From a90c8fdafb0ddf833dd502996aadea2066e3c63c Mon Sep 17 00:00:00 2001 From: Ken Coar Date: Tue, 14 Apr 2015 23:35:26 +0000 Subject: [PATCH] Following up on BZ 53530.. putting quotation marks around arbitrary-text, complex, and/or filesystem directive arguments. More to do.. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1673582 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/howto/auth.html.en | 22 ++++---- docs/manual/howto/auth.xml | 22 ++++---- docs/manual/howto/htaccess.html.en | 28 +++++----- docs/manual/howto/htaccess.xml | 44 +++++++++------ docs/manual/mod/mod_auth_basic.html.en | 16 +++--- docs/manual/mod/mod_auth_basic.xml | 16 +++--- docs/manual/mod/mod_auth_digest.html.en | 6 +-- docs/manual/mod/mod_auth_digest.xml | 6 +-- docs/manual/mod/mod_auth_form.html.en | 28 +++++----- docs/manual/mod/mod_auth_form.xml | 28 +++++----- docs/manual/mod/mod_authn_anon.html.en | 4 +- docs/manual/mod/mod_authn_anon.xml | 4 +- docs/manual/mod/mod_authn_core.html.en | 24 ++++----- docs/manual/mod/mod_authn_core.xml | 24 ++++----- docs/manual/mod/mod_authnz_ldap.html.en | 14 ++--- docs/manual/mod/mod_authnz_ldap.xml | 32 +++++++---- docs/manual/mod/mod_authz_core.html.en | 40 +++++++------- docs/manual/mod/mod_authz_core.xml | 40 +++++++------- docs/manual/mod/mod_authz_dbm.html.en | 16 +++--- docs/manual/mod/mod_authz_dbm.xml | 16 +++--- docs/manual/mod/mod_authz_owner.html.en | 16 +++--- docs/manual/mod/mod_authz_owner.xml | 16 +++--- docs/manual/mod/mod_dav.html.en | 20 +++---- docs/manual/mod/mod_dav.xml | 26 ++++----- docs/manual/mod/mod_session.html.en | 4 +- docs/manual/mod/mod_session.xml | 4 +- docs/manual/ssl/ssl_howto.html.en | 70 ++++++++++++------------ docs/manual/ssl/ssl_howto.xml | 71 ++++++++++++------------- 28 files changed, 340 insertions(+), 317 deletions(-) diff --git a/docs/manual/howto/auth.html.en b/docs/manual/howto/auth.html.en index 23da9f9584..b22c1cbc86 100644 --- a/docs/manual/howto/auth.html.en +++ b/docs/manual/howto/auth.html.en @@ -213,13 +213,13 @@ module from each group.

following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a <Directory - /usr/local/apache/htdocs/secret> section.

+ "/usr/local/apache/htdocs/secret"> section.

AuthType Basic
 AuthName "Restricted Files"
 # (Following line optional)
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
 Require user rbowen
@@ -315,8 +315,8 @@ person in AuthName "By Invitation Only" # Optional line: AuthBasicProvider file -AuthUserFile /usr/local/apache/passwd/passwords -AuthGroupFile /usr/local/apache/passwd/groups +AuthUserFile "/usr/local/apache/passwd/passwords" +AuthGroupFile "/usr/local/apache/passwd/groups" Require group GroupName @@ -375,11 +375,11 @@ Require group GroupName

To select a dbm file rather than a text file, for example:

- 
<Directory /www/docs/private>
+    
<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider dbm
-    AuthDBMUserFile /www/passwords/passwd.dbm
+    AuthDBMUserFile "/www/passwords/passwd.dbm"
     Require valid-user
 </Directory>

 
@@ -397,11 +397,11 @@ Require group GroupName
scheme that meets your needs. In the following example, both the file and LDAP based authentication providers are being used.

- 
<Directory /www/docs/private>
+    
<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider file ldap
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     AuthLDAPURL ldap://ldaphost/o=yourorg
     Require valid-user
 </Directory>

@@ -420,13 +420,13 @@ Require group GroupName
authorization methods can also be used. In this example both file group authorization as well as LDAP group authorization is being used.

- 
<Directory /www/docs/private>
+    
<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     AuthLDAPURL ldap://ldaphost/o=yourorg
-    AuthGroupFile /usr/local/apache/passwd/groups
+    AuthGroupFile "/usr/local/apache/passwd/groups"
     Require group GroupName
     Require ldap-group cn=mygroup,o=yourorg
 </Directory>

diff --git a/docs/manual/howto/auth.xml b/docs/manual/howto/auth.xml
index 2b0d8cc437..d53846c55b 100644
--- a/docs/manual/howto/auth.xml
+++ b/docs/manual/howto/auth.xml
@@ -197,14 +197,14 @@ module from each group.

     following directives, either placed in the file
     /usr/local/apache/htdocs/secret/.htaccess, or
     placed in httpd.conf inside a <Directory
-    /usr/local/apache/htdocs/secret> section.

+    "/usr/local/apache/htdocs/secret"> section.

 
     
 AuthType Basic
 AuthName "Restricted Files"
 # (Following line optional)
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
 Require user rbowen
     
 
@@ -309,8 +309,8 @@ AuthType Basic
 AuthName "By Invitation Only"
 # Optional line:
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
-AuthGroupFile /usr/local/apache/passwd/groups
+AuthUserFile "/usr/local/apache/passwd/passwords"
+AuthGroupFile "/usr/local/apache/passwd/groups"
 Require group GroupName
     
 
@@ -370,11 +370,11 @@ Require group GroupName
     
To select a dbm file rather than a text file, for example:

 
     
-<Directory /www/docs/private>
+<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider dbm
-    AuthDBMUserFile /www/passwords/passwd.dbm
+    AuthDBMUserFile "/www/passwords/passwd.dbm"
     Require valid-user
 </Directory>
     
@@ -393,11 +393,11 @@ Require group GroupName
     file and LDAP based authentication providers are being used.

 
     
-<Directory /www/docs/private>
+<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider file ldap
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     AuthLDAPURL ldap://ldaphost/o=yourorg
     Require valid-user
 </Directory>
@@ -417,13 +417,13 @@ Require group GroupName
     authorization as well as LDAP group authorization is being used.

 
     
-<Directory /www/docs/private>
+<Directory "/www/docs/private">
     AuthName "Private"
     AuthType Basic
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     AuthLDAPURL ldap://ldaphost/o=yourorg
-    AuthGroupFile /usr/local/apache/passwd/groups
+    AuthGroupFile "/usr/local/apache/passwd/groups"
     Require group GroupName
     Require ldap-group cn=mygroup,o=yourorg
 </Directory>
diff --git a/docs/manual/howto/htaccess.html.en b/docs/manual/howto/htaccess.html.en
index ec8596dd00..f652699c2d 100644
--- a/docs/manual/howto/htaccess.html.en
+++ b/docs/manual/howto/htaccess.html.en
@@ -66,7 +66,7 @@ changes on a per-directory basis.

       if you would rather call the file .config then you
       can put the following in your server configuration file:

 
-      
AccessFileName .config

+      
AccessFileName ".config"

 
     
 
@@ -188,18 +188,18 @@ changes on a per-directory basis.

     
Note that it is completely equivalent to put a .htaccess
     file in a directory /www/htdocs/example containing a
     directive, and to put that same directive in a Directory section
-    <Directory /www/htdocs/example> in your main server
+    <Directory "/www/htdocs/example"> in your main server
     configuration:

 
     
.htaccess file in /www/htdocs/example:

 
     
Contents of .htaccess file in
-    /www/htdocs/example
AddType text/example .exm

+    /www/htdocs/example
AddType text/example ".exm"

 

 
     
Section from your httpd.conf
-    file
<Directory /www/htdocs/example>
-    AddType text/example .exm
+    file
<Directory "/www/htdocs/example">
+    AddType text/example ".exm"
 </Directory>

 

 
@@ -265,11 +265,11 @@ changes on a per-directory basis.

     prevent script execution while allowing anything else to be set in
     .htaccess you can use:

 
-    
<Directory /www/htdocs>
+    
<Directory "/www/htdocs">
     AllowOverride All
 </Directory>
 
-<Location />
+<Location "/">
     Options +IncludesNoExec -ExecCGI

 </Location>

 
@@ -300,8 +300,8 @@ changes on a per-directory basis.

