From: Daniel Gruno Date: Thu, 26 Apr 2012 15:47:56 +0000 (+0000) Subject: Syntax for mod_a*.xml and MPMs X-Git-Tag: 2.5.0-alpha~7010 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a3d2bba55be00dfd01c81ce01ffc04dbaf410332;p=apache Syntax for mod_a*.xml and MPMs git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1330911 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_access_compat.xml b/docs/manual/mod/mod_access_compat.xml index 4611412483..cf974c73ef 100644 --- a/docs/manual/mod/mod_access_compat.xml +++ b/docs/manual/mod/mod_access_compat.xml @@ -113,10 +113,10 @@ server
A (partial) domain-name
- Example: - Allow from example.org
- Allow from .net example.edu - + +Allow from example.org +Allow from .net example.edu +

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.example.org but it will not @@ -133,37 +133,37 @@ server

A full IP address
- Example: - Allow from 10.1.2.3
- Allow from 192.168.1.104 192.168.1.205 - + +Allow from 10.1.2.3 +Allow from 192.168.1.104 192.168.1.205 +

An IP address of a host allowed access

A partial IP address
- Example: - Allow from 10.1
- Allow from 10 172.20 192.168.2 - + +Allow from 10.1 +Allow from 10 172.20 192.168.2 +

The first 1 to 3 bytes of an IP address, for subnet restriction.

A network/netmask pair
- Example: + Allow from 10.1.0.0/255.255.0.0 - +

A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

A network/nnn CIDR specification
- Example: + Allow from 10.1.0.0/16 - +

Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

@@ -174,10 +174,10 @@ server

IPv6 addresses and IPv6 subnets can be specified as shown below:

- - Allow from 2001:db8::a00:20ff:fea7:ccea
- Allow from 2001:db8::a00:20ff:fea7:ccea/10 - + +Allow from 2001:db8::a00:20ff:fea7:ccea +Allow from 2001:db8::a00:20ff:fea7:ccea/10 +

The third format of the arguments to the Allow directive allows access to the server @@ -196,16 +196,14 @@ server User-Agent (browser type), Referer, or other HTTP request header fields.

- Example: - SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
- <Directory /docroot>
- - Order Deny,Allow
- Deny from all
- Allow from env=let_me_in
- - </Directory> - + +SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in +<Directory /docroot> + Order Deny,Allow + Deny from all + Allow from env=let_me_in +</Directory> +

In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all @@ -341,11 +339,11 @@ evaluated.

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

- - Order Deny,Allow
- Deny from all
- Allow from example.org - + +Order Deny,Allow +Deny from all +Allow from example.org +

In the next example, all hosts in the example.org domain are allowed access, except for the hosts which are in the @@ -354,11 +352,11 @@ evaluated. state is to Deny access to the server.

- - Order Allow,Deny
- Allow from example.org
- Deny from foo.example.org - + +Order Allow,Deny +Allow from example.org +Deny from foo.example.org +

On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will @@ -377,13 +375,11 @@ evaluated. directives because of its effect on the default access state. For example,

- - <Directory /www>
- - Order Allow,Deny
- - </Directory> - + +<Directory /www> + Order Allow,Deny +</Directory> +

will Deny all access to the /www directory because the default access state is set to @@ -448,27 +444,27 @@ later people outside of your network provide a password, you could use a configuration similar to the following:

- - Require valid-user
- Allow from 192.168.1
- Satisfy Any - + +Require valid-user +Allow from 192.168.1 +Satisfy Any +

Another frequent use of the Satisfy directive is to relax access restrictions for a subdirectory:

- - <Directory /var/www/private>
- Require valid-user
- </Directory>
-
- <Directory /var/www/private/public>
- Allow from all
- Satisfy Any
- </Directory> - + +<Directory /var/www/private> + Require valid-user +</Directory> + +<Directory /var/www/private/public> + Allow from all + Satisfy Any +</Directory> +

In the above example, authentication will be required for the /var/www/private directory, but will not be required diff --git a/docs/manual/mod/mod_actions.xml b/docs/manual/mod/mod_actions.xml index 110ded6554..465a8eeb10 100644 --- a/docs/manual/mod/mod_actions.xml +++ b/docs/manual/mod/mod_actions.xml @@ -74,21 +74,24 @@ introduced in Apache 2.1 is passed using the REDIRECT_HANDLER variable.

Example: MIME type - # Requests for files of a particular MIME content type:
- Action image/gif /cgi-bin/images.cgi
-
+ +# Requests for files of a particular MIME content type: +Action image/gif /cgi-bin/images.cgi +

In this example, requests for files with a MIME content type of image/gif will be handled by the specified cgi script /cgi-bin/images.cgi.

- Example: File extension - # Files of a particular file extension
- AddHandler my-file-type .xyz
- Action my-file-type /cgi-bin/program.cgi
+ + Example: File extension + +# Files of a particular file extension +AddHandler my-file-type .xyz +Action my-file-type /cgi-bin/program.cgi + -

In this example, requests for files with a file extension of .xyz are handled by the specified cgi script /cgi-bin/program.cgi.

@@ -98,14 +101,12 @@ introduced in Apache 2.1 if you want to use the Action directive in virtual locations.

- Example - <Location /news>
- - SetHandler news-handler
- Action news-handler /cgi-bin/news.cgi virtual
- - </Location> - + +<Location /news> + SetHandler news-handler + Action news-handler /cgi-bin/news.cgi virtual +</Location> + AddHandler @@ -145,13 +146,13 @@ method. (e.g., foo.html?hi). Otherwise, the request will proceed normally.

- Examples - # All GET requests go here
- Script GET /cgi-bin/search
-
- # A CGI PUT handler
- Script PUT /~bob/put.cgi
- + +# All GET requests go here +Script GET /cgi-bin/search + +# A CGI PUT handler +Script PUT /~bob/put.cgi + diff --git a/docs/manual/mod/mod_alias.xml b/docs/manual/mod/mod_alias.xml index d32c72eff7..b5ccc668ee 100644 --- a/docs/manual/mod/mod_alias.xml +++ b/docs/manual/mod/mod_alias.xml @@ -79,10 +79,10 @@ href="../urlmapping.html">Mapping URLs to the filesystem all the directives to have an effect. For example, the following configuration will work as expected:

- - Alias /foo/bar /baz
- Alias /foo /gaq - + +Alias /foo/bar /baz +Alias /foo /gaq +

But if the above two directives were reversed in order, the /foo Alias @@ -110,9 +110,9 @@ href="../urlmapping.html">Mapping URLs to the filesystem URL-path is case-sensitive, even on case-insensitive file systems.

