5.0 du serveur HTTP Apache.</td></tr>
+ version 2.4.4 du serveur HTTP Apache.</td></tr>
</table>
<p>Cette directive permet de conserver le contenu de l'espace
mémoire partagé associé aux répartiteurs de charge et à leurs
d'application d'arrière-plan utilise des noms différents pour
les cookies et les identifiants codés d'URL (comme les
conteneurs de servlet), séparez-les par le caractère '|'. La
- première partie contient le cookie et la seconde le chemin.
+ première partie contient le cookie et la seconde le chemin.<br />
+ Disponible depuis la version 2.4.4 du serveur HTTP Apache.
</td></tr>
<tr><td>stickysessionsep</td>
<td>"."</td>
dépassé en entrée/sortie après envoi d'une requête au serveur
d'arrière-plan va mettre le processus en état d'erreur. La
sortie de cet état d'erreur se passe de la même façon que pour
- les autres erreurs.
+ les autres erreurs.<br />
Disponible à partir de la version 2.4.5 du serveur HTTP Apache.
</td></tr>
<tr><td>nonce</td>
surchargé entre dans une situation critique si la relance de
tous les membres est forcée sans tenir compte du paramètre retry
de chaque membre. Dans ce cas, définissez ce paramètre à
- <code>Off</code>.
+ <code>Off</code>.<br />
+ Disponible depuis la version 2.4.2 du serveur HTTP Apache.
</td></tr>
</table>
souple, reportez-vous à la documentaion de la directive <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> et son drapeau
<code>[P]</code>.</p>
- <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
- httpd 2.2.9), en combinaison avec la directive
+ <p>Le mot-clé optionnel <var>interpolate</var>, en combinaison avec la directive
<code class="directive">ProxyPassInterpolateEnv</code>, permet à ProxyPass
d'interpoler les variables d'environnement à l'aide de la syntaxe
<var>${VARNAME}</var>. Notez que de nombreuses variables
<code class="directive"><a href="#proxypass">ProxyPass</a></code>
correspondante.</p>
- <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis
- httpd 2.2.9), utilisé en combinaison avec la directive
+ <p>Le mot-clé optionnel <var>interpolate</var>, en
+ combinaison avec la directive
<code class="directive">ProxyPassInterpolateEnv</code>, permet
l'interpolation des variables d'environnement spécifiées en
utilisant le format <var>${VARNAME}</var> Notez que l'interpolation
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.5.0
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.5 and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p></div>
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.
- and later.</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
</p></div>
<tr><th><a href="directive-dict.html#Context">コンテキスト:</a></th><td>サーバ設定ファイル, バーチャルホスト</td></tr>
<tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later.
+<tr><th><a href="directive-dict.html#Compatibility">互換性:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later.
and later.</td></tr>
</table><p>このディレクティブの解説文書は
まだ翻訳されていません。英語版をご覧ください。
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1586470 -->
+<!-- English Revision: 1586470:1587324 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 344971:1584684 (outdated) -->
+<!-- English Revision: 344971:1587324 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
IS_SUBREQ<br />
HTTPS<br />
REQUEST_SCHEME<br />
+ REMOTE_ADDR<br />
+ CONN_REMOTE_ADDR<br />
</td>
</tr>
</table>
<dt><code>InheritBefore</code></dt>
<dd>
<p> Like <code>Inherit</code> above, but the rules from the parent scope
- are applied <strong>before</strong> rules specified in the child scope.
+ are applied <strong>before</strong> rules specified in the child scope.<br />
Available in Apache HTTP Server 2.3.10 and later.</p>
</dd>
the configuration of the current configuration. It is equivalent to
specifying <code>RewriteOptions Inherit</code> in all child
configurations. See the <code>Inherit</code> option for more details
- on how the parent-child relationships are handled. Available in Apache
- HTTP Server 2.4.8 and later.</p>
+ on how the parent-child relationships are handled.<br />
+ Available in Apache HTTP Server 2.4.8 and later.</p>
</dd>
<dt><code>InheritDownBefore</code></dt>
<p>Like <code>InheritDown</code> above, but the rules from the current
scope are applied <strong>before</strong> rules specified in any child's
- scope. Available in Apache HTTP Server 2.4.8 and later.</p>
+ scope.<br />
+ Available in Apache HTTP Server 2.4.8 and later.</p>
</dd>
<dt><code>IgnoreInherit</code></dt>
<p>This option forces the current and child configurations to ignore
all rules that would be inherited from a parent specifying
- <code>InheritDown</code> or <code>InheritDownBefore</code>. Available
- in Apache HTTP Server 2.4.8 and later.</p>
+ <code>InheritDown</code> or <code>InheritDownBefore</code>.<br />
+ Available in Apache HTTP Server 2.4.8 and later.</p>
</dd>
<dt><code>AllowNoSlash</code></dt>
is set to off, the <code>AllowNoSlash</code> option can be enabled to ensure
that rewrite rules are no longer ignored. This option makes it possible to
apply rewrite rules within .htaccess files that match the directory without
- a trailing slash, if so desired. Available in Apache HTTP Server 2.4.0 and
- later.</p>
+ a trailing slash, if so desired.<br />
+ Available in Apache HTTP Server 2.4.0 and later.</p>
</dd>
<dt><code>AllowAnyURI</code></dt>
<p>When <code class="directive"><a href="#rewriterule">RewriteRule</a></code>
is used in <code>VirtualHost</code> or server context with
version 2.2.22 or later of httpd, <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
- will only process the rewrite rules if the request URI is a <a href="./directive-dict.html#Syntax">URL-path</a>. This avoids
+ will only process the rewrite rules if the request URI is a <a href="directive-dict.html#Syntax">URL-path</a>. This avoids
some security issues where particular rules could allow
"surprising" pattern expansions (see <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>).
<code>AllowAnyURI</code> option can be enabled, and
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> will apply the rule set to any
request URI string, regardless of whether that string matches
- the URL-path grammar required by the HTTP specification.</p>
+ the URL-path grammar required by the HTTP specification.<br />
+ Available in Apache HTTP Server 2.4.3 and later.</p>
<div class="warning">
<h3>Security Warning</h3>
l'en-tête ``<code>User-Agent:</code>'' de la requête, vous
pouvez utiliser ce qui suit : </p>
-<pre class="prettyprint lang-config">RewriteCond %{HTTP_USER_AGENT} ^Mozilla
-RewriteRule ^/$ /homepage.max.html [L]
-
-RewriteCond %{HTTP_USER_AGENT} ^Lynx
-RewriteRule ^/$ /homepage.min.html [L]
+<pre class="prettyprint lang-config">RewriteCond %{HTTP_USER_AGENT} (iPhone|Blackberry|Android)
+RewriteRule ^/$ /homepage.mobile.html [L]
RewriteRule ^/$ /homepage.std.html [L]</pre>
<p>Explications : si vous utilisez un navigateur
- (Netscape Navigator, Mozilla etc) qui s'identifie comme
- 'Mozilla', vous accèderez à la page d'accueil max (qui
- peut contenir des frames, ou d'autres ressources
- particulières).
- Si vous utilisez le navigateur Lynx (qui est un navigateur
- en mode texte), vous accèderez à une page d'accueil min
- (qui peut être une version conçue pour une navigation simple
- basée sur le texte).
- Si aucune de ces conditions n'est satisfaite (vous utilisez tout
- autre navigateur, ou votre navigateur s'identifie de manière non
- standard), vous accèderez à la page d'accueil std
- (standard).</p>
+ qui s'identifie comme un navigateur de mobile (notez que cet
+ exemple est incomplet car il existe de nombreuses autres
+ plateformes mobiles), c'est la version mobile de la page
+ d'accueil qui sera servie. Dans le cas contraire, vous verrez
+ s'afficher la page d'accueil standard.</p>
</div>
<p>Même effet que l'option <code>Inherit</code> ci-dessus, mais
les règles spécifiées dans le niveau parent s'appliquent
<strong>avant</strong> les règles spécifiées dans le niveau
- enfant. Disponible depuis la version 2.3.10 du serveur HTTP
+ enfant.<br />
+ Disponible depuis la version 2.3.10 du serveur HTTP
Apache.</p>
</dd>
spécifie <code>RewriteOptions Inherit</code> dans toutes les
configurations enfants. Voir l'option <code>Inherit</code> pour
plus de détails à propos de la manière dont les relations
- parent-enfants sont traitées. Cette option est disponible à partir
+ parent-enfants sont traitées.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
<p>L'effet de cette option est équivalent à celui de l'option
<code>InheritDown</code> ci-dessus, mais les règles de la
configuration parente s'appliquent <strong>avant</strong> toute
- règle de la configuration enfant. Cette option est disponible à partir
+ règle de la configuration enfant.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
<p>Si cette option est activée, les configurations courante et
enfants ignoreront toute règle héritée d'une configuration parente
via les options <code>InheritDown</code> ou
- <code>InheritDownBefore</code>. Cette option est disponible à partir
+ <code>InheritDownBefore</code>.<br />
+ Cette option est disponible à partir
de la version 2.4.8 du serveur HTTP Apache.</p>
</dd>
s'assurer que les règles de réécriture ne soient plus ignorées.