 
     
AuthType Basic
 AuthName "Password Required"
-AuthUserFile /www/passwords/password.file
-AuthGroupFile /www/passwords/group.file
+AuthUserFile "/www/passwords/password.file"
+AuthGroupFile "/www/passwords/group.file"
 Require group admins

 
 
@@ -320,7 +320,7 @@ Require group admins

     .htaccess file in the desired directory:

 
     
Options +Includes
-AddType text/html shtml
+AddType text/html "shtml"
 AddHandler server-parsed shtml

 
 
@@ -340,13 +340,13 @@ the current directory, rather than being the original requested URI.
 Consider the following examples:

 
 
# In httpd.conf
-RewriteRule ^/images/(.+)\.jpg /images/$1.png
+RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
 
 # In .htaccess in root dir
-RewriteRule ^images/(.+)\.jpg images/$1.png
+RewriteRule "^images/(.+)\.jpg" "images/$1.png"
 
 # In .htaccess in images/
-RewriteRule ^(.+)\.jpg $1.png

+RewriteRule "^(.+)\.jpg" "$1.png"

In a .htaccess in your document directory, the leading @@ -367,7 +367,7 @@ further details on using mod_rewrite.

implemented with the following configuration:

Options +ExecCGI
-AddHandler cgi-script cgi pl
+AddHandler cgi-script "cgi" "pl"

Alternately, if you wish to have all files in the given directory be diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml index 6902decd55..08e27eec63 100644 --- a/docs/manual/howto/htaccess.xml +++ b/docs/manual/howto/htaccess.xml @@ -77,7 +77,9 @@ changes on a per-directory basis.

if you would rather call the file .config then you can put the following in your server configuration file:

- AccessFileName .config + +AccessFileName ".config" +

In general, .htaccess files use the same syntax as @@ -209,21 +211,23 @@ changes on a per-directory basis.

Note that it is completely equivalent to put a .htaccess file in a directory /www/htdocs/example containing a directive, and to put that same directive in a Directory section - <Directory /www/htdocs/example> in your main server + <Directory "/www/htdocs/example"> in your main server configuration:

.htaccess file in /www/htdocs/example:

Contents of .htaccess file in <code>/www/htdocs/example</code> - AddType text/example .exm + +AddType text/example ".exm" + Section from your <code>httpd.conf</code> file -<Directory /www/htdocs/example> - AddType text/example .exm +<Directory "/www/htdocs/example"> + AddType text/example ".exm" </Directory> @@ -237,7 +241,9 @@ changes on a per-directory basis.

by setting the AllowOverride directive to none:

- AllowOverride None + +AllowOverride None +
How directives are applied @@ -258,7 +264,9 @@ changes on a per-directory basis.

In the directory /www/htdocs/example1 we have a .htaccess file containing the following:

- Options +ExecCGI + +Options +ExecCGI +

(Note: you must have "AllowOverride Options" in effect to permit the use of the "

In the directory /www/htdocs/example1/example2 we have a .htaccess file containing:

- Options Includes + +Options Includes +

Because of this second .htaccess file, in the directory /www/htdocs/example1/example2, CGI execution is not @@ -292,11 +302,11 @@ changes on a per-directory basis.

.htaccess you can use:

-<Directory /www/htdocs> +<Directory "/www/htdocs"> AllowOverride All </Directory> -<Location /> +<Location "/"> Options +IncludesNoExec -ExecCGI
</Location> @@ -330,8 +340,8 @@ changes on a per-directory basis.

AuthType Basic AuthName "Password Required" -AuthUserFile /www/passwords/password.file -AuthGroupFile /www/passwords/group.file +AuthUserFile "/www/passwords/password.file" +AuthGroupFile "/www/passwords/group.file" Require group admins @@ -351,7 +361,7 @@ Require group admins Options +Includes -AddType text/html shtml +AddType text/html "shtml" AddHandler server-parsed shtml @@ -372,13 +382,13 @@ Consider the following examples:

# In httpd.conf -RewriteRule ^/images/(.+)\.jpg /images/$1.png +RewriteRule "^/images/(.+)\.jpg" "/images/$1.png" # In .htaccess in root dir -RewriteRule ^images/(.+)\.jpg images/$1.png +RewriteRule "^images/(.+)\.jpg" "images/$1.png" # In .htaccess in images/ -RewriteRule ^(.+)\.jpg $1.png +RewriteRule "^(.+)\.jpg" "$1.png"

In a .htaccess in your document directory, the leading @@ -401,7 +411,7 @@ further details on using mod_rewrite.

Options +ExecCGI -AddHandler cgi-script cgi pl +AddHandler cgi-script "cgi" "pl"

Alternately, if you wish to have all files in the given directory be diff --git a/docs/manual/mod/mod_auth_basic.html.en b/docs/manual/mod/mod_auth_basic.html.en index 51f0d90fad..0e78f816d6 100644 --- a/docs/manual/mod/mod_auth_basic.html.en +++ b/docs/manual/mod/mod_auth_basic.html.en @@ -111,7 +111,7 @@ username and password

In this example, we pass a fixed username and password to a backend server.

-

Fixed Example

<Location /demo>
+    
Fixed Example
<Location "/demo">
     AuthBasicFake demo demopass
 </Location>

 

@@ -122,8 +122,8 @@ username and password
     directive. Like the FakeBasicAuth option, the password is set to the
     fixed string "password".

 
-    
Certificate Example
<Location /secure>
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email}
+    
Certificate Example
<Location "/secure">
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
 </Location>

 

 
@@ -132,12 +132,12 @@ username and password
     backend server. This can be used to gate into legacy systems that do
     not support client certificates.

 
-    
Password Example
<Location /secure>
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
+    
Password Example
<Location "/secure">
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
 </Location>

 

 
-    
Exclusion Example
<Location /public>
+    
Exclusion Example
<Location "/public">
     AuthBasicFake off
 </Location>

 

@@ -161,12 +161,12 @@ username and password
     The default file provider is implemented
     by the mod_authn_file module.  Make sure
     that the chosen provider module is present in the server.

-    
Example
<Location /secure>
+    
Example
<Location "/secure">
     AuthType basic
     AuthName "private area"
     AuthBasicProvider  dbm
     AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
     Require            valid-user
 </Location>

 

diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml
index 730af2da11..46b6dacff4 100644
--- a/docs/manual/mod/mod_auth_basic.xml
+++ b/docs/manual/mod/mod_auth_basic.xml
@@ -60,12 +60,12 @@
     that the chosen provider module is present in the server.

     Example
     
-<Location /secure>
+<Location "/secure">
     AuthType basic
     AuthName "private area"
     AuthBasicProvider  dbm
     AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
     Require            valid-user
 </Location>
     
@@ -136,7 +136,7 @@ username and password
 
     Fixed Example
     
-<Location /demo>
+<Location "/demo">
     AuthBasicFake demo demopass
 </Location>
     
@@ -150,8 +150,8 @@ username and password
 
     Certificate Example
     
-<Location /secure>
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email}
+<Location "/secure">
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
 </Location>
     
     
@@ -163,15 +163,15 @@ username and password
 
     Password Example
     
-<Location /secure>
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
+<Location "/secure">
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
 </Location>
     
     
 
     Exclusion Example
     
-<Location /public>
+<Location "/public">
     AuthBasicFake off
 </Location>
     
diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en
index 0030e013c1..c9df7ecb40 100644
--- a/docs/manual/mod/mod_auth_digest.html.en
+++ b/docs/manual/mod/mod_auth_digest.html.en
@@ -83,13 +83,13 @@
     
Appropriate user (text) files can be created using the
     htdigest tool.