- Example: + Alias /image /ftp/pub/image - +

A request for http://example.com/image/foo.gif would cause the server to return the file /ftp/pub/image/foo.gif. Only @@ -146,14 +146,12 @@ href="../urlmapping.html">Mapping URLs to the filesystem module="core">DocumentRoot, you may need to explicitly permit access to the target directory.

- Example: - Alias /image /ftp/pub/image
- <Directory /ftp/pub/image>
- - Require all granted
- - </Directory> - + +Alias /image /ftp/pub/image +<Directory /ftp/pub/image> + Require all granted +</Directory> + @@ -178,18 +176,18 @@ expressions example, to activate the /icons directory, one might use:

- + AliasMatch ^/icons(.*) /usr/local/apache/icons$1 - +

The full range of regular expression power is available. For example, it is possible to construct an alias with case-insensitive matching of the URL-path:

- + AliasMatch (?i)^/image(.*) /ftp/pub/image$1 - +

One subtle difference between Alias @@ -212,22 +210,22 @@ expressions

For example, suppose you want to replace this with AliasMatch:

- + Alias /image/ /ftp/pub/image/ - +

This is NOT equivalent - don't do this! This will send all requests that have /image/ anywhere in them to /ftp/pub/image/:

- + AliasMatch /image/ /ftp/pub/image/ - +

This is what you need to get the same effect:

- + AliasMatch ^/image/(.*)$ /ftp/pub/image/$1 - +

Of course, there's no point in using AliasMatch @@ -236,10 +234,10 @@ expressions you do more complicated things. For example, you could serve different kinds of files from different directories:

- + AliasMatch ^/image/(.*)\.jpg$ /files/jpg.images/$1.jpg
AliasMatch ^/image/(.*)\.gif$ /files/gif.images/$1.gif - + @@ -271,13 +269,13 @@ a different URL URL. Additional path information beyond the matched URL-Path will be appended to the target URL.

- Example: - # Redirect to a URL on a different host
- Redirect /service http://foo2.example.com/service
-
- # Redirect to a URL on the same host
- Redirect /one /two - + +# Redirect to a URL on a different host +Redirect /service http://foo2.example.com/service + +# Redirect to a URL on the same host +Redirect /one /two +

If the client requests http://example.com/service/foo.txt, it will be told to access @@ -335,10 +333,10 @@ a different URL HTTP status code, known to the Apache HTTP Server (see the function send_error_response in http_protocol.c).

- Example: - Redirect permanent /one http://example.com/two
- Redirect 303 /three http://example.com/other - + +Redirect permanent /one http://example.com/two +Redirect 303 /three http://example.com/other + @@ -364,9 +362,9 @@ of the current URL example, to redirect all GIF files to like-named JPEG files on another server, one might use:

- + RedirectMatch (.*)\.gif$ http://other.example.com$1.jpg - +

The considerations related to the difference between Alias and @@ -432,29 +430,27 @@ target as a CGI script to scripts beginning with the second argument, which is a full pathname in the local filesystem.

- Example: + ScriptAlias /cgi-bin/ /web/cgi-bin/ - +

A request for http://example.com/cgi-bin/foo would cause the server to run the script /web/cgi-bin/foo. This configuration is essentially equivalent to:

- - Alias /cgi-bin/ /web/cgi-bin/
- <Location /cgi-bin >
- - SetHandler cgi-script
- Options +ExecCGI
- - </Location> - + +Alias /cgi-bin/ /web/cgi-bin/ +<Location /cgi-bin > + SetHandler cgi-script + Options +ExecCGI +</Location> +

ScriptAlias can also be used in conjunction with a script or handler you have. For example:

- + ScriptAlias /cgi-bin/ /web/cgi-handler.pl - +

In this scenario all files requested in /cgi-bin/ will be handled by the file you have configured, this allows you to use your own custom @@ -473,14 +469,12 @@ target as a CGI script module="core" type="section">Directory, SetHandler, and Options as in: - - <Directory /usr/local/apache2/htdocs/cgi-bin >
- - SetHandler cgi-script
- Options ExecCGI
- - </Directory> - + +<Directory /usr/local/apache2/htdocs/cgi-bin > + SetHandler cgi-script + Options ExecCGI +</Directory> + This is necessary since multiple URL-paths can map to the same filesystem location, potentially bypassing the ScriptAlias and revealing the source code @@ -511,18 +505,18 @@ and designates the target as a CGI script example, to activate the standard /cgi-bin, one might use:

- + ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1 - +

As for AliasMatch, the full range of regular expression power is available. For example, it is possible to construct an alias with case-insensitive matching of the URL-path:

- + ScriptAliasMatch (?i)^/cgi-bin(.*) /usr/local/apache/cgi-bin$1 - +

The considerations related to the difference between Alias and diff --git a/docs/manual/mod/mod_allowmethods.xml b/docs/manual/mod/mod_allowmethods.xml index e9fcca004d..d743b657c3 100644 --- a/docs/manual/mod/mod_allowmethods.xml +++ b/docs/manual/mod/mod_allowmethods.xml @@ -42,13 +42,11 @@ in order for it to rebuild correctly.

This module makes it easy to restrict what HTTP methods can used on an server. The most common configuration would be:

-Example -<Location />
- - AllowMethods GET POST OPTIONS
- + +<Location /> + AllowMethods GET POST OPTIONS </Location> - + @@ -68,13 +66,11 @@ RFC given in upper case. The GET and HEAD methods are treated as equivalent. The reset keyword can be used turn off mod_allowmethods in a deeper nested context:

-Example -<Location /svn>
- - AllowMethods reset
- + +<Location /svn> + AllowMethods reset </Location> - + Caution

The TRACE method can not be denied by this module, diff --git a/docs/manual/mod/mod_asis.xml b/docs/manual/mod/mod_asis.xml index 4da3831def..d42f8da662 100644 --- a/docs/manual/mod/mod_asis.xml +++ b/docs/manual/mod/mod_asis.xml @@ -51,7 +51,7 @@ HTTP headers

In the server configuration file, associate files with the send-as-is handler e.g.

- AddHandler send-as-is asis + AddHandler send-as-is asis

The contents of any file with a .asis extension will then be sent by Apache httpd to the client with almost no diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index b60ac91b03..b414b8fa4c 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -59,20 +59,18 @@ The default file provider is implemented by the mod_authn_file module. Make sure that the chosen provider module is present in the server.

- Example - <Location /secure>
- - AuthType basic
- AuthName "private area"
- AuthBasicProvider dbm
- AuthDBMType SDBM
- AuthDBMUserFile /www/etc/dbmpasswd
- Require valid-user
- - </Location> + +<Location /secure> + AuthType basic + AuthName "private area" + AuthBasicProvider dbm + AuthDBMType SDBM + AuthDBMUserFile /www/etc/dbmpasswd + Require valid-user +</Location> + -

Providers are queried in order until a provider finds a match for the requested username, at which point this sole provider will attempt to check the password. A failure to verify the password does diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index 8dad0c1dcc..1f1ba060d4 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -56,17 +56,17 @@ htdigest tool.