Si on le souhaite, cette option permet de faire s'appliquer des
règles de réécriture qui correspondent à un répertoire sans slash
- final au sein de fichiers .htaccess. Elle est disponible à
+ final au sein de fichiers .htaccess.<br />
+ Elle est disponible à
partir de la version 2.4.0 du serveur HTTP Apache.</p>
</dd>
<p>A partir de la version 2.2.22 de httpd, lorsqu'une directive <code class="directive"><a href="#rewriterule">RewriteRule</a></code> se situe dans un
contexte de <code>serveur virtuel</code> ou de serveur principal,
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> ne traitera les règles de réécriture
- que si l'URI de la requête respecte la syntaxe d'un <a href="./directive-dict.html#Syntax">chemin URL</a>. Ceci permet
+ que si l'URI de la requête respecte la syntaxe d'un <a href="directive-dict.html#Syntax">chemin URL</a>. Ceci permet
d'éviter certains problèmes de sécurité où des règles
particulières pourraient permettre des développements de modèles
inattendus (voir <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a>
utiliser l'option <code>AllowAnyURI</code>, afin de permettre à
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> d'appliquer le jeu de règles à toute
chaîne de requête URI, sans vérifier si cette dernière respecte la
- grammaire des chemins URL définie dans la spécification HTTP.</p>
+ grammaire des chemins URL définie dans la spécification HTTP.<br />
+ Disponible depuis la version 2.4.3 du serveur HTTP Apache.</p>
<div class="warning">
<h3>Avertissement à propos de la sécurité</h3>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1586447 -->
+<!-- English Revision: 1586447:1587031 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
secret to the end of the list, and once rolled out completely to all servers, remove
the first key from the start of the list.</p>
- <p>If the value begins with exec: the resulting command will be executed and the
- first line returned to standard output by the program will be used as the key.</p>
+ <p>As of version 2.4.7 if the value begins with <var>exec:</var> the resulting command
+ will be executed and the first line returned to standard output by the program will be
+ used as the key.</p>
<div class="example"><pre>#key used as-is
SessionCryptoPassphrase secret
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_session_crypto.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_session_crypto.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Support du chiffrement des sessions</td></tr>
<tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>session_crypto_module</td></tr>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1562488 -->
+<!-- English Revision: 1562488:1587098 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.1 d'Apache, à condition
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Normalement, ce sont les préférences du client qui sont prises en
compte lors du choix d'un algorithme de chiffrement au cours d'une
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Cette directive permet de définir le répondeur OCSP par défaut. Si la
directive <code class="directive"><a href="#sslocspoverrideresponder">SSLOCSPOverrideResponder</a></code> n'est pas activée,
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Cette directive permet d'activer la validation OCSP de la chaîne de
certificats du client. Si elle est activée, les certificats de la chaîne
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Force l'utilisation, au cours d'une validation OCSP de certificat, du
répondeur OCSP par défaut spécifié dans la configuration, que le
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Cette option permet de définir le délai d'attente pour les requêtes à
destination des répondeurs OCSP, lorsque la directive <code class="directive"><a href="#sslocspenable">SSLOCSPEnable</a></code> est à on.</p>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Cette option permet de définir l'âge maximum autorisé (la
"fraicheur") des réponses OCSP. La valeur par défault (<code>-1</code>)
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve
-d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr>
</table>
<p>Cette option permet de définir la dérive temporelle maximale
autorisée pour les réponses OCSP (lors de la vérification des champs
<li><code>exec:/chemin/vers/programme</code>
<p>
Ici, un programme externe est appelé au démarrage du serveur pour
- chaque fichier de clé privée chiffré. Il est appelé avec deux
- arguments (le premier est de la forme
+ chaque fichier de clé privée chiffré. Jusqu'à
+ la version 2.4.7, il était appelé avec deux
+ arguments (le premier était de la forme
``<code>nom-serveur:port</code>'', le second
est ``<code>RSA</code>'', ``<code>DSA</code>'' ou ``<code>ECC</code>''), qui
indiquent pour quels serveur et algorithme il doit écrire le mot de
- passe correspondant sur <code>stdout</code>. Le but recherché est
+ passe correspondant sur <code>stdout</code>. Depuis la version
+ 2.4.9, il est appelé avec un seul argument, une chaîne de la forme
+ "<code>servername:portnumber:index</code>" (où <code>index</code>
+ est un numéro d'ordre commençant à zéro), qui spécifie le serveur,
+ le port TCP et un numéro de certificat. Le but recherché est
l'exécution de vérifications de sécurité préalables permettant de
s'assurer que le système n'est pas victime d'une attaque, et de ne
fournir le mot de passe que si toutes les vérifications ont été
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Si <code class="directive"><a href="#sslusestapling">SSLUseStapling</a></code> est à "on",
cette directive permet de configurer le cache destiné à stocker les
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de définir la durée de vie des réponses
<em>invalides</em> dans le cache pour agrafage OCSP configuré via la
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Lorsque cette directive est activée, et si une requête vers un
serveur OCSP à des fins d'inclusion dans une négociation TLS échoue,
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de remplacer l'URI du serveur OCSP extraite de
l'extension authorityInfoAccess (AIA) du certificat. Elle peut s'avérer
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de définir le temps d'attente maximum lorsque
mod_ssl envoie une requête vers un serveur OCSP afin d'obtenir une
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de définir l'âge maximum autorisé
("fraîcheur") des réponses OCSP incluses dans la négociation TLS
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de spécifier l'intervalle de temps maximum que
mod_ssl va calculer en faisant la différence entre les contenus des
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Lorsque cette directive est activée, mod_ssl va transmettre au client les
réponses concernant les requêtes OCSP échouées (erreurs d'état, réponses
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet de définir la durée de vie des réponses OCSP
dans le cache configuré via la directive <code class="directive"><a href="#sslstaplingcache">SSLStaplingCache</a></code>. Elle ne s'applique qu'aux
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP
-Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr>
</table>
<p>Cette directive permet d'activer l'"Agrafage OCSP" (OCSP stapling)
selon la définition de l'extension TLS "Certificate Status Request"
<div class="example"><h3>Exemple</h3><pre class="prettyprint lang-config">SuexecUserGroup nobody nogroup</pre>
</div>
- <p>Depuis la version 2.3.9, le démarrage va échouer si cette
+ <p>Le démarrage échouera si cette
directive est spécifiée et si la fonctionnalité suEXEC est
désactivée.</p>
<a href="../ko/mod/mod_suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/mod/mod_suexec.html" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>CGI betiklerinin belli bir kullanıcı ve grubun aidiyetinde
çalışmasını mümkün kılar.</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Eklenti</td></tr>
<variants>
<variant>en</variant>
- <variant outdated="yes">fr</variant>
+ <variant>fr</variant>
<variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
<variant outdated="yes">tr</variant>
<tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr>
<tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_unixd</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.9 d'Apache httpd</td></tr>
</table>
<p>Lorsque cette directive est définie à On, le démarrage échouera si
le binaire suexec n'existe pas, ou possède un propriétaire ou mode
<a href="../fr/mod/mod_unixd.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../tr/mod/mod_unixd.html" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Unix ailesi platformlar için temel (gerekli) güvenlik.</td></tr>
<tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Temel</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Modül Betimleyici:</a></th><td>unixd_module</td></tr>