 
-    
Example:
<Location /private/>
+    
Example:
<Location "/private/">
     AuthType Digest
     AuthName "private area"
-    AuthDigestDomain /private/ http://mirror.my.dom/private2/
+    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
     
     AuthDigestProvider file
-    AuthUserFile /web/auth/.digest_pw
+    AuthUserFile "/web/auth/.digest_pw"
     Require valid-user
 </Location>

 

diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml
index afedd6cd64..7e3382f665 100644
--- a/docs/manual/mod/mod_auth_digest.xml
+++ b/docs/manual/mod/mod_auth_digest.xml
@@ -64,13 +64,13 @@
 
     Example:
     
-<Location /private/>
+<Location "/private/">
     AuthType Digest
     AuthName "private area"
-    AuthDigestDomain /private/ http://mirror.my.dom/private2/
+    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
     
     AuthDigestProvider file
-    AuthUserFile /web/auth/.digest_pw
+    AuthUserFile "/web/auth/.digest_pw"
     Require valid-user
 </Location>
       
diff --git a/docs/manual/mod/mod_auth_form.html.en b/docs/manual/mod/mod_auth_form.html.en
index b845a813fb..2f38a4774b 100644
--- a/docs/manual/mod/mod_auth_form.html.en
+++ b/docs/manual/mod/mod_auth_form.html.en
@@ -108,10 +108,10 @@
       the user will be redirected to the form login page.

 
       
Basic example
AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret

@@ -159,12 +159,12 @@ SessionCryptoPassphrase secret

       The action of the form should point at this handler, which is configured within
       Apache httpd as follows:

 
-      
Form login handler example
<Location /dologin.html>
+      
Form login handler example
<Location "/dologin.html">
     SetHandler form-login-handler
-    AuthFormLoginRequiredLocation http://example.com/login.html
-    AuthFormLoginSuccessLocation http://example.com/success.html
+    AuthFormLoginRequiredLocation "http://example.com/login.html"
+    AuthFormLoginSuccessLocation "http://example.com/success.html"
     AuthFormProvider file
-    AuthUserFile conf/passwd
+    AuthUserFile "conf/passwd"
     AuthType form
     AuthName realm
     Session On
@@ -221,11 +221,11 @@ SessionCryptoPassphrase secret

       containing the login form, as follows:

 
       
Basic inline example
AuthFormProvider file
-ErrorDocument 401 /login.shtml
-AuthUserFile conf/passwd
+ErrorDocument 401 "/login.shtml"
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret

@@ -291,7 +291,7 @@ SessionCryptoPassphrase secret

       technology.

 
       
CGI example
        AuthFormProvider file
-        ErrorDocument 401 /cgi-bin/login.cgi
+        ErrorDocument 401 "/cgi-bin/login.cgi"
         ...

 

 
@@ -312,7 +312,7 @@ SessionCryptoPassphrase secret

 
       
Basic logout example
SetHandler form-logout-handler
 AuthName realm
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret

@@ -327,7 +327,7 @@ SessionCryptoPassphrase secret

       

 
       
Basic session expiry example
SetHandler form-logout-handler
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionMaxAge 1
 SessionCookieName session path=/
@@ -515,7 +515,7 @@ parser has been added in 2.4.4.
 
     
Example
<Location /logout>
     SetHandler form-logout-handler
-    AuthFormLogoutLocation http://example.com/loggedout.html
+    AuthFormLogoutLocation "http://example.com/loggedout.html"
     Session on
     #...
 </Location>

@@ -613,7 +613,7 @@ parser has been added in 2.4.4.
     AuthName "private area"
     AuthFormProvider  dbm
     AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
     Require            valid-user
     #...
 </Location>

diff --git a/docs/manual/mod/mod_auth_form.xml b/docs/manual/mod/mod_auth_form.xml
index 041c3a732b..57450fd5ae 100644
--- a/docs/manual/mod/mod_auth_form.xml
+++ b/docs/manual/mod/mod_auth_form.xml
@@ -76,10 +76,10 @@
       Basic example
       
 AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -133,12 +133,12 @@ SessionCryptoPassphrase secret
 
       Form login handler example
       
-<Location /dologin.html>
+<Location "/dologin.html">
     SetHandler form-login-handler
-    AuthFormLoginRequiredLocation http://example.com/login.html
-    AuthFormLoginSuccessLocation http://example.com/success.html
+    AuthFormLoginRequiredLocation "http://example.com/login.html"
+    AuthFormLoginSuccessLocation "http://example.com/success.html"
     AuthFormProvider file
-    AuthUserFile conf/passwd
+    AuthUserFile "conf/passwd"
     AuthType form
     AuthName realm
     Session On
@@ -201,11 +201,11 @@ SessionCryptoPassphrase secret
       Basic inline example
       
 AuthFormProvider file
-ErrorDocument 401 /login.shtml
-AuthUserFile conf/passwd
+ErrorDocument 401 "/login.shtml"
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -280,7 +280,7 @@ SessionCryptoPassphrase secret
       CGI example
       
         AuthFormProvider file
-        ErrorDocument 401 /cgi-bin/login.cgi
+        ErrorDocument 401 "/cgi-bin/login.cgi"
         ...
         
       
@@ -304,7 +304,7 @@ SessionCryptoPassphrase secret
       
 SetHandler form-logout-handler
 AuthName realm
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -322,7 +322,7 @@ SessionCryptoPassphrase secret
       Basic session expiry example
       
 SetHandler form-logout-handler
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionMaxAge 1
 SessionCookieName session path=/
@@ -363,7 +363,7 @@ SessionCryptoPassphrase secret
     AuthName "private area"
     AuthFormProvider  dbm
     AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
     Require            valid-user
     #...
 </Location>
@@ -636,7 +636,7 @@ parser has been added in 2.4.4.
     
 <Location /logout>
     SetHandler form-logout-handler
-    AuthFormLogoutLocation http://example.com/loggedout.html
+    AuthFormLogoutLocation "http://example.com/loggedout.html"
     Session on
     #...
 </Location>
diff --git a/docs/manual/mod/mod_authn_anon.html.en b/docs/manual/mod/mod_authn_anon.html.en
index c9b0d4ca0e..75c2dbd80e 100644
--- a/docs/manual/mod/mod_authn_anon.html.en
+++ b/docs/manual/mod/mod_authn_anon.html.en
@@ -93,11 +93,11 @@
       (Anonymous_LogEmail)
     
 
-    
Example
<Directory /var/www/html/private>
+    
Example
<Directory "/var/www/html/private">
     AuthName "Use 'anonymous' & Email address for guest entry"
     AuthType Basic
     AuthBasicProvider file anon
-    AuthUserFile /path/to/your/.htpasswd
+    AuthUserFile "/path/to/your/.htpasswd"
     
     Anonymous_NoUserID off
     Anonymous_MustGiveEmail on
diff --git a/docs/manual/mod/mod_authn_anon.xml b/docs/manual/mod/mod_authn_anon.xml
index dd2d96dd1c..778a11504e 100644
--- a/docs/manual/mod/mod_authn_anon.xml
+++ b/docs/manual/mod/mod_authn_anon.xml
@@ -81,11 +81,11 @@
 
     Example
     
-<Directory /var/www/html/private>
+<Directory "/var/www/html/private">
     AuthName "Use 'anonymous' & Email address for guest entry"
     AuthType Basic
     AuthBasicProvider file anon
-    AuthUserFile /path/to/your/.htpasswd
+    AuthUserFile "/path/to/your/.htpasswd"
     