Example: - <Location /private/>
- - AuthType Digest
- AuthName "private area"
- AuthDigestDomain /private/ http://mirror.my.dom/private2/
-
- AuthDigestProvider file
- AuthUserFile /web/auth/.digest_pw
- Require valid-user
- - </Location> + +<Location /private/> + AuthType Digest + AuthName "private area" + AuthDigestDomain /private/ http://mirror.my.dom/private2/ + + AuthDigestProvider file + AuthUserFile /web/auth/.digest_pw + Require valid-user +</Location> + Note @@ -113,7 +113,9 @@ method would look similar to the following.

Using Digest Authentication with MSIE: - BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On + + BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On +

This workaround is not necessary for MSIE 7, though enabling it does @@ -335,11 +337,11 @@ of clients express your value as KBytes or MBytes. For example, the following directives are all equivalent:

- - AuthDigestShmemSize 1048576
- AuthDigestShmemSize 1024K
- AuthDigestShmemSize 1M - + +AuthDigestShmemSize 1048576 +AuthDigestShmemSize 1024K +AuthDigestShmemSize 1M + diff --git a/docs/manual/mod/mod_auth_form.xml b/docs/manual/mod/mod_auth_form.xml index 84d8483111..6817de517a 100644 --- a/docs/manual/mod/mod_auth_form.xml +++ b/docs/manual/mod/mod_auth_form.xml @@ -74,14 +74,16 @@ the user will be redirected to the form login page.

Basic example - AuthFormProvider file
- AuthUserFile conf/passwd
- AuthType form
- AuthName realm
- AuthFormLoginRequiredLocation http://example.com/login.html
- Session On
- SessionCookieName session path=/
- SessionCryptoPassphrase secret
+ +AuthFormProvider file +AuthUserFile conf/passwd +AuthType form +AuthName realm +AuthFormLoginRequiredLocation http://example.com/login.html +Session On +SessionCookieName session path=/ +SessionCryptoPassphrase secret +

The directive AuthType will enable @@ -128,20 +130,20 @@ Apache httpd as follows:

Form login handler example - <Location /dologin.html> - - SetHandler form-login-handler
- AuthFormLoginRequiredLocation http://example.com/login.html
- AuthFormLoginSuccessLocation http://example.com/success.html
- AuthFormProvider file
- AuthUserFile conf/passwd
- AuthType form
- AuthName realm
- Session On
- SessionCookieName session path=/
- SessionCryptoPassphrase secret
- - </Location> + +<Location /dologin.html> + SetHandler form-login-handler + AuthFormLoginRequiredLocation http://example.com/login.html + AuthFormLoginSuccessLocation http://example.com/success.html + AuthFormProvider file + AuthUserFile conf/passwd + AuthType form + AuthName realm + Session On + SessionCookieName session path=/ + SessionCryptoPassphrase secret +</Location> +

The URLs specified by the @@ -195,15 +197,17 @@ containing the login form, as follows:

Basic inline example - AuthFormProvider file
- ErrorDocument 401 /login.shtml
- AuthUserFile conf/passwd
- AuthType form
- AuthName realm
- AuthFormLoginRequiredLocation http://example.com/login.html
- Session On
- SessionCookieName session path=/
- SessionCryptoPassphrase secret
+ +AuthFormProvider file +ErrorDocument 401 /login.shtml +AuthUserFile conf/passwd +AuthType form +AuthName realm +AuthFormLoginRequiredLocation http://example.com/login.html +Session On +SessionCookieName session path=/ +SessionCryptoPassphrase secret +

The error document page should contain a login form with an empty action property, @@ -272,9 +276,11 @@ technology.

CGI example - AuthFormProvider file
- ErrorDocument 401 /cgi-bin/login.cgi
- ...
+ + AuthFormProvider file + ErrorDocument 401 /cgi-bin/login.cgi + ... + @@ -293,12 +299,14 @@ give the user the option to log in again.

Basic logout example - SetHandler form-logout-handler
- AuthName realm
- AuthFormLogoutLocation http://example.com/loggedout.html
- Session On
- SessionCookieName session path=/
- SessionCryptoPassphrase secret
+ +SetHandler form-logout-handler +AuthName realm +AuthFormLogoutLocation http://example.com/loggedout.html +Session On +SessionCookieName session path=/ +SessionCryptoPassphrase secret +

Note that logging a user out does not delete the session; it merely removes @@ -310,12 +318,14 @@

Basic session expiry example - SetHandler form-logout-handler
- AuthFormLogoutLocation http://example.com/loggedout.html
- Session On
- SessionMaxAge 1
- SessionCookieName session path=/
- SessionCryptoPassphrase secret
+ +SetHandler form-logout-handler +AuthFormLogoutLocation http://example.com/loggedout.html +Session On +SessionMaxAge 1 +SessionCookieName session path=/ +SessionCryptoPassphrase secret + @@ -345,17 +355,17 @@ that the chosen provider module is present in the server.

Example - <Location /secure>
- - AuthType form
- AuthName "private area"
- AuthFormProvider dbm
- AuthDBMType SDBM
- AuthDBMUserFile /www/etc/dbmpasswd
- Require valid-user
- ...
- - </Location> + +<Location /secure> + AuthType form + AuthName "private area" + AuthFormProvider dbm + AuthDBMType SDBM + AuthDBMUserFile /www/etc/dbmpasswd + Require valid-user + #... +</Location> +

Providers are implemented by mod_authn_dbm, @@ -614,14 +624,14 @@ lower level modules the page specified by this directive will be shown to the end user. For example:

Example - <Location /logout>
- - SetHandler form-logout-handler
- AuthFormLogoutLocation http://example.com/loggedout.html
- Session on
- ... - - </Location> + +<Location /logout> + SetHandler form-logout-handler + AuthFormLogoutLocation http://example.com/loggedout.html + Session on + #... +</Location> +

An attempt to access the URI /logout/ will result in the user being logged diff --git a/docs/manual/mod/mod_authn_anon.xml b/docs/manual/mod/mod_authn_anon.xml index e8f489d23c..9abbd3890d 100644 --- a/docs/manual/mod/mod_authn_anon.xml +++ b/docs/manual/mod/mod_authn_anon.xml @@ -81,22 +81,22 @@ Example - <Directory /var/www/html/private> - - AuthName "Use 'anonymous' & Email address for guest entry"
- AuthType Basic
- AuthBasicProvider file anon
- AuthUserFile /path/to/your/.htpasswd
-
- Anonymous_NoUserID off
- Anonymous_MustGiveEmail on
- Anonymous_VerifyEmail on
- Anonymous_LogEmail on
- Anonymous anonymous guest www test welcome
-
- Require valid-user
- - </Directory> + +<Directory /var/www/html/private> + AuthName "Use 'anonymous' & Email address for guest entry" + AuthType Basic + AuthBasicProvider file anon + AuthUserFile /path/to/your/.htpasswd + + Anonymous_NoUserID off + Anonymous_MustGiveEmail on + Anonymous_VerifyEmail on + Anonymous_LogEmail on + Anonymous anonymous guest www test welcome + + Require valid-user +</Directory> + diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml index 0edbfc915b..fe629d64be 100644 --- a/docs/manual/mod/mod_authn_core.xml +++ b/docs/manual/mod/mod_authn_core.xml @@ -54,30 +54,25 @@ files.