<variants>
<variant>en</variant>
- <variant outdated="yes">fr</variant>
+ <variant>fr</variant>
<variant outdated="yes">tr</variant>
</variants>
</metafile>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Regroupe un ensemble de directives qui constituent une
extension d'un fournisseur d'authentification de base et lui attribue
l'alias spécifié</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type d'authentification utilisateur</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>chemin-fichier</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit le nom d'un fichier texte pour l'authentification
contenant la liste des utilisateurs et de leurs mots de
<tr><td><a href="mod_ext_filter.html#extfilterdefine">ExtFilterDefine <var>nom filtre</var> <var>paramètres</var></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Définit un filtre externe</td></tr>
<tr class="odd"><td><a href="mod_ext_filter.html#extfilteroptions">ExtFilterOptions <var>option</var> [<var>option</var>] ...</a></td><td> NoLogStderr </td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configure les options de
<code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code></td></tr>
-<tr><td><a href="mod_dir.html#fallbackresource" id="F" name="F">FallbackResource disabled <var>url-locale</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit une URL par défaut pour les requêtes qui ne ciblent
+<tr><td><a href="mod_dir.html#fallbackresource" id="F" name="F">FallbackResource disabled | <var>url-locale</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit une URL par défaut pour les requêtes qui ne ciblent
aucun fichier</td></tr>
<tr class="odd"><td><a href="core.html#fileetag">FileETag <var>composant</var> ...</a></td><td> MTime Size </td><td>svdh</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Caractéristiques de fichier utilisées lors de la génération
de l'en-tête de réponse HTTP ETag pour les fichiers statiques</td></tr>
[<var>chemin-fichier</var>]
...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Fichiers .dll ISAPI devant être chargés au
démarrage</td></tr>
-<tr><td><a href="mod_isapi.html#isapifakeasync">ISAPIFakeAsync on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Émulation du support des entrées/sorties asynchrones pour
+<tr><td><a href="mod_isapi.html#isapifakeasync">ISAPIFakeAsync on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Emulation du support des entrées/sorties asynchrones pour
les appels ISAPI</td></tr>
<tr class="odd"><td><a href="mod_isapi.html#isapilognotsupported">ISAPILogNotSupported on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Journalisation des demandes de fonctionnalités non
supportées de la part des extensions ISAPI</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">認証に使用するユーザとパスワードの一覧が格納されている、
テキストファイルの名前を設定する</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">ÀÎÁõÇÒ »ç¿ëÀÚ¸í¿Í ¾ÏÈ£ ¸ñ·ÏÀ» ÀúÀåÇÏ´Â ¹®ÀÚÆÄÀϸíÀ»
ÁöÁ¤ÇÑ´Ù</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>T</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>T</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an
extension of a base authentication provider and referenced by
the specified alias</td></tr>
+<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
+<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn
+authentication hook.</td></tr>
+<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
+<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for
+authentication and/or authorization</td></tr>
<tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr>
<tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
<li><a href="mod/mod_authn_dbm.html">Apache-Modul mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Apache-Modul mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Apache-Modul mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Apache-Modul mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Apache-Modul mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Apache-Modul mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Apache-Modul mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Apache Module mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Apache Module mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Apache Module mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Apache Module mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Apache Module mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Apache Module mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Apache Module mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Módulo Apache mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Módulo Apache mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Módulo Apache mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Módulo Apache mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Módulo Apache mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Módulo Apache mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Módulo Apache mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Module Apache mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Module Apache mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Module Apache mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Module Apache mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Module Apache mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Module Apache mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Module Apache mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Apache モジュール mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Apache モジュール mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Apache モジュール mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Apache モジュール mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Apache モジュール mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Apache モジュール mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Apache モジュール mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Apache Modülü mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Apache Modülü mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Apache Modülü mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Apache Modülü mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Apache Modülü mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Apache Modülü mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Apache Modülü mod_authz_dbd</a></li>
<li><a href="mod/mod_authn_dbm.html">Apache 模块 mod_authn_dbm</a></li>
<li><a href="mod/mod_authn_file.html">Apache 模块 mod_authn_file</a></li>
<li><a href="mod/mod_authn_socache.html">Apache 模块 mod_authn_socache</a></li>
+<li><a href="mod/mod_authnz_fcgi.html">Apache 模块 mod_authnz_fcgi</a></li>
<li><a href="mod/mod_authnz_ldap.html">Apache 模块 mod_authnz_ldap</a></li>
<li><a href="mod/mod_authz_core.html">Apache 模块 mod_authz_core</a></li>
<li><a href="mod/mod_authz_dbd.html">Apache 模块 mod_authz_dbd</a></li>
fi
])
+dnl FastCGI authorizer interface, supporting authn and authz.
+APACHE_MODULE(authnz_fcgi,
+ FastCGI authorizer-based authentication and authorization, , , no)
+
dnl - host access control compatibility modules. Implements Order, Allow,
dnl Deny, Satisfy for backward compatibility. These directives have been
dnl deprecated in 2.4.
--- /dev/null
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr_hash.h"
+#include "apr_lib.h"
+#include "apr_strings.h"
+
+#include "ap_provider.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "http_log.h"
+#include "util_script.h"
+#include "ap_provider.h"
+#include "mod_auth.h"
+#include "util_fcgi.h"
+#include "ap_mmn.h"
+
+module AP_MODULE_DECLARE_DATA authnz_fcgi_module;
+
+typedef struct {
+ const char *name; /* provider name */
+ const char *backend; /* backend address, as configured */
+ const char *host;
+ apr_port_t port;
+ apr_sockaddr_t *backend_addrs;
+ int is_authn;
+ int is_authz;
+} fcgi_provider_conf;
+
+typedef struct {
+ const char *name; /* provider name */
+ const char *default_user; /* this is user if authorizer returns
+ * success and a user expression yields
+ * empty string
+ */
+ ap_expr_info_t *user_expr; /* expr to evaluate to set r->user */
+ char authoritative; /* fail request if user is rejected? */
+ char require_basic_auth; /* fail if client didn't send credentials? */
+} fcgi_dir_conf;
+
+typedef struct {
+ /* If an "authnz" provider successfully authenticates, record
+ * the provider name here for checking during authz.
+ */
+ const char *successful_authnz_provider;
+} fcgi_request_notes;
+
+static apr_hash_t *fcgi_authn_providers, *fcgi_authz_providers;
+
+#define FCGI_IO_TIMEOUT apr_time_from_sec(30)
+
+#ifndef NON200_RESPONSE_BUF_LEN
+#define NON200_RESPONSE_BUF_LEN 8192
+#endif
+
+/* fcgi://{hostname|IPv4|IPv6}:port[/] */
+#define FCGI_BACKEND_REGEX_STR "m%^fcgi://(.*):(\\d{1,5})/?$%"