     Anonymous_NoUserID off
     Anonymous_MustGiveEmail on
diff --git a/docs/manual/mod/mod_authn_core.html.en b/docs/manual/mod/mod_authn_core.html.en
index 64dddce6b2..b68c3a16cc 100644
--- a/docs/manual/mod/mod_authn_core.html.en
+++ b/docs/manual/mod/mod_authn_core.html.en
@@ -70,15 +70,15 @@
 
         
Checking multiple text password files
# Check here first
 <AuthnProviderAlias file file1>
-    AuthUserFile /www/conf/passwords1
+    AuthUserFile "/www/conf/passwords1"
 </AuthnProviderAlias>
 
 # Then check here
 <AuthnProviderAlias file file2>   
-    AuthUserFile /www/conf/passwords2
+    AuthUserFile "/www/conf/passwords2"
 </AuthnProviderAlias>
 
-<Directory /var/web/pages/secure>
+<Directory "/var/web/pages/secure">
     AuthBasicProvider file1 file2
     
     AuthType Basic
@@ -93,18 +93,18 @@
         hosts:

 
         
Checking multiple LDAP servers
<AuthnProviderAlias ldap ldap-alias1>
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
     AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 </AuthnProviderAlias>
 <AuthnProviderAlias ldap ldap-other-alias>
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
     AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 </AuthnProviderAlias>
 
-Alias /secure /webpages/secure
-<Directory /webpages/secure>
+Alias "/secure" "/webpages/secure"
+<Directory "/webpages/secure">
     Order deny,allow
     Allow from all
     
@@ -220,15 +220,15 @@ the specified alias
     in the following example, clients may access the
     /www/docs/public directory without authenticating:

 
-    
<Directory /www/docs>
+    
<Directory "/www/docs">
     AuthType Basic
     AuthName Documents
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     Require valid-user
 </Directory>
 
-<Directory /www/docs/public>
+<Directory "/www/docs/public">
     AuthType None
     Require all granted
 </Directory>

diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml
index d1ea4b218d..3c349d73a6 100644
--- a/docs/manual/mod/mod_authn_core.xml
+++ b/docs/manual/mod/mod_authn_core.xml
@@ -57,15 +57,15 @@
         
 # Check here first
 <AuthnProviderAlias file file1>
-    AuthUserFile /www/conf/passwords1
+    AuthUserFile "/www/conf/passwords1"
 </AuthnProviderAlias>
 
 # Then check here
 <AuthnProviderAlias file file2>   
-    AuthUserFile /www/conf/passwords2
+    AuthUserFile "/www/conf/passwords2"
 </AuthnProviderAlias>
 
-<Directory /var/web/pages/secure>
+<Directory "/var/web/pages/secure">
     AuthBasicProvider file1 file2
     
     AuthType Basic
@@ -83,18 +83,18 @@
         Checking multiple LDAP servers
         
 <AuthnProviderAlias ldap ldap-alias1>
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
     AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 </AuthnProviderAlias>
 <AuthnProviderAlias ldap ldap-other-alias>
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
     AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 </AuthnProviderAlias>
 
-Alias /secure /webpages/secure
-<Directory /webpages/secure>
+Alias "/secure" "/webpages/secure"
+<Directory "/webpages/secure">
     Order deny,allow
     Allow from all
     
@@ -194,15 +194,15 @@ authentication
     /www/docs/public directory without authenticating:

 
     
-<Directory /www/docs>
+<Directory "/www/docs">
     AuthType Basic
     AuthName Documents
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     Require valid-user
 </Directory>
 
-<Directory /www/docs/public>
+<Directory "/www/docs/public">
     AuthType None
     Require all granted
 </Directory>
diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en
index 1b40da14b7..cc55e99061 100644
--- a/docs/manual/mod/mod_authnz_ldap.html.en
+++ b/docs/manual/mod/mod_authnz_ldap.html.en
@@ -482,7 +482,7 @@ AuthLDAPMaxSubGroupDepth 1

     
The following directive would grant access to anyone with
     the attribute employeeType = active

 
-    
Require ldap-attribute employeeType=active

+    
Require ldap-attribute "employeeType=active"

 
 
     
Multiple attribute/value pairs can be specified on the same line
@@ -496,7 +496,7 @@ AuthLDAPMaxSubGroupDepth 1

     
The following directive would grant access to anyone with
     the city attribute equal to "San Jose" or status equal to "Active"

 
-    
Require ldap-attribute city="San Jose" status=active

+    
Require ldap-attribute city="San Jose" "status=active"

 
 
 
@@ -511,7 +511,7 @@ AuthLDAPMaxSubGroupDepth 1

     
The following directive would grant access to anyone having a cell phone
     and is in the marketing department

 
-    
Require ldap-filter &(cell=*)(department=marketing)

+    
Require ldap-filter "&(cell=*)(department=marketing)"

 
 
     
The difference between the Require ldap-filter directive and the
@@ -526,8 +526,8 @@ AuthLDAPMaxSubGroupDepth 1

     must be taken to ensure that LDAP filters are escaped correctly to guard against
     LDAP injection. The ldap function can be used for this purpose.

 
-
<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
-  Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
+
<LocationMatch "^/dav/(?<SITENAME>[^/]+)/">
+  Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
 </LocationMatch>

 
 
@@ -543,8 +543,8 @@ AuthLDAPMaxSubGroupDepth 1

     
The following directive would grant access to URLs that match the given objects in the
     LDAP server:

 
-
<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
-Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
+
<LocationMatch "^/dav/(?<SITENAME>[^/]+)/">
+Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
 </LocationMatch>

 
 
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index 7f743b71ac..542094b5f6 100644
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -364,7 +364,9 @@ Require ldap-user "Joe Manager"
     
If the uid attribute was used instead of the
     cn attribute in the URL above, the above three lines
     could be condensed to

-Require ldap-user bjenson fuser jmanager
+
+Require ldap-user bjenson fuser jmanager
+
Require ldap-group @@ -383,7 +385,9 @@ uniqueMember: cn=Fred User, o=Example

The following directive would grant access to both Fred and Barbara:

-Require ldap-group cn=Administrators, o=Example + +Require ldap-group cn=Administrators, o=Example +

Members can also be found within sub-groups of a specified LDAP group if AuthLDAPMaxSubGroupDepth @@ -448,7 +452,9 @@ AuthLDAPMaxSubGroupDepth 1

The following directive would grant access to a specific DN:

-Require ldap-dn cn=Barbara Jenson, o=Example + +Require ldap-dn cn=Barbara Jenson, o=Example +

Behavior of this directive is modified by the AuthLDAPCompareDNOnServer @@ -465,7 +471,9 @@ AuthLDAPMaxSubGroupDepth 1

The following directive would grant access to anyone with the attribute employeeType = active

- Require ldap-attribute employeeType=active + +Require ldap-attribute "employeeType=active" +

Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple @@ -478,7 +486,9 @@ AuthLDAPMaxSubGroupDepth 1

The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"

- Require ldap-attribute city="San Jose" status=active + +Require ldap-attribute city="San Jose" "status=active" +
@@ -492,7 +502,9 @@ AuthLDAPMaxSubGroupDepth 1

The following directive would grant access to anyone having a cell phone and is in the marketing department

- Require ldap-filter &(cell=*)(department=marketing) + +Require ldap-filter "&(cell=*)(department=marketing)" +

The difference between the Require ldap-filter directive and the Require ldap-attribute directive is that ldap-filter @@ -507,8 +519,8 @@ AuthLDAPMaxSubGroupDepth 1 LDAP injection. The ldap function can be used for this purpose.

-<LocationMatch ^/dav/(?<SITENAME>[^/]+)/> - Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example) +<LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> + Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)" </LocationMatch> @@ -525,8 +537,8 @@ AuthLDAPMaxSubGroupDepth 1 LDAP server:

-<LocationMatch ^/dav/(?<SITENAME>[^/]+)/> -Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website) +<LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> +Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)" </LocationMatch> diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en index 5075def0e9..3f0c16c5ce 100644 --- a/docs/manual/mod/mod_authz_core.html.en +++ b/docs/manual/mod/mod_authz_core.html.en @@ -83,13 +83,13 @@ not belong to either the temps group or the LDAP group Temporary Employees.