Checking multiple text password files - - # Check here first
- <AuthnProviderAlias file file1>
- - AuthUserFile /www/conf/passwords1
- - </AuthnProviderAlias>
-
- # Then check here
- <AuthnProviderAlias file file2>
- - AuthUserFile /www/conf/passwords2
- - </AuthnProviderAlias>
-
- <Directory /var/web/pages/secure>
- - AuthBasicProvider file1 file2
-
- AuthType Basic
- AuthName "Protected Area"
- Require valid-user
- - </Directory>
+ +# Check here first +<AuthnProviderAlias file file1> + AuthUserFile /www/conf/passwords1 +</AuthnProviderAlias> + +# Then check here +<AuthnProviderAlias file file2> + AuthUserFile /www/conf/passwords2 +</AuthnProviderAlias> + +<Directory /var/web/pages/secure> + AuthBasicProvider file1 file2 + + AuthType Basic + AuthName "Protected Area" + Require valid-user +</Directory> +

The example below creates two different ldap authentication @@ -86,34 +81,30 @@ hosts:

Checking multiple LDAP servers - <AuthnProviderAlias ldap ldap-alias1>
- - AuthLDAPBindDN cn=youruser,o=ctx
- AuthLDAPBindPassword yourpassword
- AuthLDAPURL ldap://ldap.host/o=ctx
- - </AuthnProviderAlias>

- <AuthnProviderAlias ldap ldap-other-alias>
- - AuthLDAPBindDN cn=yourotheruser,o=dev
- AuthLDAPBindPassword yourotherpassword
- AuthLDAPURL ldap://other.ldap.host/o=dev?cn
- - </AuthnProviderAlias>

- - Alias /secure /webpages/secure
- <Directory /webpages/secure>
- - Order deny,allow
- Allow from all

- - AuthBasicProvider ldap-other-alias ldap-alias1

- - AuthType Basic
- AuthName LDAP_Protected_Place
- Require valid-user
- - </Directory>
+ +<AuthnProviderAlias ldap ldap-alias1> + AuthLDAPBindDN cn=youruser,o=ctx + AuthLDAPBindPassword yourpassword + AuthLDAPURL ldap://ldap.host/o=ctx + </AuthnProviderAlias> + <AuthnProviderAlias ldap ldap-other-alias> + AuthLDAPBindDN cn=yourotheruser,o=dev + AuthLDAPBindPassword yourotherpassword + AuthLDAPURL ldap://other.ldap.host/o=dev?cn +</AuthnProviderAlias> + +Alias /secure /webpages/secure +<Directory /webpages/secure> + Order deny,allow + Allow from all + + AuthBasicProvider ldap-other-alias ldap-alias1 + + AuthType Basic + AuthName LDAP_Protected_Place + Require valid-user +</Directory> + @@ -144,9 +135,9 @@ authentication

For example:

- + AuthName "Top Secret" - +

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

@@ -189,24 +180,20 @@ authentication in the following example, clients may access the /www/docs/public directory without authenticating:

- - <Directory /www/docs> - - AuthType Basic
- AuthName Documents
- AuthBasicProvider file
- AuthUserFile /usr/local/apache/passwd/passwords
- Require valid-user - - </Directory>
-
- <Directory /www/docs/public> - - AuthType None
- Require all granted - - </Directory> - + +<Directory /www/docs> + AuthType Basic + AuthName Documents + AuthBasicProvider file + AuthUserFile /usr/local/apache/passwd/passwords + Require valid-user +</Directory> + +<Directory /www/docs/public> + AuthType None + Require all granted +</Directory> + When disabling authentication, note that clients which have already authenticated against another portion of the server's document diff --git a/docs/manual/mod/mod_authn_dbd.xml b/docs/manual/mod/mod_authn_dbd.xml index 03e3af18ce..e48132f5bd 100644 --- a/docs/manual/mod/mod_authn_dbd.xml +++ b/docs/manual/mod/mod_authn_dbd.xml @@ -72,7 +72,7 @@ to cache credentials and take most of the load off the database.

Configuration Example

This simple example shows use of this module in the context of the Authentication and DBD frameworks.

-
+
 # mod_dbd configuration
 # UPDATED to include authentication cacheing
 DBDriver pgsql
@@ -103,7 +103,7 @@ DBDExptime 300
   AuthDBDUserPWQuery \
     "SELECT password FROM authn WHERE user = %s"
 </Directory>
-

+
@@ -136,10 +136,10 @@ configuration required in some web applications. will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

- Example
+    
 AuthDBDUserPWQuery \
   "SELECT password FROM authn WHERE user = %s"
-

+

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user @@ -171,10 +171,10 @@ AuthDBDUserPWQuery \ The user's ID and the realm, in that order, will be passed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s format specifiers.