+
+/*
+ * utility function to connect to a peer; generally useful, but
+ * wait for AF_UNIX support in this mod before thinking about how
+ * to make it available to other modules
+ */
+static apr_status_t connect_to_peer(apr_socket_t **newsock,
+ request_rec *r,
+ apr_sockaddr_t *backend_addrs,
+ const char *backend_name,
+ apr_interval_time_t timeout)
+{
+ apr_status_t rv = APR_EINVAL; /* returned if no backend addr was provided
+ */
+ int connected = 0;
+ apr_sockaddr_t *addr = backend_addrs;
+
+ while (addr && !connected) {
+ int loglevel = addr->next ? APLOG_DEBUG : APLOG_ERR;
+ rv = apr_socket_create(newsock, addr->family,
+ SOCK_STREAM, 0, r->pool);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, loglevel, rv, r,
+ APLOGNO(02494) "error creating family %d socket "
+ "for target %s",
+ addr->family, backend_name);
+ addr = addr->next;
+ continue;
+ }
+
+ apr_socket_opt_set(*newsock, APR_TCP_NODELAY, 1);
+ apr_socket_timeout_set(*newsock,
+ timeout ? timeout : r->server->timeout);
+
+ rv = apr_socket_connect(*newsock, addr);
+ if (rv != APR_SUCCESS) {
+ apr_socket_close(*newsock);
+ ap_log_rerror(APLOG_MARK, loglevel, rv, r,
+ APLOGNO(02495) "attempt to connect to %pI (%s) "
+ "failed", addr, backend_name);
+ addr = addr->next;
+ continue;
+ }
+
+ connected = 1;
+ }
+
+ return rv;
+#undef FN_LOG_MARK
+}
+
+static void log_provider_info(const fcgi_provider_conf *conf, request_rec *r)
+{
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02496) "name %s, backend %s, host %s, port %d, "
+ "first address %pI, %c%c",
+ conf->name,
+ conf->backend,
+ conf->host,
+ (int)conf->port,
+ conf->backend_addrs,
+ conf->is_authn ? 'N' : '_',
+ conf->is_authz ? 'Z' : '_');
+}
+
+static void setupenv(request_rec *r, const char *password, const char *apache_role)
+{
+ ap_add_common_vars(r);
+ ap_add_cgi_vars(r);
+ apr_table_setn(r->subprocess_env, "FCGI_ROLE", AP_FCGI_AUTHORIZER_STR);
+ if (apache_role) {
+ apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", apache_role);
+ }
+ if (password) {
+ apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password);
+ }
+ /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+ * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+ * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+ */
+ apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
+ apr_table_unset(r->subprocess_env, "PATH_INFO");
+ apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
+ apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+ apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+ apr_table_unset(r->subprocess_env, "HTTP_TE");
+ apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+ apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+ /* Connection hop-by-hop header to prevent the CGI from hanging */
+ apr_table_setn(r->subprocess_env, "HTTP_CONNECTION", "close");
+}
+
+static apr_status_t recv_data(const fcgi_provider_conf *conf,
+ request_rec *r,
+ apr_socket_t *s,
+ char *buf,
+ apr_size_t *buflen)
+{
+ apr_status_t rv;
+
+ rv = apr_socket_recv(s, buf, buflen);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02497) "Couldn't read from backend %s",
+ conf->backend);
+ return rv;
+ }
+
+#if AP_MODULE_MAGIC_AT_LEAST(20130702,2)
+ ap_log_rdata(APLOG_MARK, APLOG_TRACE5, r, "FastCGI data received",
+ buf, *buflen, AP_LOG_DATA_SHOW_OFFSET);
+#endif
+ return APR_SUCCESS;
+}
+
+static apr_status_t recv_data_full(const fcgi_provider_conf *conf,
+ request_rec *r,
+ apr_socket_t *s,
+ char *buf,
+ apr_size_t buflen)
+{
+ apr_size_t readlen;
+ apr_size_t cumulative_len = 0;
+ apr_status_t rv;
+
+ do {
+ readlen = buflen - cumulative_len;
+ rv = recv_data(conf, r, s, buf + cumulative_len, &readlen);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ cumulative_len += readlen;
+ } while (cumulative_len < buflen);
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t sendv_data(const fcgi_provider_conf *conf,
+ request_rec *r,
+ apr_socket_t *s,
+ struct iovec *vec,
+ int nvec,
+ apr_size_t *len)
+{
+ apr_size_t to_write = 0, written = 0;
+ apr_status_t rv = APR_SUCCESS;
+ int i, offset;
+
+ for (i = 0; i < nvec; i++) {
+ to_write += vec[i].iov_len;
+#if AP_MODULE_MAGIC_AT_LEAST(20130702,2)
+ ap_log_rdata(APLOG_MARK, APLOG_TRACE5, r, "FastCGI data sent",
+ vec[i].iov_base, vec[i].iov_len, AP_LOG_DATA_SHOW_OFFSET);
+#endif
+ }
+
+ offset = 0;
+ while (to_write) {
+ apr_size_t n = 0;
+ rv = apr_socket_sendv(s, vec + offset, nvec - offset, &n);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02498) "Sending data to %s failed",
+ conf->backend);
+ break;
+ }
+ if (n > 0) {
+ written += n;
+ if (written >= to_write)
+ break; /* short circuit out */
+ for (i = offset; i < nvec; ) {
+ if (n >= vec[i].iov_len) {
+ offset++;
+ n -= vec[i++].iov_len;
+ } else {
+ vec[i].iov_len -= n;
+ vec[i].iov_base = (char *) vec[i].iov_base + n;
+ break;
+ }
+ }
+ }
+ }
+
+ *len = written;
+
+ return rv;
+}
+
+static apr_status_t send_begin_request(request_rec *r,
+ const fcgi_provider_conf *conf,
+ apr_socket_t *s, int role,
+ apr_uint16_t request_id)
+{
+ struct iovec vec[2];
+ ap_fcgi_header header;
+ unsigned char farray[AP_FCGI_HEADER_LEN];
+ ap_fcgi_begin_request_body brb;
+ unsigned char abrb[AP_FCGI_HEADER_LEN];
+ apr_size_t len;
+
+ ap_fcgi_fill_in_header(&header, AP_FCGI_BEGIN_REQUEST, request_id,
+ sizeof(abrb), 0);
+ ap_fcgi_fill_in_request_body(&brb, role, 0 /* *NOT* AP_FCGI_KEEP_CONN */);
+
+ ap_fcgi_header_to_array(&header, farray);
+ ap_fcgi_begin_request_body_to_array(&brb, abrb);
+
+ vec[0].iov_base = (void *)farray;
+ vec[0].iov_len = sizeof(farray);
+ vec[1].iov_base = (void *)abrb;
+ vec[1].iov_len = sizeof(abrb);
+
+ return sendv_data(conf, r, s, vec, 2, &len);
+}
+
+static apr_status_t send_environment(apr_socket_t *s,
+ const fcgi_provider_conf *conf,
+ request_rec *r, apr_uint16_t request_id,
+ apr_pool_t *temp_pool)
+{
+ const char *fn = "send_environment";
+ const apr_array_header_t *envarr;
+ const apr_table_entry_t *elts;
+ struct iovec vec[2];
+ ap_fcgi_header header;
+ unsigned char farray[AP_FCGI_HEADER_LEN];
+ char *body;
+ apr_status_t rv;
+ apr_size_t avail_len, len, required_len;
+ int i, next_elem, starting_elem;
+
+ envarr = apr_table_elts(r->subprocess_env);
+ elts = (const apr_table_entry_t *) envarr->elts;
+
+ if (APLOG_R_IS_LEVEL(r, APLOG_TRACE2)) {
+
+ for (i = 0; i < envarr->nelts; ++i) {
+ if (!elts[i].key) {
+ continue;
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+ "%s: '%s': '%s'",
+ fn, elts[i].key,
+ !strcmp(elts[i].key, "REMOTE_PASSWD") ?
+ "XXXXXXXX" : elts[i].val);
+ }
+ }
+
+ /* Send envvars over in as many FastCGI records as it takes, */
+ next_elem = 0; /* starting with the first one */
+
+ avail_len = 16 * 1024; /* our limit per record, which could have been up
+ * to AP_FCGI_MAX_CONTENT_LEN
+ */
+
+ while (next_elem < envarr->nelts) {
+ starting_elem = next_elem;
+ required_len = ap_fcgi_encoded_env_len(r->subprocess_env,
+ avail_len,
+ &next_elem);
+
+ if (!required_len) {
+ if (next_elem < envarr->nelts) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ APLOGNO(02499) "couldn't encode envvar '%s' in %"
+ APR_SIZE_T_FMT " bytes",
+ elts[next_elem].key, avail_len);
+ /* skip this envvar and continue */
+ ++next_elem;
+ continue;
+ }
+ /* only an unused element at the end of the array */
+ break;
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02500) "required len for encoding envvars: %"
+ APR_SIZE_T_FMT ", %d/%d elems processed so far",
+ required_len, next_elem, envarr->nelts);
+
+ body = apr_palloc(temp_pool, required_len);
+ rv = ap_fcgi_encode_env(r, r->subprocess_env, body, required_len,
+ &starting_elem);
+ /* we pre-compute, so we can't run out of space */
+ ap_assert(rv == APR_SUCCESS);
+ /* compute and encode must be in sync */
+ ap_assert(starting_elem == next_elem);
+
+ ap_fcgi_fill_in_header(&header, AP_FCGI_PARAMS, request_id,
+ (apr_uint16_t)required_len, 0);
+ ap_fcgi_header_to_array(&header, farray);
+
+ vec[0].iov_base = (void *)farray;
+ vec[0].iov_len = sizeof(farray);
+ vec[1].iov_base = body;
+ vec[1].iov_len = required_len;
+
+ rv = sendv_data(conf, r, s, vec, 2, &len);
+ apr_pool_clear(temp_pool);
+
+ if (rv) {
+ return rv;
+ }
+ }
+
+ /* Envvars sent, so say we're done */
+ ap_fcgi_fill_in_header(&header, AP_FCGI_PARAMS, request_id, 0, 0);
+ ap_fcgi_header_to_array(&header, farray);
+
+ vec[0].iov_base = (void *)farray;
+ vec[0].iov_len = sizeof(farray);
+
+ return sendv_data(conf, r, s, vec, 1, &len);
+}
+
+/*
+ * This header-state logic is from mod_proxy_fcgi.
+ */
+enum {
+ HDR_STATE_READING_HEADERS,
+ HDR_STATE_GOT_CR,
+ HDR_STATE_GOT_CRLF,
+ HDR_STATE_GOT_CRLFCR,
+ HDR_STATE_GOT_LF,
+ HDR_STATE_DONE_WITH_HEADERS
+};
+
+/* Try to find the end of the script headers in the response from the back
+ * end fastcgi server. STATE holds the current header parsing state for this
+ * request.