- 
<Directory /www/mydocs>
+    
<Directory "/www/mydocs">
     <RequireAll>
         <RequireAny>
             Require user superadmin
             <RequireAll>
                 Require group admins
-                Require ldap-group cn=Administrators,o=Airius
+                Require ldap-group "cn=Administrators,o=Airius"
                 <RequireAny>
                     Require group sales
                     Require ldap-attribute dept="sales"
@@ -98,7 +98,7 @@
         </RequireAny>
         <RequireNone>
             Require group temps
-            Require ldap-group cn=Temporary Employees,o=Airius
+            Require ldap-group "cn=Temporary Employees,o=Airius"
         </RequireNone>
     </RequireAll>
 </Directory>

@@ -125,8 +125,8 @@
     User-Agent (browser type), Referer, or
     other HTTP request header fields.

 
-    
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
-<Directory /docroot>
+    
SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
+<Directory "/docroot">
     Require env let_me_in
 </Directory>

 
@@ -235,20 +235,20 @@
         multiple ldap hosts:
         

 
-        
<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
-    AuthLDAPBindDN cn=youruser,o=ctx
+        
<AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx">
+    AuthLDAPBindDN "cn=youruser,o=ctx"
     AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 </AuthzProviderAlias>
 
-<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev">
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
     AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 </AuthzProviderAlias>
 
-Alias /secure /webpages/secure
-<Directory /webpages/secure>
+Alias "/secure" "/webpages/secure"
+<Directory "/webpages/secure">
     Require all granted
 
     AuthBasicProvider file
@@ -312,20 +312,20 @@ sections.
     preceding sections.  Thus only users belong to the group
     gamma may access /www/docs/ab/gamma.
 
-    
<Directory /www/docs>
+    
<Directory "/www/docs">
     AuthType Basic
     AuthName Documents
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     Require group alpha
 </Directory>
 
-<Directory /www/docs/ab>
+<Directory "/www/docs/ab">
     AuthMerging Or
     Require group beta
 </Directory>
 
-<Directory /www/docs/ab/gamma>
+<Directory "/www/docs/ab/gamma">
     Require group gamma
 </Directory>

 
@@ -454,8 +454,8 @@ an authorization provider.
     
AuthType Basic
 AuthName "Restricted Resource"
 AuthBasicProvider file
-AuthUserFile /web/users
-AuthGroupFile /web/groups
+AuthUserFile "/web/users"
+AuthGroupFile "/web/groups"
 Require group admin

 
 
@@ -479,7 +479,7 @@ Require group admin

     and beta groups are authorized, except for those who
     are also in the reject group.

 
-    
<Directory /www/docs>
+    
<Directory "/www/docs">
     <RequireAll>
         Require group alpha beta
         Require not group reject
diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml
index 670604e853..26c3ce2df6 100644
--- a/docs/manual/mod/mod_authz_core.xml
+++ b/docs/manual/mod/mod_authz_core.xml
@@ -63,13 +63,13 @@
     LDAP group Temporary Employees.

 
     
-<Directory /www/mydocs>
+<Directory "/www/mydocs">
     <RequireAll>
         <RequireAny>
             Require user superadmin
             <RequireAll>
                 Require group admins
-                Require ldap-group cn=Administrators,o=Airius
+                Require ldap-group "cn=Administrators,o=Airius"
                 <RequireAny>
                     Require group sales
                     Require ldap-attribute dept="sales"
@@ -78,7 +78,7 @@
         </RequireAny>
         <RequireNone>
             Require group temps
-            Require ldap-group cn=Temporary Employees,o=Airius
+            Require ldap-group "cn=Temporary Employees,o=Airius"
         </RequireNone>
     </RequireAll>
 </Directory>
@@ -107,8 +107,8 @@
     other HTTP request header fields.

 
     
-SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
-<Directory /docroot>
+SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
+<Directory "/docroot">
     Require env let_me_in
 </Directory>
     
@@ -227,20 +227,20 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
         

 
         
-<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
-    AuthLDAPBindDN cn=youruser,o=ctx
+<AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx">
+    AuthLDAPBindDN "cn=youruser,o=ctx"
     AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 </AuthzProviderAlias>
 
-<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev">
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
     AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 </AuthzProviderAlias>
 
-Alias /secure /webpages/secure
-<Directory /webpages/secure>
+Alias "/secure" "/webpages/secure"
+<Directory "/webpages/secure">
     Require all granted
 
     AuthBasicProvider file
@@ -337,8 +337,8 @@ an authorization provider.
 AuthType Basic
 AuthName "Restricted Resource"
 AuthBasicProvider file
-AuthUserFile /web/users
-AuthGroupFile /web/groups
+AuthUserFile "/web/users"
+AuthGroupFile "/web/groups"
 Require group admin
     
 
@@ -363,7 +363,7 @@ Require group admin
     are also in the reject group.

 
     
-<Directory /www/docs>
+<Directory "/www/docs">
     <RequireAll>
         Require group alpha beta
         Require not group reject
@@ -561,20 +561,20 @@ sections.
     gamma may access /www/docs/ab/gamma.
 
     
-<Directory /www/docs>
+<Directory "/www/docs">
     AuthType Basic
     AuthName Documents
     AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
     Require group alpha
 </Directory>
 
-<Directory /www/docs/ab>
+<Directory "/www/docs/ab">
     AuthMerging Or
     Require group beta
 </Directory>
 
-<Directory /www/docs/ab/gamma>
+<Directory "/www/docs/ab/gamma">
     Require group gamma
 </Directory>
     
diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en
index 71742f6e13..a24da7b959 100644
--- a/docs/manual/mod/mod_authz_dbm.html.en
+++ b/docs/manual/mod/mod_authz_dbm.html.en
@@ -88,16 +88,16 @@
 

 
Example usage

 
-
Note that using mod_authz_dbm requires you to require dbm-group 
+
Note that using mod_authz_dbm requires you to require dbm-group
 instead of group:
 

 
<Directory "/foo/bar">
-  AuthType Basic 
+  AuthType Basic
   AuthName "Secure Area"
-  AuthBasicProvider dbm 
-  AuthDBMUserFile site/data/users 
-  AuthDBMGroupFile site/data/users 
-  Require dbm-group admin 
+  AuthBasicProvider dbm
+  AuthDBMUserFile "site/data/users"
+  AuthDBMGroupFile "site/data/users"
+  Require dbm-group admin
 </Directory>

 
 

@@ -139,8 +139,8 @@ of user groups for authorization
     accomplished by first setting the group and password files to
     point to the same DBM:

 
-    
AuthDBMGroupFile /www/userbase
-AuthDBMUserFile /www/userbase

+    
AuthDBMGroupFile "/www/userbase"
+AuthDBMUserFile "/www/userbase"

 
 
     
The key for the single DBM is the username. The value consists
diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml
index dadeac0a99..1724a6c1f2 100644
--- a/docs/manual/mod/mod_authz_dbm.xml
+++ b/docs/manual/mod/mod_authz_dbm.xml
@@ -73,17 +73,17 @@
 
 

 Example usage
-
Note that using mod_authz_dbm requires you to require dbm-group 
+
Note that using mod_authz_dbm requires you to require dbm-group
 instead of group:
 

 
 <Directory "/foo/bar">
-  AuthType Basic 
+  AuthType Basic
   AuthName "Secure Area"
-  AuthBasicProvider dbm 
-  AuthDBMUserFile site/data/users 
-  AuthDBMGroupFile site/data/users 
-  Require dbm-group admin 
+  AuthBasicProvider dbm
+  AuthDBMUserFile "site/data/users"
+  AuthDBMGroupFile "site/data/users"
+  Require dbm-group admin
 </Directory>
 
 

@@ -126,8 +126,8 @@ of user groups for authorization
     point to the same DBM:

 
     
-AuthDBMGroupFile /www/userbase
-AuthDBMUserFile /www/userbase
+AuthDBMGroupFile "/www/userbase"
+AuthDBMUserFile "/www/userbase"
     
 
     
The key for the single DBM is the username. The value consists
diff --git a/docs/manual/mod/mod_authz_owner.html.en b/docs/manual/mod/mod_authz_owner.html.en
index f39eda7bef..94fbb8fe64 100644
--- a/docs/manual/mod/mod_authz_owner.html.en
+++ b/docs/manual/mod/mod_authz_owner.html.en
@@ -96,11 +96,11 @@
       files in /home/smith/public_html/private unless they
       were owned by jones instead of smith.