- Example
+    
 AuthDBDUserRealmQuery \
   "SELECT password FROM authn WHERE user = %s AND realm = %s"
-

+

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user diff --git a/docs/manual/mod/mod_authn_socache.xml b/docs/manual/mod/mod_authn_socache.xml index 9331dda6b5..0bdbd04905 100644 --- a/docs/manual/mod/mod_authn_socache.xml +++ b/docs/manual/mod/mod_authn_socache.xml @@ -69,18 +69,18 @@ the load on backends

A simple usage example to accelerate mod_authn_dbd using dbm as a cache engine:

- 
-    <Directory /usr/www/myhost/private>
-        AuthType Basic
-        AuthName "Cached Authentication Example"
-        AuthBasicProvider socache dbd
-        AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
-        AuthnCacheProvideFor dbd
-        AuthnCacheContext dbd-authn-example
-        AuthnCacheSOCache dbm
-        Require valid-user
-    </Directory>
-
+ 
+<Directory /usr/www/myhost/private>
+    AuthType Basic
+    AuthName "Cached Authentication Example"
+    AuthBasicProvider socache dbd
+    AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
+    AuthnCacheProvideFor dbd
+    AuthnCacheContext dbd-authn-example
+    AuthnCacheSOCache dbm
+    Require valid-user
+</Directory>
+
Cacheing with custom modules @@ -142,9 +142,9 @@ the load on backends

For example, to cache credentials found by mod_authn_dbd or by a custom provider myprovider, but leave those looked up by lightweight providers like file or dbm lookup alone:

- + AuthnCacheProvideFor dbd myprovider - + diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index 425f740c4c..8fe607bb4a 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -340,11 +340,11 @@ for HTTP Basic authentication. ldap://ldap/o=Example?cn (i.e., cn is used for searches), the following Require directives could be used to restrict access:

- -Require ldap-user "Barbara Jenson"
-Require ldap-user "Fred User"
-Require ldap-user "Joe Manager"
- + +Require ldap-user "Barbara Jenson" +Require ldap-user "Fred User" +Require ldap-user "Joe Manager" +

Because of the way that mod_authnz_ldap handles this directive, Barbara Jenson could sign on as Barbara @@ -356,7 +356,7 @@ Require ldap-user "Joe Manager"

If the uid attribute was used instead of the cn attribute in the URL above, the above three lines could be condensed to

-Require ldap-user bjenson fuser jmanager +Require ldap-user bjenson fuser jmanager
Require ldap-group @@ -366,58 +366,58 @@ Require ldap-user "Joe Manager"
group. Note: Do not surround the group name with quotes. For example, assume that the following entry existed in the LDAP directory:

- -dn: cn=Administrators, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Barbara Jenson, o=Example
-uniqueMember: cn=Fred User, o=Example
- + +dn: cn=Administrators, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Barbara Jenson, o=Example +uniqueMember: cn=Fred User, o=Example +

The following directive would grant access to both Fred and Barbara:

-Require ldap-group cn=Administrators, o=Example +Require ldap-group cn=Administrators, o=Example

Members can also be found within sub-groups of a specified LDAP group if AuthLDAPMaxSubGroupDepth is set to a value greater than 0. For example, assume the following entries exist in the LDAP directory:

- -dn: cn=Employees, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Managers, o=Example
-uniqueMember: cn=Administrators, o=Example
-uniqueMember: cn=Users, o=Example
-
-dn: cn=Managers, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Bob Ellis, o=Example
-uniqueMember: cn=Tom Jackson, o=Example
-
-dn: cn=Administrators, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Barbara Jenson, o=Example
-uniqueMember: cn=Fred User, o=Example
-
-dn: cn=Users, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Allan Jefferson, o=Example
-uniqueMember: cn=Paul Tilley, o=Example
-uniqueMember: cn=Temporary Employees, o=Example
-
-dn: cn=Temporary Employees, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Jim Swenson, o=Example
-uniqueMember: cn=Elliot Rhodes, o=Example
- + +dn: cn=Employees, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Managers, o=Example +uniqueMember: cn=Administrators, o=Example +uniqueMember: cn=Users, o=Example + +dn: cn=Managers, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Bob Ellis, o=Example +uniqueMember: cn=Tom Jackson, o=Example + +dn: cn=Administrators, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Barbara Jenson, o=Example +uniqueMember: cn=Fred User, o=Example + +dn: cn=Users, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Allan Jefferson, o=Example +uniqueMember: cn=Paul Tilley, o=Example +uniqueMember: cn=Temporary Employees, o=Example + +dn: cn=Temporary Employees, o=Example +objectClass: groupOfUniqueNames +uniqueMember: cn=Jim Swenson, o=Example +uniqueMember: cn=Elliot Rhodes, o=Example +

The following directives would allow access for Bob Ellis, Tom Jackson, Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not allow access for Jim Swenson, or Elliot Rhodes (since they are at a sub-group depth of 2):

- -Require ldap-group cn=Employees, o-Example
-AuthLDAPSubGroupDepth 1
- + +Require ldap-group cn=Employees, o-Example +AuthLDAPSubGroupDepth 1 +

Behavior of this directive is modified by the AuthLDAPGroupAttribute,

The following directive would grant access to a specific DN:

-Require ldap-dn cn=Barbara Jenson, o=Example +Require ldap-dn cn=Barbara Jenson, o=Example

Behavior of this directive is modified by the AuthLDAPCompareDNOnServer @@ -457,7 +457,7 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone with the attribute employeeType = active

- Require ldap-attribute employeeType=active + Require ldap-attribute employeeType=active

Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple @@ -470,7 +470,7 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"

- Require ldap-attribute city="San Jose" status=active + Require ldap-attribute city="San Jose" status=active
@@ -484,7 +484,7 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone having a cell phone and is in the marketing department

- Require ldap-filter &(cell=*)(department=marketing) + Require ldap-filter &(cell=*)(department=marketing)

The difference between the Require ldap-filter directive and the Require ldap-attribute directive is that ldap-filter @@ -504,19 +504,19 @@ AuthLDAPSubGroupDepth 1

  • Grant access to anyone who exists in the LDAP directory, using their UID for searches. - -AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"
    + +AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)" Require valid-user -     +
  • The next example is the same as above; but with the fields that have useful defaults omitted. Also, note the use of a redundant LDAP server. -AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"
    +AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example" Require valid-user -     +
  • @@ -528,19 +528,19 @@ Require valid-user this approach is not recommended: it's a better idea to choose an attribute that is guaranteed unique in your directory, such as uid. - -AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"
    + +AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn" Require valid-user -     +
  • Grant access to anybody in the Administrators group. The users must authenticate using their UID. - -AuthLDAPURL ldap://ldap.example.com/o=Example?uid
    + +AuthLDAPURL ldap://ldap.example.com/o=Example?uid Require ldap-group cn=Administrators, o=Example -     +
  • @@ -549,10 +549,10 @@ Require ldap-group cn=Administrators, o=Example of qpagePagerID. The example will grant access only to people (authenticated via their UID) who have alphanumeric pagers: - -AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)
    + +AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*) Require valid-user -     +
  • @@ -565,10 +565,10 @@ Require valid-user a pager, plus grant access to Joe Manager, who doesn't have a pager, but does need to access the same resource:

    - -AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager))
    + +AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager)) Require valid-user -     +

    This last may look confusing at first, so it helps to evaluate what the search filter will look like based on who @@ -663,11 +663,11 @@ Require valid-user subtree search for the attribute userPrincipalName, with an empty search root, like so:

    - -AuthLDAPBindDN apache@example.com
    -AuthLDAPBindPassword password
    + +AuthLDAPBindDN apache@example.com +AuthLDAPBindPassword password AuthLDAPURL ldap://10.0.0.1:3268/?userPrincipalName?sub -     +

    Users will need to enter their User Principal Name as a login, in the form somebody@nz.example.com.