+ *
+ * Returns 0 if it can't find the end of the headers, and 1 if it found the
+ * end of the headers. */
+static int handle_headers(request_rec *r,
+ int *state,
+ char *readbuf)
+{
+ const char *itr = readbuf;
+
+ while (*itr) {
+ if (*itr == '\r') {
+ switch (*state) {
+ case HDR_STATE_GOT_CRLF:
+ *state = HDR_STATE_GOT_CRLFCR;
+ break;
+
+ default:
+ *state = HDR_STATE_GOT_CR;
+ break;
+ }
+ }
+ else if (*itr == '\n') {
+ switch (*state) {
+ case HDR_STATE_GOT_LF:
+ *state = HDR_STATE_DONE_WITH_HEADERS;
+ break;
+
+ case HDR_STATE_GOT_CR:
+ *state = HDR_STATE_GOT_CRLF;
+ break;
+
+ case HDR_STATE_GOT_CRLFCR:
+ *state = HDR_STATE_DONE_WITH_HEADERS;
+ break;
+
+ default:
+ *state = HDR_STATE_GOT_LF;
+ break;
+ }
+ }
+ else {
+ *state = HDR_STATE_READING_HEADERS;
+ }
+
+ if (*state == HDR_STATE_DONE_WITH_HEADERS)
+ break;
+
+ ++itr;
+ }
+
+ if (*state == HDR_STATE_DONE_WITH_HEADERS) {
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * handle_response() is based on mod_proxy_fcgi's dispatch()
+ */
+static apr_status_t handle_response(const fcgi_provider_conf *conf,
+ request_rec *r, apr_socket_t *s,
+ apr_pool_t *temp_pool,
+ apr_uint16_t request_id,
+ char *rspbuf,
+ apr_size_t *rspbuflen)
+{
+ apr_bucket *b;
+ apr_bucket_brigade *ob;
+ apr_size_t orspbuflen;
+ apr_status_t rv = APR_SUCCESS;
+ const char *fn = "handle_response";
+ int header_state = HDR_STATE_READING_HEADERS;
+ int seen_end_of_headers = 0, done = 0;
+
+ if (rspbuflen) {
+ orspbuflen = *rspbuflen;
+ *rspbuflen = 0; /* unless we actually read something */
+ }
+
+ ob = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+
+ while (!done && rv == APR_SUCCESS) { /* Keep reading FastCGI records until
+ * we get AP_FCGI_END_REQUEST (done)
+ * or an error occurs.
+ */
+ apr_size_t readbuflen;
+ apr_uint16_t clen;
+ apr_uint16_t rid;
+ char readbuf[AP_IOBUFSIZE + 1];
+ unsigned char farray[AP_FCGI_HEADER_LEN];
+ unsigned char plen;
+ unsigned char type;
+ unsigned char version;
+
+ rv = recv_data_full(conf, r, s, (char *)farray, AP_FCGI_HEADER_LEN);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02501) "%s: Error occurred before reading "
+ "entire header", fn);
+ break;
+ }
+
+ ap_fcgi_header_fields_from_array(&version, &type, &rid, &clen, &plen,
+ farray);
+
+ if (version != AP_FCGI_VERSION_1) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02502) "%s: Got bogus FastCGI header "
+ "version %d", fn, (int)version);
+ rv = APR_EINVAL;
+ break;
+ }
+
+ if (rid != request_id) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02503) "%s: Got bogus FastCGI header "
+ "request id %d, expected %d",
+ fn, rid, request_id);
+ rv = APR_EINVAL;
+ break;
+ }
+
+ recv_again: /* if we need to keep reading more of a record's content */
+
+ if (clen > sizeof(readbuf) - 1) {
+ readbuflen = sizeof(readbuf) - 1;
+ } else {
+ readbuflen = clen;
+ }
+
+ /*
+ * Now get the actual content of the record.
+ */
+ if (readbuflen != 0) {
+ rv = recv_data(conf, r, s, readbuf, &readbuflen);
+ if (rv != APR_SUCCESS) {
+ break;
+ }
+ readbuf[readbuflen] = '\0';
+ }
+
+ switch (type) {
+ case AP_FCGI_STDOUT: /* Response headers and optional body */
+ if (clen != 0) {
+ b = apr_bucket_transient_create(readbuf,
+ readbuflen,
+ r->connection->bucket_alloc);
+
+ APR_BRIGADE_INSERT_TAIL(ob, b);
+
+ if (!seen_end_of_headers) {
+ int st = handle_headers(r, &header_state, readbuf);
+
+ if (st == 1) {
+ int status;
+
+ seen_end_of_headers = 1;
+
+ status =
+ ap_scan_script_header_err_brigade_ex(r, ob,
+ NULL,
+ APLOG_MODULE_INDEX);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02504) "%s: script header "
+ "parsing -> %d/%d",
+ fn, status, r->status);
+
+ if (rspbuf) { /* caller wants to see response body,
+ * if any
+ */
+ apr_status_t tmprv;
+
+ if (rspbuflen) {
+ *rspbuflen = orspbuflen;
+ }
+ tmprv = apr_brigade_flatten(ob, rspbuf, rspbuflen);
+ if (tmprv != APR_SUCCESS) {
+ /* should not occur for these bucket types;
+ * does not indicate overflow
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, tmprv, r,
+ APLOGNO(02505) "%s: error "
+ "flattening response body",
+ fn);
+ }
+ }
+
+ if (status != OK) {
+ r->status = status;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02506) "%s: Error parsing "
+ "script headers from %s",
+ fn, conf->backend);
+ rv = APR_EINVAL;
+ break;
+ }
+ apr_pool_clear(temp_pool);
+ }
+ else {
+ /* We're still looking for the end of the
+ * headers, so this part of the data will need
+ * to persist. */
+ apr_bucket_setaside(b, temp_pool);
+ }
+ }
+
+ /* If we didn't read all the data go back and get the
+ * rest of it. */
+ if (clen > readbuflen) {
+ clen -= readbuflen;
+ goto recv_again;
+ }
+ }
+ break;
+
+ case AP_FCGI_STDERR: /* Text to log */
+ if (clen) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ APLOGNO(02507) "%s: Logged from %s: '%s'",
+ fn, conf->backend, readbuf);
+ }
+
+ if (clen > readbuflen) {
+ clen -= readbuflen;
+ goto recv_again; /* continue reading this record */
+ }
+ break;
+
+ case AP_FCGI_END_REQUEST:
+ done = 1;
+ break;
+
+ default:
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02508) "%s: Got bogus FastCGI record type "
+ "%d", fn, type);
+ break;
+ }
+
+ /*
+ * Read/discard any trailing padding.
+ */
+ if (plen) {
+ rv = recv_data_full(conf, r, s, readbuf, plen);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02509) "%s: Error occurred reading "
+ "padding",
+ fn);
+ break;
+ }
+ }
+ }
+
+ apr_brigade_cleanup(ob);
+
+ if (rv == APR_SUCCESS && !seen_end_of_headers) {
+ rv = APR_EINVAL;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02510) "%s: Never reached end of script headers",
+ fn);
+ }
+
+ return rv;
+}
+
+/* almost from mod_fcgid */
+static int mod_fcgid_modify_auth_header(void *vars,
+ const char *key, const char *val)
+{
+ /* When the application gives a 200 response, the server ignores response
+ headers whose names aren't prefixed with Variable- prefix, and ignores
+ any response content */
+ if (strncasecmp(key, "Variable-", 9) == 0)
+ apr_table_setn(vars, key, val);
+ return 1;
+}
+
+static int fix_auth_header(void *vr, const char *key, const char *val)
+{
+ request_rec *r = vr;
+
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "moving %s->%s", key, val);
+ apr_table_unset(r->err_headers_out, key);
+ apr_table_setn(r->subprocess_env, key + 9, val);
+ return 1;
+}
+
+static void req_rsp(request_rec *r, const fcgi_provider_conf *conf,
+ const char *password, const char *apache_role,
+ char *rspbuf, apr_size_t *rspbuflen)
+{
+ const char *fn = "req_rsp";
+ apr_pool_t *temp_pool;
+ apr_size_t orspbuflen;
+ apr_socket_t *s;
+ apr_status_t rv;
+ apr_table_t *saved_subprocess_env =
+ apr_table_copy(r->pool, r->subprocess_env);
+
+ if (rspbuflen) {
+ orspbuflen = *rspbuflen;
+ *rspbuflen = 0; /* unless we actually read something */
+ }
+
+ apr_pool_create(&temp_pool, r->pool);
+
+ setupenv(r, password, apache_role);
+
+ rv = connect_to_peer(&s, r, conf->backend_addrs,
+ conf->backend, FCGI_IO_TIMEOUT);
+ if (rv == APR_SUCCESS) {
+ apr_uint16_t request_id = 1;
+
+ rv = send_begin_request(r, conf, s, AP_FCGI_AUTHORIZER, request_id);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02511) "%s: Failed writing request to %s",
+ fn, conf->backend);
+ }
+
+ if (rv == APR_SUCCESS) {
+ rv = send_environment(s, conf, r, request_id, temp_pool);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02512) "%s: Failed writing environment "
+ "to %s", fn, conf->backend);
+ }
+ }
+
+ /* The responder owns the request body, not the authorizer.