 
-      
<Directory /home/*/public_html/private>
+      
<Directory "/home/*/public_html/private">
     AuthType Basic
-    AuthName MyPrivateFiles
+    AuthName "MyPrivateFiles"
     AuthBasicProvider dbm
-    AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
     Require file-owner
 </Directory>

 
@@ -118,15 +118,15 @@
       authorized to access the project-foo directories of
       each other.

 
-      
<Directory /home/*/public_html/project-foo>
+      
<Directory "/home/*/public_html/project-foo">
     AuthType Basic
     AuthName "Project Foo Files"
     AuthBasicProvider dbm
-    
+
     # combined user/group database
-    AuthDBMUserFile  /usr/local/apache2/etc/.htdbm-all
-    AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
-    
+    AuthDBMUserFile  "/usr/local/apache2/etc/.htdbm-all"
+    AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
+
     Satisfy All
     Require file-group
 </Directory>

diff --git a/docs/manual/mod/mod_authz_owner.xml b/docs/manual/mod/mod_authz_owner.xml
index 971c2cfb23..61c03b8604 100644
--- a/docs/manual/mod/mod_authz_owner.xml
+++ b/docs/manual/mod/mod_authz_owner.xml
@@ -85,11 +85,11 @@
       were owned by jones instead of smith.

 
       
-<Directory /home/*/public_html/private>
+<Directory "/home/*/public_html/private">
     AuthType Basic
-    AuthName MyPrivateFiles
+    AuthName "MyPrivateFiles"
     AuthBasicProvider dbm
-    AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
     Require file-owner
 </Directory>
       
@@ -109,15 +109,15 @@
       each other.

 
       
-<Directory /home/*/public_html/project-foo>
+<Directory "/home/*/public_html/project-foo">
     AuthType Basic
     AuthName "Project Foo Files"
     AuthBasicProvider dbm
-    
+
     # combined user/group database
-    AuthDBMUserFile  /usr/local/apache2/etc/.htdbm-all
-    AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
-    
+    AuthDBMUserFile  "/usr/local/apache2/etc/.htdbm-all"
+    AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
+
     Satisfy All
     Require file-group
 </Directory>
diff --git a/docs/manual/mod/mod_dav.html.en b/docs/manual/mod/mod_dav.html.en
index 4aaa6b142a..8a89b2c511 100644
--- a/docs/manual/mod/mod_dav.html.en
+++ b/docs/manual/mod/mod_dav.html.en
@@ -78,7 +78,7 @@
     file using the DavLockDB
     directive:

 
-    
DavLockDB /usr/local/apache2/var/DavLock

+    
DavLockDB "/usr/local/apache2/var/DavLock"

 
 
     
The directory containing the lock database file must be
@@ -93,15 +93,15 @@
     directive. The "normal" LimitRequestBody directive has no effect on DAV
     requests.

 
-    
Full Example
DavLockDB /usr/local/apache2/var/DavLock
+    
Full Example
DavLockDB "/usr/local/apache2/var/DavLock"
 
-<Directory /usr/local/apache2/htdocs/foo>
+<Directory "/usr/local/apache2/htdocs/foo">
     Require all granted
     Dav On
 
     AuthType Basic
-    AuthName DAV
-    AuthUserFile user.passwd
+    AuthName "DAV"
+    AuthUserFile "user.passwd"
 
     <LimitExcept GET POST OPTIONS>
         Require user admin
@@ -159,9 +159,9 @@
     will run the script, and one of which will allow it to be
     downloaded and manipulated with DAV.

 
-
Alias /phparea /home/gstein/php_files
-Alias /php-source /home/gstein/php_files
-<Location /php-source>
+
Alias "/phparea" "/home/gstein/php_files"
+Alias "/php-source" "/home/gstein/php_files"
+<Location "/php-source">
     Dav On
     ForceType text/plain
 </Location>

@@ -185,7 +185,7 @@ Alias /php-source /home/gstein/php_files
     
Use the Dav directive to enable the
     WebDAV HTTP methods for the given container:

 
-    
<Location /foo>
+    
<Location "/foo">
     Dav On
 </Location>

 
@@ -240,7 +240,7 @@ a DAV resource
     (like 600 seconds) to reduce the chance of the client losing
     the lock due to network latency.

 
-    
Example
<Location /MSWord>
+    
Example
<Location "/MSWord">
     DavMinTimeout 600
 </Location>

 

diff --git a/docs/manual/mod/mod_dav.xml b/docs/manual/mod/mod_dav.xml
index 2d202c0eb3..4e015bd52d 100644
--- a/docs/manual/mod/mod_dav.xml
+++ b/docs/manual/mod/mod_dav.xml
@@ -45,7 +45,9 @@
     
To enable mod_dav, add the following to a
     container in your httpd.conf file:

 
-    Dav On
+    
+Dav On
+    
 
     
This enables the DAV file system provider, which is implemented
     by the mod_dav_fs module. Therefore, that module
@@ -58,12 +60,12 @@
     directive:

 
     
-      DavLockDB /usr/local/apache2/var/DavLock
+      DavLockDB "/usr/local/apache2/var/DavLock"
     
 
     
The directory containing the lock database file must be
     writable by the User
-    and Group under which
+    and Group under which
     Apache is running.

 
     
You may wish to add a Full Example
     
-DavLockDB /usr/local/apache2/var/DavLock
+DavLockDB "/usr/local/apache2/var/DavLock"
 
-<Directory /usr/local/apache2/htdocs/foo>
+<Directory "/usr/local/apache2/htdocs/foo">
     Require all granted
     Dav On
 
     AuthType Basic
-    AuthName DAV
-    AuthUserFile user.passwd
+    AuthName "DAV"
+    AuthUserFile "user.passwd"
 
     <LimitExcept GET POST OPTIONS>
         Require user admin
@@ -149,9 +151,9 @@ DavLockDB /usr/local/apache2/var/DavLock
     downloaded and manipulated with DAV.

 
 
-Alias /phparea /home/gstein/php_files
-Alias /php-source /home/gstein/php_files
-<Location /php-source>
+Alias "/phparea" "/home/gstein/php_files"
+Alias "/php-source" "/home/gstein/php_files"
+<Location "/php-source">
     Dav On
     ForceType text/plain
 </Location>
@@ -175,7 +177,7 @@ Alias /php-source /home/gstein/php_files
     WebDAV HTTP methods for the given container:

 
     
-<Location /foo>
+<Location "/foo">
     Dav On
 </Location>
     
@@ -218,7 +220,7 @@ a DAV resource
 
     Example
     
-<Location /MSWord>
+<Location "/MSWord">
     DavMinTimeout 600
 </Location>
     
diff --git a/docs/manual/mod/mod_session.html.en b/docs/manual/mod/mod_session.html.en
index c0ff549bca..3dc426c725 100644
--- a/docs/manual/mod/mod_session.html.en
+++ b/docs/manual/mod/mod_session.html.en
@@ -273,9 +273,9 @@ SessionCookieName session path=/private;domain=example.com;httponly;secure;

 

 
diff --git a/docs/manual/mod/mod_session.xml b/docs/manual/mod/mod_session.xml
index 963c0f0ccb..b6142517aa 100644
--- a/docs/manual/mod/mod_session.xml
+++ b/docs/manual/mod/mod_session.xml
@@ -261,9 +261,9 @@ Session On
 SessionCryptoPassphrase secret
 SessionCookieName session path=/
 AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
-AuthName realm
+AuthName "realm"
 #...
         
       
diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en
index 9aee172e69..c9295283c3 100644
--- a/docs/manual/ssl/ssl_howto.html.en
+++ b/docs/manual/ssl/ssl_howto.html.en
@@ -49,8 +49,8 @@ following directives.