    @@ -690,11 +690,11 @@ AuthLDAPURL ldap://10.0.0.1:3268/?userPrincipalName?sub authentication to it is a matter of adding the following directives to every .htaccess file that gets created in the web

    -
    +
     AuthLDAPURL            "the url"
 AuthGroupFile mygroupfile
 Require group mygroupfile
-
    
+
    How It Works @@ -864,8 +864,8 @@ to perform a DN lookup AuthLDAPBindDN.

    - AuthLDAPInitialBindPattern (.+) $1@example.com - AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com + AuthLDAPInitialBindPattern (.+) $1@example.com + AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com Not available with authorization-only This directive can only be used if this module authenticates the user, and @@ -1215,7 +1215,7 @@ objects that are groups during sub-group processing. to use. The syntax of the URL is

    ldap://host:port/basedn?attribute?scope?filter

    If you want to specify more than one LDAP URL that Apache should try in turn, the syntax is:

    -AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..." +AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."

    Caveat: If you specify multiple servers, you need to enclose the entire URL string in quotes; otherwise you will get an error: "AuthLDAPURL takes one argument, URL to define LDAP connection.." You can of course use search parameters on each of these.

    diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 5e17bd090b..07f6262d05 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -58,38 +58,33 @@ multiple ldap hosts:

    - Example - <AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
    - - AuthLDAPBindDN cn=youruser,o=ctx
    - AuthLDAPBindPassword yourpassword
    - AuthLDAPURL ldap://ldap.host/o=ctx
    -     - </AuthzProviderAlias>

    - <AuthzProviderAlias ldap-group ldap-group-alias2 - cn=my-other-group,o=dev>
    - - AuthLDAPBindDN cn=yourotheruser,o=dev
    - AuthLDAPBindPassword yourotherpassword
    - AuthLDAPURL ldap://other.ldap.host/o=dev?cn
    -     - </AuthzProviderAlias>

    - - Alias /secure /webpages/secure
    - <Directory /webpages/secure>
    - - Require all granted

    - - AuthBasicProvider file

    - - AuthType Basic
    - AuthName LDAP_Protected_Place

    - - #implied OR operation
    - Require ldap-group-alias1
    - Require ldap-group-alias2
    -     </Directory>
    -     + +<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx> + AuthLDAPBindDN cn=youruser,o=ctx + AuthLDAPBindPassword yourpassword + AuthLDAPURL ldap://ldap.host/o=ctx +</AuthzProviderAlias> + +<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev> + AuthLDAPBindDN cn=yourotheruser,o=dev + AuthLDAPBindPassword yourotherpassword + AuthLDAPURL ldap://other.ldap.host/o=dev?cn +</AuthzProviderAlias> + +Alias /secure /webpages/secure +<Directory /webpages/secure> + Require all granted + + AuthBasicProvider file + + AuthType Basic + AuthName LDAP_Protected_Place + + #implied OR operation + Require ldap-group-alias1 + Require ldap-group-alias2 +</Directory> +
    @@ -115,39 +110,27 @@ not belong to either the temps group or the LDAP group Temporary Employees.

    - - <Directory /www/mydocs> - + +<Directory /www/mydocs> + <RequireAll> + <RequireAny> + Require user superadmin <RequireAll> - + Require group admins + Require ldap-group cn=Administrators,o=Airius <RequireAny> - - Require user superadmin
    - <RequireAll> - - Require group admins
    - Require ldap-group cn=Administrators,o=Airius
    - <RequireAny> - - Require group sales
    - Require ldap-attribute dept="sales" -     - </RequireAny> -     - </RequireAll> -     - </RequireAny>
    - <RequireNone> - - Require group temps
    - Require ldap-group cn=Temporary Employees,o=Airius -     - </RequireNone> -     + Require group sales + Require ldap-attribute dept="sales" + </RequireAny> </RequireAll> -     - </Directory> -     + </RequireAny> + <RequireNone> + Require group temps + Require ldap-group cn=Temporary Employees,o=Airius + </RequireNone> + </RequireAll> +</Directory> +
    The Require Directives @@ -171,14 +154,12 @@ User-Agent (browser type), Referer, or other HTTP request header fields.

    - Example: - SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
    - <Directory /docroot>
    - - Require env let_me_in
    -     - </Directory> -     + +SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in +<Directory /docroot> + Require env let_me_in +</Directory> +

    In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all @@ -194,13 +175,13 @@ 'granted' or 'denied'. The following examples will grant or deny access to all requests.

    - - Require all granted
    -     + + Require all granted + - - Require all denied
    -     + + Require all denied +
    @@ -214,20 +195,20 @@

    The following example will only allow GET, HEAD, POST, and OPTIONS requests:

    - - Require method GET POST OPTIONS
    -     + + Require method GET POST OPTIONS +

    The following example will allow GET, HEAD, POST, and OPTIONS requests without authentication, and require a valid user for all other methods:

    - - <RequireAny>
    -  Require method GET POST OPTIONS
    -  Require valid-user
    - </RequireAny>
    -     + +<RequireAny> +  Require method GET POST OPTIONS +  Require valid-user +</RequireAny> + @@ -236,9 +217,9 @@

    The expr provider allows to base authorization decisions on arbitrary expressions.

    - - Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17
    -     + + Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17 +

    The syntax is described in the ap_expr documentation.

    @@ -321,14 +302,14 @@ an authorization provider. and AuthGroupFile (to define users and groups) in order to work correctly. Example:

    - - AuthType Basic
    - AuthName "Restricted Resource"
    - AuthBasicProvider file
    - AuthUserFile /web/users
    - AuthGroupFile /web/groups
    - Require group admin -     + +AuthType Basic +AuthName "Restricted Resource" +AuthBasicProvider file +AuthUserFile /web/users +AuthGroupFile /web/groups +Require group admin +

    Access controls which are applied in this way are effective for all methods. This is what is normally @@ -350,18 +331,14 @@ an authorization provider. and beta groups are authorized, except for those who are also in the reject group.