+ * Don't even send an empty AP_FCGI_STDIN block. libfcgi doesn't care,
+ * but it wasn't sent to authorizers by mod_fastcgi or mod_fcgi and
+ * may be unhandled by the app. Additionally, the FastCGI spec does
+ * not mention FCGI_STDIN in the Authorizer description, though it
+ * does describe FCGI_STDIN elsewhere in more general terms than
+ * simply a wrapper for the client's request body.
+ */
+
+ if (rv == APR_SUCCESS) {
+ if (rspbuflen) {
+ *rspbuflen = orspbuflen;
+ }
+ rv = handle_response(conf, r, s, temp_pool, request_id, rspbuf,
+ rspbuflen);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ APLOGNO(02514) "%s: Failed handling response "
+ "from %s", fn, conf->backend);
+ }
+ }
+
+ apr_socket_close(s);
+ }
+
+ if (rv != APR_SUCCESS) {
+ /* some sort of mechanical problem */
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02515) "%s: Received HTTP status %d",
+ fn, r->status);
+ }
+
+ r->subprocess_env = saved_subprocess_env;
+
+ if (r->status == HTTP_OK) {
+ /* An Authorizer application's 200 response may include headers
+ * whose names are prefixed with Variable-, and they should be
+ * available to subsequent phases via subprocess_env (and yanked
+ * from the client response).
+ */
+ apr_table_t *vars = apr_table_make(temp_pool, /* not used to allocate
+ * any values that end up
+ * in r->(anything)
+ */
+ 10);
+ apr_table_do(mod_fcgid_modify_auth_header, vars,
+ r->err_headers_out, NULL);
+ apr_table_do(fix_auth_header, r, vars, NULL);
+ }
+
+ apr_pool_destroy(temp_pool);
+}
+
+static int fcgi_check_authn(request_rec *r)
+{
+ const char *fn = "fcgi_check_authn";
+ fcgi_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
+ &authnz_fcgi_module);
+ const char *password = NULL;
+ const fcgi_provider_conf *conf;
+ const char *prov;
+ const char *auth_type;
+ char rspbuf[NON200_RESPONSE_BUF_LEN + 1]; /* extra byte for '\0' */
+ apr_size_t rspbuflen = sizeof rspbuf - 1;
+ int res;
+
+ prov = dconf && dconf->name ? dconf->name : NULL;
+
+ if (!prov || !strcasecmp(prov, "None")) {
+ return DECLINED;
+ }
+
+ auth_type = ap_auth_type(r);
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02516) "%s, prov %s, authoritative %s, "
+ "require-basic %s, user expr? %s type %s",
+ fn, prov,
+ dconf->authoritative ? "yes" : "no",
+ dconf->require_basic_auth ? "yes" : "no",
+ dconf->user_expr ? "yes" : "no",
+ auth_type);
+
+ if (auth_type && !strcasecmp(auth_type, "Basic")) {
+ if ((res = ap_get_basic_auth_pw(r, &password))) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02517) "%s: couldn't retrieve basic auth "
+ "password", fn);
+ if (dconf->require_basic_auth) {
+ return res;
+ }
+ password = NULL;
+ }
+ }
+
+ conf = apr_hash_get(fcgi_authn_providers, prov, APR_HASH_KEY_STRING);
+ if (!conf) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ APLOGNO(02518) "%s: can't find config for provider %s",
+ fn, prov);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ if (APLOGrdebug(r)) {
+ log_provider_info(conf, r);
+ }
+
+ req_rsp(r, conf, password, AP_FCGI_APACHE_ROLE_AUTHENTICATOR_STR,
+ rspbuf, &rspbuflen);
+
+ if (r->status == HTTP_OK) {
+ if (dconf->user_expr) {
+ const char *err;
+ const char *user = ap_expr_str_exec(r, dconf->user_expr,
+ &err);
+ if (user && strlen(user)) {
+ r->user = apr_pstrdup(r->pool, user);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02519) "%s: Setting user to '%s'",
+ fn, r->user);
+ }
+ else if (user && dconf->default_user) {
+ r->user = apr_pstrdup(r->pool, dconf->default_user);
+ }
+ else if (user) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02520) "%s: Failure extracting user "
+ "after calling authorizer: user expression "
+ "yielded empty string (variable not set?)",
+ fn);
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ }
+ else {
+ /* unexpected error, not even an empty string was returned */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ APLOGNO(02521) "%s: Failure extracting user "
+ "after calling authorizer: %s",
+ fn, err);
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+ if (conf->is_authz) {
+ /* combined authn/authz phase, so app won't be invoked for authz
+ *
+ * Remember that the request was successfully authorized by this
+ * provider.
+ */
+ fcgi_request_notes *rnotes = apr_palloc(r->pool, sizeof(*rnotes));
+ rnotes->successful_authnz_provider = conf->name;
+ ap_set_module_config(r->request_config, &authnz_fcgi_module,
+ rnotes);
+ }
+ }
+ else {
+ /* From the spec:
+ * For Authorizer response status values other than "200" (OK), the
+ * Web server denies access and sends the response status, headers,
+ * and content back to the HTTP client.
+ * But:
+ * This only makes sense if this authorizer is authoritative.
+ */
+ if (rspbuflen > 0 && !dconf->authoritative) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ APLOGNO(02522) "%s: Ignoring response body from non-"
+ "authoritative authorizer", fn);
+ }
+ else if (rspbuflen > 0) {
+ if (rspbuflen == sizeof rspbuf - 1) {
+ /* apr_brigade_flatten() interface :( */
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ APLOGNO(02523) "%s: possible overflow handling "
+ "response body", fn);
+ }
+ rspbuf[rspbuflen] = '\0'; /* we reserved an extra byte for '\0' */
+ ap_custom_response(r, r->status, rspbuf); /* API makes a copy */
+ }
+ }
+
+ return r->status == HTTP_OK ?
+ OK : dconf->authoritative ? r->status : DECLINED;
+}
+
+static authn_status fcgi_check_password(request_rec *r, const char *user,
+ const char *password)
+{
+ const char *fn = "fcgi_check_password";
+ const char *prov = apr_table_get(r->notes, AUTHN_PROVIDER_NAME_NOTE);
+ const fcgi_provider_conf *conf;
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02524) "%s(%s, XXX): provider %s",
+ fn, user, prov);
+
+ if (!prov) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ APLOGNO(02525) "%s: provider note isn't set", fn);
+ return AUTH_GENERAL_ERROR;
+ }
+
+ conf = apr_hash_get(fcgi_authn_providers, prov, APR_HASH_KEY_STRING);
+ if (!conf) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ APLOGNO(02526) "%s: can't find config for provider %s",
+ fn, prov);
+ return AUTH_GENERAL_ERROR;
+ }
+
+ if (APLOGrdebug(r)) {
+ log_provider_info(conf, r);
+ }
+
+ req_rsp(r, conf, password,
+ /* combined authn and authz: FCGI_APACHE_ROLE not set */
+ conf->is_authz ? NULL : AP_FCGI_APACHE_ROLE_AUTHENTICATOR_STR,
+ NULL, NULL);
+
+ if (r->status == HTTP_OK) {
+ if (conf->is_authz) {
+ /* combined authn/authz phase, so app won't be invoked for authz
+ *
+ * Remember that the request was successfully authorized by this
+ * provider.
+ */
+ fcgi_request_notes *rnotes = apr_palloc(r->pool, sizeof(*rnotes));
+ rnotes->successful_authnz_provider = conf->name;
+ ap_set_module_config(r->request_config, &authnz_fcgi_module,
+ rnotes);
+ }
+ return AUTH_GRANTED;
+ }
+ else if (r->status == HTTP_INTERNAL_SERVER_ERROR) {
+ return AUTH_GENERAL_ERROR;
+ }
+ else {
+ return AUTH_DENIED;
+ }
+}
+
+static const authn_provider fcgi_authn_provider = {
+ &fcgi_check_password,
+ NULL /* get-realm-hash not supported */
+};
+
+static authz_status fcgi_authz_check(request_rec *r,
+ const char *require_line,
+ const void *parsed_require_line)
+{
+ const char *fn = "fcgi_authz_check";
+ const char *prov = apr_table_get(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
+ const fcgi_provider_conf *conf;
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ APLOGNO(02527) "%s(%s)", fn, require_line);
+
+ if (!prov) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ APLOGNO(02528) "%s: provider note isn't set", fn);
+ return AUTHZ_GENERAL_ERROR;
+ }
+
+ conf = apr_hash_get(fcgi_authz_providers, prov, APR_HASH_KEY_STRING);
+ if (!conf) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ APLOGNO(02529) "%s: can't find config for provider %s",
+ fn, prov);
+ return AUTHZ_GENERAL_ERROR;
+ }
+
+ if (APLOGrdebug(r)) {
+ log_provider_info(conf, r);
+ }
+
+ if (!r->user) {
+ return AUTHZ_DENIED_NO_USER;
+ }
+
+ if (conf->is_authn) {
+ /* combined authn/authz phase, so app won't be invoked for authz
+ *
+ * If the provider already successfully authorized this request,
+ * success.