 <VirtualHost *:443>
     ServerName www.example.com
     SSLEngine on
-    SSLCertificateFile /path/to/www.example.com.cert
-    SSLCertificateKeyFile /path/to/www.example.com.key
+    SSLCertificateFile "/path/to/www.example.com.cert"
+    SSLCertificateKeyFile "/path/to/www.example.com.key"
 </VirtualHost>

 
 
@@ -93,7 +93,7 @@ URL?
     
# be liberal in general
 SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
 
-<Location /strong/area>
+<Location "/strong/area">
 # but https://hostname/strong/area/ and below
 # requires strong ciphers
 SSLCipherSuite HIGH:!aNULL:!MD5
@@ -118,7 +118,7 @@ the server.

 
Because the client can obtain the certificate revocation status from
 the server, without requiring an extra connection from the client to the
 Certificate Authority, OCSP Stapling is the preferred way for the
-revocation status to be obtained.  Other benefits of eliminating the 
+revocation status to be obtained.  Other benefits of eliminating the
 communication between clients and the Certificate Authority are that the
 client browsing history is not exposed to the Certificate Authority and
 obtaining status is more reliable by not depending on potentially heavily
@@ -138,7 +138,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)"

 
 
These directives are placed at global scope (i.e., not within a virtual
 host definition) wherever other global SSL configuration directives are
-placed, such as in conf/extra/httpd-ssl.conf for normal 
+placed, such as in conf/extra/httpd-ssl.conf for normal
 open source builds of httpd, /etc/apache2/mods-enabled/ssl.conf
 for the Ubuntu or Debian-bundled httpd, etc.

 
@@ -146,7 +146,7 @@ for the Ubuntu or Debian-bundled httpd, etc.

 mod_socache_shmcb (from the shmcb prefix on the
 directive's argument).  This module is usually enabled already for
 SSLSessionCache or on behalf of some module other than
-mod_ssl.  If you enabled an SSL session cache using a 
+mod_ssl.  If you enabled an SSL session cache using a
 mechanism other than mod_socache_shmcb, use that alternative
 mechanism for SSLStaplingCache as well.  For example:

 
@@ -159,7 +159,7 @@ is sent by your server:

 
 
$ openssl s_client -connect www.example.com:443 -status -servername www.example.com
 ...
-OCSP response: 
+OCSP response:
 ======================================
 OCSP Response Data:
     OCSP Response Status: successful (0x0)
@@ -169,15 +169,15 @@ OCSP Response Data:
 ...

 
 
The following sections highlight the most common situations which require
-further modification to the configuration.  Refer also to the 
+further modification to the configuration.  Refer also to the
 mod_ssl reference manual.

 
 
If more than a few SSL certificates are used for the server

 
 
OCSP responses are stored in the SSL stapling cache.  While the responses
-are typically a few hundred to a few thousand bytes in size, mod_ssl 
-supports OCSP responses up to around 10K bytes in size.  With more than a 
-few certificates, the stapling cache size (32768 bytes in the example above) 
+are typically a few hundred to a few thousand bytes in size, mod_ssl
+supports OCSP responses up to around 10K bytes in size.  With more than a
+few certificates, the stapling cache size (32768 bytes in the example above)
 may need to be increased.  Error message AH01929 will be logged in case of
 an error storing a response.

 
@@ -185,7 +185,7 @@ an error storing a response.

 
If the certificate does not point to an OCSP responder, or if a
 different address must be used

 
-
Refer to the 
+
Refer to the
 SSLStaplingForceURL directive.

 
 
You can confirm that a server certificate points to an OCSP responder
@@ -227,7 +227,7 @@ directives.

 
 
AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!

 
In order to support OCSP Stapling when a particular server certificate is
-used, the certificate chain for that certificate must be configured.  If it 
+used, the certificate chain for that certificate must be configured.  If it
 was not configured as part of enabling SSL, the AH02217 error will be issued
 when stapling is enabled, and an OCSP response will not be provided for clients
 using the certificate.

@@ -264,7 +264,7 @@ Intranet website, for clients coming from the Internet?
 # signed by our CA certificate in ca.crt
 SSLVerifyClient require
 SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt

+SSLCACertificateFile "conf/ssl.crt/ca.crt"

 
 
 
@@ -277,9 +277,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt

     mod_ssl:

 
     
SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
 
-<Location /secure/area>
+<Location "/secure/area">
 SSLVerifyClient require
 SSLVerifyDepth 1
 </Location>

@@ -303,10 +303,10 @@ SSLVerifyDepth 1
     clients allowed, as follows:

 
     
SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
+SSLCACertificatePath "conf/ssl.crt"
 
-<Directory /usr/local/apache2/htdocs/secure/area>
+<Directory "/usr/local/apache2/htdocs/secure/area">
     SSLVerifyClient      require
     SSLVerifyDepth       5
     SSLOptions           +FakeBasicAuth
@@ -314,7 +314,7 @@ SSLCACertificatePath conf/ssl.crt
     AuthName             "Snake Oil Authentication"
     AuthType             Basic
     AuthBasicProvider    file
-    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    AuthUserFile         "/usr/local/apache2/conf/httpd.passwd"
     Require              valid-user
 </Directory>

 
@@ -332,10 +332,10 @@ SSLCACertificatePath conf/ssl.crt
 
 
     
SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
+SSLCACertificatePath "conf/ssl.crt"
 
-<Directory /usr/local/apache2/htdocs/secure/area>
+<Directory "/usr/local/apache2/htdocs/secure/area">
   SSLVerifyClient      require
   SSLVerifyDepth       5
   SSLOptions           +FakeBasicAuth
@@ -358,42 +358,42 @@ plain HTTP access for clients on the Intranet.
    This configuration should remain outside of your HTTPS virtual host, so
    that it applies to both HTTPS and HTTP.

 
-    
SSLCACertificateFile conf/ssl.crt/company-ca.crt
+    
SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
 
-<Directory /usr/local/apache2/htdocs>
+<Directory "/usr/local/apache2/htdocs">
     #   Outside the subarea only Intranet access is granted
     Require              ip 192.168.1.0/24
 </Directory>
 
-<Directory /usr/local/apache2/htdocs/subarea>
+<Directory "/usr/local/apache2/htdocs/subarea">
     #   Inside the subarea any Intranet access is allowed
     #   but from the Internet only HTTPS + Strong-Cipher + Password
     #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-    
+
     #   If HTTPS is used, make sure a strong cipher is used.
     #   Additionally allow client certs as alternative to basic auth.
     SSLVerifyClient      optional
     SSLVerifyDepth       1
     SSLOptions           +FakeBasicAuth +StrictRequire
     SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
-    
+
     #   Force clients from the Internet to use HTTPS
     RewriteEngine        on
-    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-    RewriteCond          %{HTTPS} !=on
-    RewriteRule          . - [F]
-    
+    RewriteCond          "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
+    RewriteCond          "%{HTTPS}" "!=on"
+    RewriteRule          "." "-" [F]
+
     #   Allow Network Access and/or Basic Auth
     Satisfy              any
-    
+
     #   Network Access Control
     Require              ip 192.168.1.0/24
-    
+
     #   HTTP Basic Authentication
     AuthType             basic
     AuthName             "Protected Intranet Area"
     AuthBasicProvider    file
-    AuthUserFile         conf/protected.passwd
+    AuthUserFile         "conf/protected.passwd"
     Require              valid-user
 </Directory>

 
diff --git a/docs/manual/ssl/ssl_howto.xml b/docs/manual/ssl/ssl_howto.xml
index dd349562e8..7763c757d2 100644
--- a/docs/manual/ssl/ssl_howto.xml
+++ b/docs/manual/ssl/ssl_howto.xml
@@ -44,8 +44,8 @@ Listen 443
 <VirtualHost *:443>
     ServerName www.example.com
     SSLEngine on
-    SSLCertificateFile /path/to/www.example.com.cert
-    SSLCertificateKeyFile /path/to/www.example.com.key
+    SSLCertificateFile "/path/to/www.example.com.cert"
+    SSLCertificateKeyFile "/path/to/www.example.com.key"
 </VirtualHost>
 