    - - <Directory /www/docs> - - <RequireAll> - - Require group alpha beta
    - Require not group reject -     - </RequireAll> -     - </Directory> -     + +<Directory /www/docs> + <RequireAll> + Require group alpha beta + Require not group reject + </RequireAll> +</Directory> +

    When multiple Require directives are used in a single @@ -540,30 +517,24 @@ sections. preceding sections. Thus only users belong to the group gamma may access /www/docs/ab/gamma. - - <Directory /www/docs> - - AuthType Basic
    - AuthName Documents
    - AuthBasicProvider file
    - AuthUserFile /usr/local/apache/passwd/passwords
    - Require group alpha -     - </Directory>
    -
    - <Directory /www/docs/ab> - - AuthMerging Or
    - Require group beta -     - </Directory>
    -
    - <Directory /www/docs/ab/gamma> - - Require group gamma - - </Directory> -     + +<Directory /www/docs> + AuthType Basic + AuthName Documents + AuthBasicProvider file + AuthUserFile /usr/local/apache/passwd/passwords + Require group alpha +</Directory> + +<Directory /www/docs/ab> + AuthMerging Or + Require group beta +</Directory> + +<Directory /www/docs/ab/gamma> + Require group gamma +</Directory> + diff --git a/docs/manual/mod/mod_authz_dbd.xml b/docs/manual/mod/mod_authz_dbd.xml index df51339ff3..b7060cf754 100644 --- a/docs/manual/mod/mod_authz_dbd.xml +++ b/docs/manual/mod/mod_authz_dbd.xml @@ -80,8 +80,8 @@ to implement functions that start and end client-side sessions.

    -Configuration Example -
    +Configuration example
+
     # mod_dbd configuration
 DBDriver pgsql
 DBDParams "dbname=apacheauth user=apache pass=xxxxxx"
@@ -135,7 +135,7 @@ DBDExptime 300
       "UPDATE authn SET login = 'false' WHERE user = %s"
   </Files>
 </Directory>
-
    
+
    @@ -157,22 +157,22 @@ DBDExptime 300 The first column value of each row returned by the query statement should be a string containing a group name. Zero, one, or more rows may be returned. - Example
    +    
 Require dbd-group
 AuthzDBDQuery \
   "SELECT group FROM groups WHERE user = %s"
-
     +
  • When used with a Require dbd-login or Require dbd-logout directive, it will never deny access, but will instead execute a SQL statement designed to log the user in or out. The user must already be authenticated with mod_authn_dbd. - Example
    +    
     Require dbd-login
 AuthzDBDQuery \
   "UPDATE authn SET login = 'true' WHERE user = %s"
-
    
+

    • In all cases, the user's ID will be passed as a single string @@ -193,10 +193,10 @@ AuthzDBDQuery \ specific to the user. The user's ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

    - Example
    +    
 AuthzDBDRedirectQuery \
   "SELECT userpage FROM userpages WHERE user = %s"
-
     +

    The first column value of the first row returned by the query statement should be a string containing a URL to which to redirect the client. Subsequent rows will be ignored. If no rows are returned, diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml index 5c589bfeb3..5b4768f66a 100644 --- a/docs/manual/mod/mod_authz_dbm.xml +++ b/docs/manual/mod/mod_authz_dbm.xml @@ -75,10 +75,10 @@ of user groups for authorization accomplished by first setting the group and password files to point to the same DBM:

    - - AuthDBMGroupFile /www/userbase
    - AuthDBMUserFile /www/userbase -     + +AuthDBMGroupFile /www/userbase +AuthDBMUserFile /www/userbase +

    The key for the single DBM is the username. The value consists of

    diff --git a/docs/manual/mod/mod_authz_host.xml b/docs/manual/mod/mod_authz_host.xml index 09993d17ea..30bef02669 100644 --- a/docs/manual/mod/mod_authz_host.xml +++ b/docs/manual/mod/mod_authz_host.xml @@ -75,35 +75,35 @@ address)

    A full IP address:

    - - Require ip 10.1.2.3
    - Require ip 192.168.1.104 192.168.1.205 -     + +Require ip 10.1.2.3 +Require ip 192.168.1.104 192.168.1.205 +

    An IP address of a host allowed access

    A partial IP address:

    - - Require ip 10.1
    - Require ip 10 172.20 192.168.2 -     + +Require ip 10.1 +Require ip 10 172.20 192.168.2 +

    The first 1 to 3 bytes of an IP address, for subnet restriction.

    A network/netmask pair:

    - + Require ip 10.1.0.0/255.255.0.0 - +

    A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

    A network/nnn CIDR specification:

    - + Require ip 10.1.0.0/16 - +

    Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

    @@ -113,10 +113,10 @@ address)

    IPv6 addresses and IPv6 subnets can be specified as shown below:

    - - Require ip 2001:db8::a00:20ff:fea7:ccea
    - Require ip 2001:db8::a00:20ff:fea7:ccea/10 -     + +Require ip 2001:db8::a00:20ff:fea7:ccea +Require ip 2001:db8::a00:20ff:fea7:ccea/10 + @@ -130,10 +130,10 @@ address)

    A (partial) domain-name

    - - Require host example.org
    - Require host .net example.edu -     + +Require host example.org +Require host .net example.edu +

    Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above @@ -164,9 +164,9 @@ address)

    This allows a convenient way to match connections that originate from the local host:

    - + Require local - + diff --git a/docs/manual/mod/mod_authz_owner.xml b/docs/manual/mod/mod_authz_owner.xml index f1f52c3eb5..475cc7d9f5 100644 --- a/docs/manual/mod/mod_authz_owner.xml +++ b/docs/manual/mod/mod_authz_owner.xml @@ -85,17 +85,15 @@ files in /home/smith/public_html/private unless they were owned by jones instead of smith.

    - - <Directory /home/*/public_html/private>
    - - AuthType Basic
    - AuthName MyPrivateFiles
    - AuthBasicProvider dbm
    - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
    - Require file-owner
    -     - </Directory> -     + +<Directory /home/*/public_html/private> + AuthType Basic + AuthName MyPrivateFiles + AuthBasicProvider dbm + AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all + Require file-owner +</Directory> +
    Require file-group @@ -111,22 +109,20 @@ authorized to access the project-foo directories of each other.

    - - <Directory /home/*/public_html/project-foo>
    - - AuthType Basic
    - AuthName "Project Foo Files"
    - AuthBasicProvider dbm
    -
    - # combined user/group database
    - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
    - AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
    -
    - Satisfy All
    - Require file-group
    -     - </Directory> -     + +<Directory /home/*/public_html/project-foo> + AuthType Basic + AuthName "Project Foo Files" + AuthBasicProvider dbm + + # combined user/group database + AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all + AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all + + Satisfy All + Require file-group +</Directory> +
    diff --git a/docs/manual/mod/mod_autoindex.xml b/docs/manual/mod/mod_autoindex.xml index 628c411f1c..474b4ee86c 100644 --- a/docs/manual/mod/mod_autoindex.xml +++ b/docs/manual/mod/mod_autoindex.xml @@ -202,10 +202,10 @@ icon selected by filename is displayed if the client is image-incapable, has image loading disabled, or fails to retrieve the icon.