+ */
+ fcgi_request_notes *rnotes = ap_get_module_config(r->request_config,
+ &authnz_fcgi_module);
+ if (rnotes
+ && rnotes->successful_authnz_provider
+ && !strcmp(rnotes->successful_authnz_provider, conf->name)) {
+ return AUTHZ_GRANTED;
+ }
+ else {
+ return AUTHZ_DENIED;
+ }
+ }
+ else {
+ req_rsp(r, conf, NULL, AP_FCGI_APACHE_ROLE_AUTHORIZER_STR, NULL, NULL);
+
+ if (r->status == HTTP_OK) {
+ return AUTHZ_GRANTED;
+ }
+ else if (r->status == HTTP_INTERNAL_SERVER_ERROR) {
+ return AUTHZ_GENERAL_ERROR;
+ }
+ else {
+ return AUTHZ_DENIED;
+ }
+ }
+}
+
+static const char *fcgi_authz_parse(cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line)
+{
+ /* Allowed form: Require [not] registered-provider-name<EOS>
+ */
+ if (strcmp(require_line, "")) {
+ return "mod_authnz_fcgi doesn't support restrictions on providers "
+ "(i.e., multiple require args)";
+ }
+
+ return NULL;
+}
+
+static const authz_provider fcgi_authz_provider = {
+ &fcgi_authz_check,
+ &fcgi_authz_parse,
+};
+
+static const char *fcgi_check_authn_provider(cmd_parms *cmd,
+ void *d,
+ int argc,
+ char *const argv[])
+{
+ const char *dname = "AuthnzFcgiCheckAuthnProvider";
+ fcgi_dir_conf *dc = d;
+ int ca = 0;
+
+ if (ca >= argc) {
+ return apr_pstrcat(cmd->pool, dname, ": No provider given", NULL);
+ }
+
+ dc->name = argv[ca];
+ ca++;
+
+ if (!strcasecmp(dc->name, "None")) {
+ if (ca < argc) {
+ return "Options aren't supported with \"None\"";
+ }
+ }
+
+ while (ca < argc) {
+ const char *var = argv[ca], *val;
+ int badarg = 0;
+
+ ca++;
+
+ /* at present, everything needs an argument */
+ if (ca >= argc) {
+ return apr_pstrcat(cmd->pool, dname, ": ", var,
+ "needs an argument", NULL);
+ }
+
+ val = argv[ca];
+ ca++;
+
+ if (!strcasecmp(var, "Authoritative")) {
+ if (!strcasecmp(val, "On")) {
+ dc->authoritative = 1;
+ }
+ else if (!strcasecmp(val, "Off")) {
+ dc->authoritative = 0;
+ }
+ else {
+ badarg = 1;
+ }
+ }
+ else if (!strcasecmp(var, "DefaultUser")) {
+ dc->default_user = val;
+ }
+ else if (!strcasecmp(var, "RequireBasicAuth")) {
+ if (!strcasecmp(val, "On")) {
+ dc->require_basic_auth = 1;
+ }
+ else if (!strcasecmp(val, "Off")) {
+ dc->require_basic_auth = 0;
+ }
+ else {
+ badarg = 1;
+ }
+ }
+ else if (!strcasecmp(var, "UserExpr")) {
+ const char *err;
+ int flags = AP_EXPR_FLAG_DONT_VARY | AP_EXPR_FLAG_RESTRICTED
+ | AP_EXPR_FLAG_STRING_RESULT;
+
+ dc->user_expr = ap_expr_parse_cmd(cmd, val,
+ flags, &err, NULL);
+ if (err) {
+ return apr_psprintf(cmd->pool, "%s: Error parsing '%s': '%s'",
+ dname, val, err);
+ }
+ }
+ else {
+ return apr_pstrcat(cmd->pool, dname, ": Unexpected option '",
+ var, "'", NULL);
+ }
+ if (badarg) {
+ return apr_pstrcat(cmd->pool, dname, ": Bad argument '",
+ val, "' to option '", var, "'", NULL);
+ }
+ }
+
+ return NULL;
+}
+
+/* AuthnzFcgiAuthDefineProvider {authn|authz|authnz} provider-name \
+ * fcgi://backendhost:backendport/
+ */
+static const char *fcgi_define_provider(cmd_parms *cmd,
+ void *d,
+ int argc,
+ char *const argv[])
+{
+ const char *dname = "AuthnzFcgiDefineProvider";
+ ap_rxplus_t *fcgi_backend_regex;
+ apr_status_t rv;
+ char *host;
+ const char *err, *stype;
+ fcgi_provider_conf *conf = apr_pcalloc(cmd->pool, sizeof(*conf));
+ int ca = 0, rc;
+
+ fcgi_backend_regex = ap_rxplus_compile(cmd->pool, FCGI_BACKEND_REGEX_STR);
+ if (!fcgi_backend_regex) {
+ return apr_psprintf(cmd->pool,
+ "%s: failed to compile regexec '%s'",
+ dname, FCGI_BACKEND_REGEX_STR);
+ }
+
+ err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err)
+ return err;
+
+ if (ca >= argc) {
+ return apr_pstrcat(cmd->pool, dname, ": No type given", NULL);
+ }
+
+ stype = argv[ca];
+ ca++;
+
+ if (!strcasecmp(stype, "authn")) {
+ conf->is_authn = 1;
+ }
+ else if (!strcasecmp(stype, "authz")) {
+ conf->is_authz = 1;
+ }
+ else if (!strcasecmp(stype, "authnz")) {
+ conf->is_authn = conf->is_authz = 1;
+ }
+ else {
+ return apr_pstrcat(cmd->pool,
+ dname,
+ ": Invalid provider type ",
+ stype,
+ NULL);
+ }
+
+ if (ca >= argc) {
+ return apr_pstrcat(cmd->pool, dname, ": No provider name given", NULL);
+ }
+ conf->name = argv[ca];
+ ca++;
+
+ if (ca >= argc) {
+ return apr_pstrcat(cmd->pool, dname, ": No backend-address given",
+ NULL);
+ }
+
+ rc = ap_rxplus_exec(cmd->pool, fcgi_backend_regex, argv[ca], NULL);
+ if (!rc || ap_rxplus_nmatch(fcgi_backend_regex) != 3) {
+ return apr_pstrcat(cmd->pool,
+ dname, ": backend-address '",
+ argv[ca],
+ "' has invalid form",
+ NULL);
+ }
+
+ host = ap_rxplus_pmatch(cmd->pool, fcgi_backend_regex, 1);
+ if (host[0] == '[' && host[strlen(host) - 1] == ']') {
+ host += 1;
+ host[strlen(host) - 1] = '\0';
+ }
+
+ conf->port = atoi(ap_rxplus_pmatch(cmd->pool, fcgi_backend_regex, 2));
+ if (conf->port > 65535) {
+ return apr_pstrcat(cmd->pool,
+ dname, ": backend-address '",
+ argv[ca],
+ "' has invalid port",
+ NULL);
+ }
+
+ conf->backend = argv[ca];
+ conf->host = host;
+ ca++;
+
+ rv = apr_sockaddr_info_get(&conf->backend_addrs, conf->host,
+ APR_UNSPEC, conf->port, 0, cmd->pool);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, rv, NULL,
+ APLOGNO(02530) "Address %s could not be resolved",
+ conf->backend);
+ return apr_pstrcat(cmd->pool,
+ dname,
+ ": Error resolving backend address",
+ NULL);
+ }
+
+ if (ca != argc) {
+ return apr_pstrcat(cmd->pool,
+ dname,
+ ": Unexpected parameter ",
+ argv[ca],
+ NULL);
+ }
+
+ if (conf->is_authn) {
+ apr_hash_set(fcgi_authn_providers, conf->name, APR_HASH_KEY_STRING,
+ conf);
+ ap_register_auth_provider(cmd->pool, AUTHN_PROVIDER_GROUP,
+ conf->name,
+ AUTHN_PROVIDER_VERSION,
+ &fcgi_authn_provider,
+ AP_AUTH_INTERNAL_PER_CONF);
+ }
+
+ if (conf->is_authz) {
+ apr_hash_set(fcgi_authz_providers, conf->name, APR_HASH_KEY_STRING,
+ conf);
+ ap_register_auth_provider(cmd->pool, AUTHZ_PROVIDER_GROUP,
+ conf->name,
+ AUTHZ_PROVIDER_VERSION,
+ &fcgi_authz_provider,
+ AP_AUTH_INTERNAL_PER_CONF);
+ }
+
+ return NULL;
+}
+
+static const command_rec fcgi_cmds[] = {
+ AP_INIT_TAKE_ARGV("AuthnzFcgiDefineProvider",
+ fcgi_define_provider,
+ NULL,
+ RSRC_CONF,
+ "Define a FastCGI authn and/or authz provider"),
+
+ AP_INIT_TAKE_ARGV("AuthnzFcgiCheckAuthnProvider",
+ fcgi_check_authn_provider,
+ NULL,
+ OR_FILEINFO,
+ "Enable/disable a FastCGI authorizer to handle "
+ "check_authn phase"),
+
+ {NULL}
+};
+