 
@@ -92,7 +92,7 @@ URL?
 # be liberal in general
 SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
 
-<Location /strong/area>
+<Location "/strong/area">
 # but https://hostname/strong/area/ and below
 # requires strong ciphers
 SSLCipherSuite HIGH:!aNULL:!MD5
@@ -118,7 +118,7 @@ the server.

 
Because the client can obtain the certificate revocation status from
 the server, without requiring an extra connection from the client to the
 Certificate Authority, OCSP Stapling is the preferred way for the
-revocation status to be obtained.  Other benefits of eliminating the 
+revocation status to be obtained.  Other benefits of eliminating the
 communication between clients and the Certificate Authority are that the
 client browsing history is not exposed to the Certificate Authority and
 obtaining status is more reliable by not depending on potentially heavily
@@ -139,7 +139,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)"
 
 
These directives are placed at global scope (i.e., not within a virtual
 host definition) wherever other global SSL configuration directives are
-placed, such as in conf/extra/httpd-ssl.conf for normal 
+placed, such as in conf/extra/httpd-ssl.conf for normal
 open source builds of httpd, /etc/apache2/mods-enabled/ssl.conf
 for the Ubuntu or Debian-bundled httpd, etc.

 
@@ -147,7 +147,7 @@ for the Ubuntu or Debian-bundled httpd, etc.

 mod_socache_shmcb (from the shmcb prefix on the
 directive's argument).  This module is usually enabled already for
 SSLSessionCache or on behalf of some module other than
-mod_ssl.  If you enabled an SSL session cache using a 
+mod_ssl.  If you enabled an SSL session cache using a
 mechanism other than mod_socache_shmcb, use that alternative
 mechanism for SSLStaplingCache as well.  For example:

 
@@ -162,7 +162,7 @@ is sent by your server:

 
 $ openssl s_client -connect www.example.com:443 -status -servername www.example.com
 ...
-OCSP response: 
+OCSP response:
 ======================================
 OCSP Response Data:
     OCSP Response Status: successful (0x0)
@@ -173,15 +173,15 @@ OCSP Response Data:
 

 
 
The following sections highlight the most common situations which require
-further modification to the configuration.  Refer also to the 
+further modification to the configuration.  Refer also to the
 mod_ssl reference manual.

 
 

 If more than a few SSL certificates are used for the server
 
OCSP responses are stored in the SSL stapling cache.  While the responses
-are typically a few hundred to a few thousand bytes in size, mod_ssl 
-supports OCSP responses up to around 10K bytes in size.  With more than a 
-few certificates, the stapling cache size (32768 bytes in the example above) 
+are typically a few hundred to a few thousand bytes in size, mod_ssl
+supports OCSP responses up to around 10K bytes in size.  With more than a
+few certificates, the stapling cache size (32768 bytes in the example above)
 may need to be increased.  Error message AH01929 will be logged in case of
 an error storing a response.

 

@@ -189,7 +189,7 @@ an error storing a response.

 

 If the certificate does not point to an OCSP responder, or if a
 different address must be used
-
Refer to the 
+
Refer to the
 SSLStaplingForceURL directive.

 
 
You can confirm that a server certificate points to an OCSP responder
@@ -235,7 +235,7 @@ directives.

 AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
 

 
In order to support OCSP Stapling when a particular server certificate is
-used, the certificate chain for that certificate must be configured.  If it 
+used, the certificate chain for that certificate must be configured.  If it
 was not configured as part of enabling SSL, the AH02217 error will be issued
 when stapling is enabled, and an OCSP response will not be provided for clients
 using the certificate.

@@ -274,7 +274,7 @@ Intranet website, for clients coming from the Internet?
 # signed by our CA certificate in ca.crt
 SSLVerifyClient require
 SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
     
 
 
@@ -288,9 +288,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt
 
     
 SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
 
-<Location /secure/area>
+<Location "/secure/area">
 SSLVerifyClient require
 SSLVerifyDepth 1
 </Location>
@@ -315,10 +315,10 @@ SSLVerifyDepth 1
 
     
 SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
+SSLCACertificatePath "conf/ssl.crt"
 
-<Directory /usr/local/apache2/htdocs/secure/area>
+<Directory "/usr/local/apache2/htdocs/secure/area">
     SSLVerifyClient      require
     SSLVerifyDepth       5
     SSLOptions           +FakeBasicAuth
@@ -326,7 +326,7 @@ SSLCACertificatePath conf/ssl.crt
     AuthName             "Snake Oil Authentication"
     AuthType             Basic
     AuthBasicProvider    file
-    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    AuthUserFile         "/usr/local/apache2/conf/httpd.passwd"
     Require              valid-user
 </Directory>
     
@@ -348,10 +348,10 @@ SSLCACertificatePath conf/ssl.crt
 
     
 SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
+SSLCACertificatePath "conf/ssl.crt"
 
-<Directory /usr/local/apache2/htdocs/secure/area>
+<Directory "/usr/local/apache2/htdocs/secure/area">
   SSLVerifyClient      require
   SSLVerifyDepth       5
   SSLOptions           +FakeBasicAuth
@@ -375,42 +375,42 @@ plain HTTP access for clients on the Intranet.
    that it applies to both HTTPS and HTTP.

 
     
-SSLCACertificateFile conf/ssl.crt/company-ca.crt
+SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
 
-<Directory /usr/local/apache2/htdocs>
+<Directory "/usr/local/apache2/htdocs">
     #   Outside the subarea only Intranet access is granted
     Require              ip 192.168.1.0/24
 </Directory>
 
-<Directory /usr/local/apache2/htdocs/subarea>
+<Directory "/usr/local/apache2/htdocs/subarea">
     #   Inside the subarea any Intranet access is allowed
     #   but from the Internet only HTTPS + Strong-Cipher + Password
     #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-    
+
     #   If HTTPS is used, make sure a strong cipher is used.
     #   Additionally allow client certs as alternative to basic auth.
     SSLVerifyClient      optional
     SSLVerifyDepth       1
     SSLOptions           +FakeBasicAuth +StrictRequire
     SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
-    
+
     #   Force clients from the Internet to use HTTPS
     RewriteEngine        on
-    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-    RewriteCond          %{HTTPS} !=on
-    RewriteRule          . - [F]
-    
+    RewriteCond          "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
+    RewriteCond          "%{HTTPS}" "!=on"
+    RewriteRule          "." "-" [F]
+
     #   Allow Network Access and/or Basic Auth
     Satisfy              any
-    
+
     #   Network Access Control
     Require              ip 192.168.1.0/24
-    
+
     #   HTTP Basic Authentication
     AuthType             basic
     AuthName             "Protected Intranet Area"
     AuthBasicProvider    file
-    AuthUserFile         conf/protected.passwd
+    AuthUserFile         "conf/protected.passwd"
     Require              valid-user
 </Directory>
     
@@ -430,4 +430,3 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
 
 
 
-
-- 
2.40.0