    - Examples - AddAlt "PDF file" *.pdf
    - AddAlt Compressed *.gz *.zip *.Z -     + +AddAlt "PDF file" *.pdf +AddAlt Compressed *.gz *.zip *.Z + @@ -230,9 +230,9 @@ selected by MIME-encoding This alternate text is displayed if the client is image-incapable, has image loading disabled, or fails to retrieve the icon.

    - Example + AddAltByEncoding gzip x-gzip - + @@ -257,9 +257,9 @@ icon selected by MIME content-type This alternate text is displayed if the client is image-incapable, has image loading disabled, or fails to retrieve the icon.

    - Example + AddAltByType 'plain text' text/plain - + @@ -280,10 +280,10 @@ icon selected by MIME content-type expression or full filename for files to describe. String is enclosed in double quotes (").

    - Example - AddDescription "The planet Mars" mars.gif
    - AddDescription "My friend Marshall" friends/mars.gif -     + +AddDescription "The planet Mars" mars.gif +AddDescription "My friend Marshall" friends/mars.gif +

    The typical, default description field is 23 bytes wide. 6 more bytes are added by the is unnecessary if you're using IndexOptions HTMLTable.

    - Examples - AddIcon (IMG,/icons/image.png) .gif .jpg .png
    - AddIcon /icons/dir.png ^^DIRECTORY^^
    - AddIcon /icons/backup.png *~ -     + +#Examples +AddIcon (IMG,/icons/image.png) .gif .jpg .png +AddIcon /icons/dir.png ^^DIRECTORY^^ +AddIcon /icons/backup.png *~ +

    AddIconByType should be used in preference to AddIcon, @@ -389,9 +390,9 @@ content-encoding

    MIME-encoding is a valid content-encoding, such as x-compress.

    - Example + AddIconByEncoding /icons/compress.png x-compress - + @@ -419,9 +420,9 @@ content-type

    MIME-type is a wildcard expression matching required the mime types.

    - Example + AddIconByType (IMG,/icons/image.png) image/* - + @@ -442,9 +443,9 @@ configured Url-path is a (%-escaped) relative URL to the icon, or a fully qualified remote URL.

    - Example + DefaultIcon /icon/unknown.png - + @@ -463,9 +464,9 @@ of the index listing of the file that will be inserted at the top of the index listing. Filename is the name of the file to include.

    - Example + HeaderName HEADER.html - +

    Both HeaderName and with a slash, it will be taken to be relative to the DocumentRoot.

    - Example + HeaderName /include/HEADER.html - +

    Filename must resolve to a document with a major content type of text/* (e.g., @@ -486,9 +487,9 @@ of the index listing actual file type (as opposed to its output) is marked as text/html such as with a directive like:

    - + AddType text/html .cgi - +

    Content negotiation will be performed if Options @@ -531,9 +532,9 @@ a directory files. By default, the list contains . (the current directory).

    - + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - + Regular Expressions

    This directive does not currently work in configuration sections @@ -561,15 +562,15 @@ a directory any files ignored by IndexIgnore otherwise inherited from other configuration sections.

    - - <Directory /var/www> - IndexIgnore *.bak .??* *~ *# HEADER* README* RCS CVS *,v *,t - </Directory> - <Directory /var/www/backups> - IndexIgnoreReset ON - IndexIgnore .??* *# HEADER* README* RCS CVS *,v *,t - </Directory> - + +<Directory /var/www> + IndexIgnore *.bak .??* *~ *# HEADER* README* RCS CVS *,v *,t +</Directory> +<Directory /var/www/backups> + IndexIgnoreReset ON + IndexIgnore .??* *# HEADER* README* RCS CVS *,v *,t +</Directory> +

    Review the default configuration for a list of patterns that you might want to explicitly ignore after using this @@ -621,9 +622,9 @@ indexing (It depends on whether the underlying file system uses Unicode filenames or not.) - Example: + IndexOptions Charset=UTF-8 - +

    specify the MIME content-type of the generated page. The default is text/html. - Example: + IndexOptions Type=text/plain - +
  • Multiple IndexOptions directives for a single directory are now merged together. The result of: - - <Directory /foo> - - IndexOptions HTMLTable
    - IndexOptions SuppressColumnsorting -     - </Directory> -     + +<Directory /foo> + IndexOptions HTMLTable + IndexOptions SuppressColumnsorting +</Directory> +

    will be the equivalent of

    - + IndexOptions HTMLTable SuppressColumnsorting - +
  • The addition of the incremental syntax (i.e., prefixing @@ -946,10 +945,10 @@ indexing clears all inherited options and any incremental settings encountered so far. Consider the following example:

    - - IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing
    - IndexOptions +SuppressSize -     + +IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing
    +IndexOptions +SuppressSize +

    The net effect is equivalent to IndexOptions FancyIndexing +SuppressSize, because the unprefixed FancyIndexing @@ -1015,10 +1014,9 @@ Name|Date|Size|Description

    The IndexStyleSheet directive sets the name of the file that will be used as the CSS for the index listing.

    - - Example + IndexStyleSheet "/css/style.css" - +

    Using this directive in conjunction with IndexOptions HTMLTable adds a number of CSS classes to the resulting HTML. @@ -1054,10 +1052,9 @@ Name|Date|Size|Description

    The IndexHeadInsert directive specifies a string to insert in the <head> section of the HTML generated for the index page.

    - - Example + IndexHeadInsert "<link rel=\"sitemap\" href=\"/sitemap.html\">" - + @@ -1080,13 +1077,15 @@ of the index listing relative to the DocumentRoot.

    - Example 1 - ReadmeName FOOTER.html - + +# Example 1 +ReadmeName FOOTER.html + - Example 2 - ReadmeName /include/FOOTER.html - + +# Example 2 +ReadmeName /include/FOOTER.html +

    See also HeaderName, where this behavior is described in greater diff --git a/docs/manual/mod/worker.xml b/docs/manual/mod/worker.xml index f95f4c21f7..3fec7cf92a 100644 --- a/docs/manual/mod/worker.xml +++ b/docs/manual/mod/worker.xml @@ -110,14 +110,14 @@

    A typical configuration of the process-thread controls in the worker MPM could look as follows:

    - - ServerLimit 16
    - StartServers 2
    - MaxRequestWorkers 150
    - MinSpareThreads 25
    - MaxSpareThreads 75
    - ThreadsPerChild 25 -     + +ServerLimit 16 +StartServers 2 +MaxRequestWorkers 150 +MinSpareThreads 25 +MaxSpareThreads 75 +ThreadsPerChild 25 +

    While the parent process is usually started as root under Unix in order to bind to port 80, the child processes and threads