+static int fcgi_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp)
+{
+ fcgi_authn_providers = apr_hash_make(pconf);
+ fcgi_authz_providers = apr_hash_make(pconf);
+
+ return OK;
+}
+
+static void fcgi_register_hooks(apr_pool_t *p)
+{
+ static const char * const auth_basic_runs_after_me[] =
+ {"mod_auth_basic.c", NULL}; /* to allow for custom response */
+
+ ap_hook_pre_config(fcgi_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_check_authn(fcgi_check_authn, NULL, auth_basic_runs_after_me,
+ APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
+}
+
+static void *create_dir_conf(apr_pool_t *p, char *dummy)
+{
+ fcgi_dir_conf *dconf = apr_pcalloc(p, sizeof(fcgi_dir_conf));
+
+ dconf->authoritative = 1;
+ return dconf;
+}
+
+static void *merge_dir_conf(apr_pool_t *p, void *basev, void *overridesv)
+{
+ fcgi_dir_conf *a = (fcgi_dir_conf *)apr_pcalloc(p, sizeof(*a));
+ fcgi_dir_conf *base = (fcgi_dir_conf *)basev,
+ *over = (fcgi_dir_conf *)overridesv;
+
+ /* currently we just have a single directive applicable to a
+ * directory, so if it is set then grab all fields from fcgi_dir_conf
+ */
+ if (over->name) {
+ memcpy(a, over, sizeof(*a));
+ }
+ else {
+ memcpy(a, base, sizeof(*a));
+ }
+
+ return a;
+}
+
+AP_DECLARE_MODULE(authnz_fcgi) =
+{
+ STANDARD20_MODULE_STUFF,
+ create_dir_conf, /* dir config creater */
+ merge_dir_conf, /* dir merger */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ fcgi_cmds, /* command apr_table_t */
+ fcgi_register_hooks /* register hooks */
+};
--- /dev/null
+# Microsoft Developer Studio Project File - Name="mod_authnz_fcgi" - Package Owner=<4>\r
+# Microsoft Developer Studio Generated Build File, Format Version 6.00\r
+# ** DO NOT EDIT **\r
+\r
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102\r
+\r
+CFG=mod_authnz_fcgi - Win32 Debug\r
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,\r
+!MESSAGE use the Export Makefile command and run\r
+!MESSAGE \r
+!MESSAGE NMAKE /f "mod_authnz_fcgi.mak".\r
+!MESSAGE \r
+!MESSAGE You can specify a configuration when running NMAKE\r
+!MESSAGE by defining the macro CFG on the command line. For example:\r
+!MESSAGE \r
+!MESSAGE NMAKE /f "mod_authnz_fcgi.mak" CFG="mod_authnz_fcgi - Win32 Debug"\r
+!MESSAGE \r
+!MESSAGE Possible choices for configuration are:\r
+!MESSAGE \r
+!MESSAGE "mod_authnz_fcgi - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")\r
+!MESSAGE "mod_authnz_fcgi - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")\r
+!MESSAGE \r
+\r
+# Begin Project\r
+# PROP AllowPerConfigDependencies 0\r
+# PROP Scc_ProjName ""\r
+# PROP Scc_LocalPath ""\r
+CPP=cl.exe\r
+MTL=midl.exe\r
+RSC=rc.exe\r
+\r
+!IF "$(CFG)" == "mod_authnz_fcgi - Win32 Release"\r
+\r
+# PROP BASE Use_MFC 0\r
+# PROP BASE Use_Debug_Libraries 0\r
+# PROP BASE Output_Dir "Release"\r
+# PROP BASE Intermediate_Dir "Release"\r
+# PROP BASE Target_Dir ""\r
+# PROP Use_MFC 0\r
+# PROP Use_Debug_Libraries 0\r
+# PROP Output_Dir "Release"\r
+# PROP Intermediate_Dir "Release"\r
+# PROP Ignore_Export_Lib 0\r
+# PROP Target_Dir ""\r
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c\r
+# ADD CPP /nologo /MD /W3 /O2 /Oy- /Zi /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../database" /D "authnz_fcgi_DECLARE_EXPORT" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authnz_fcgi_src" /FD /c\r
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"\r
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"\r
+# ADD BASE RSC /l 0x409 /d "NDEBUG"\r
+# ADD RSC /l 0x409 /fo"Release/mod_authnz_fcgi.res" /i "../../include" /i "../../srclib/apr/include" /d "NDEBUG" /d BIN_NAME="mod_authnz_fcgi.so" /d LONG_NAME="authnz_fcgi_module for Apache"\r
+BSC32=bscmake.exe\r
+# ADD BASE BSC32 /nologo\r
+# ADD BSC32 /nologo\r
+LINK32=link.exe\r
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:".\Release\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so\r
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Release\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so /opt:ref\r
+# Begin Special Build Tool\r
+TargetPath=.\Release\mod_authnz_fcgi.so\r
+SOURCE="$(InputPath)"\r
+PostBuild_Desc=Embed .manifest\r
+PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2\r
+# End Special Build Tool\r
+\r
+!ELSEIF "$(CFG)" == "mod_authnz_fcgi - Win32 Debug"\r
+\r
+# PROP BASE Use_MFC 0\r
+# PROP BASE Use_Debug_Libraries 1\r
+# PROP BASE Output_Dir "Debug"\r
+# PROP BASE Intermediate_Dir "Debug"\r
+# PROP BASE Target_Dir ""\r
+# PROP Use_MFC 0\r
+# PROP Use_Debug_Libraries 1\r
+# PROP Output_Dir "Debug"\r
+# PROP Intermediate_Dir "Debug"\r
+# PROP Ignore_Export_Lib 0\r
+# PROP Target_Dir ""\r
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c\r
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../database" /D "authnz_fcgi_DECLARE_EXPORT" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authnz_fcgi_src" /FD /c\r
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"\r
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"\r
+# ADD BASE RSC /l 0x409 /d "_DEBUG"\r
+# ADD RSC /l 0x409 /fo"Debug/mod_authnz_fcgi.res" /i "../../include" /i "../../srclib/apr/include" /d "_DEBUG" /d BIN_NAME="mod_authnz_fcgi.so" /d LONG_NAME="authnz_fcgi_module for Apache"\r
+BSC32=bscmake.exe\r
+# ADD BASE BSC32 /nologo\r
+# ADD BSC32 /nologo\r
+LINK32=link.exe\r
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so\r
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so\r
+# Begin Special Build Tool\r
+TargetPath=.\Debug\mod_authnz_fcgi.so\r
+SOURCE="$(InputPath)"\r
+PostBuild_Desc=Embed .manifest\r
+PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2\r
+# End Special Build Tool\r
+\r
+!ENDIF \r
+\r
+# Begin Target\r
+\r
+# Name "mod_authnz_fcgi - Win32 Release"\r
+# Name "mod_authnz_fcgi - Win32 Debug"\r
+# Begin Source File\r
+\r
+SOURCE=.\mod_authnz_fcgi.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=..\..\include\mod_auth.h\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=..\..\include\util_fcgi.h\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=..\..\build\win32\httpd.rc\r
+# End Source File\r
+# End Target\r
+# End Project\r
mod_optional_fn_import.so 0x70BC0000 0x00010000
mod_optional_hook_export.so 0x70BD0000 0x00010000
mod_optional_hook_import.so 0x70BE0000 0x00010000
+mod_authnz_fcgi.so 0x70BF0000 0x00020000
projects / apache / commitdiff