From ed408d28e55c85d267c037d7176871da5115d791 Mon Sep 17 00:00:00 2001
From: Luca Toscano <elukey@apache.org>
Date: Mon, 11 Apr 2016 08:11:34 +0000
Subject: [PATCH] Documentation rebuild

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1738543 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/howto/auth.html.en            | 12 +++++
 docs/manual/mod/mod_access_compat.html.en | 12 +++--
 docs/manual/upgrading.html.en             | 56 +++++++++++++++++++++++
 3 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/docs/manual/howto/auth.html.en b/docs/manual/howto/auth.html.en
index 2bbb0f8c9e..cbdfe35ac9 100644
--- a/docs/manual/howto/auth.html.en
+++ b/docs/manual/howto/auth.html.en
@@ -563,6 +563,18 @@ Require group GroupName</pre>
         <code class="directive"><a href="../mod/mod_access_compat.html#satisfy">Satisfy</a></code> are no longer needed.
         However to provide backwards compatibility for older configurations, these
         directives have been moved to the <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> module.</p>
+
+        <div class="warning"><h3>Note</h3>
+        <p>The directives provided by <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> have
+        been deprecated by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.
+        Mixing old directives like <code class="directive"><a href="../mod/mod_access_compat.html#order">Order</a></code>, <code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code> or <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> with new ones like
+        <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> is technically possible
+        but discouraged. The <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> module was created to support
+        configurations containing only old directives to facilitate the 2.4 upgrade.
+        Please check the <a href="../upgrading.html">upgrading</a> guide for more
+        information.
+        </p>
+        </div>
     
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
diff --git a/docs/manual/mod/mod_access_compat.html.en b/docs/manual/mod/mod_access_compat.html.en
index be8dbd19f9..220c2588c8 100644
--- a/docs/manual/mod/mod_access_compat.html.en
+++ b/docs/manual/mod/mod_access_compat.html.en
@@ -62,9 +62,15 @@ have been deprecated by the new authz refactoring.  Please see
 
     <div class="warning"><h3>Note</h3>
       <p>The directives provided by <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> have
-      been deprecated by the new authz refactoring. Please see
-      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
-    </div>
+      been deprecated by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>. 
+      Mixing old directives like <code class="directive"><a href="#order">Order</a></code>, <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> with new ones like
+      <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> is technically possible 
+      but discouraged. This module was created to support 
+      configurations containing only old directives to facilitate the 2.4 upgrade. 
+      Please check the <a href="../upgrading.html">upgrading</a> guide for more
+      information.
+      </p>
+      </div>
 
     <p>In general, access restriction directives apply to all
     access methods (<code>GET</code>, <code>PUT</code>,
diff --git a/docs/manual/upgrading.html.en b/docs/manual/upgrading.html.en
index 7604ebf0e2..8c1863c259 100644
--- a/docs/manual/upgrading.html.en
+++ b/docs/manual/upgrading.html.en
@@ -138,6 +138,15 @@
       although for compatibility with old configurations, the new
       module <code class="module"><a href="./mod/mod_access_compat.html">mod_access_compat</a></code> is provided.</p>
 
+      <div class="note"><h3>Mixing old and new directives</h3>
+      <p>Mixing old directives like <code class="directive"><a href="./mod/mod_access_compat.html#order">Order</a></code>, <code class="directive"><a href="./mod/mod_access_compat.html#allow">Allow</a></code> or <code class="directive"><a href="./mod/mod_access_compat.html#deny">Deny</a></code> with new ones like
+      <code class="directive"><a href="./mod/mod_authz_core.html#require">Require</a></code> is technically possible 
+      but discouraged. <code class="module"><a href="./mod/mod_access_compat.html">mod_access_compat</a></code> was created to support 
+      configurations containing only old directives to facilitate the 2.4 upgrade. 
+      Please check the examples below to get a better idea about issues that might arise.
+      </p>
+      </div>
+
       <p>Here are some examples of old and new ways to do the same
       access control.</p>
 
@@ -164,6 +173,53 @@ Allow from example.org</pre>
 </div>
       <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">Require host example.org</pre>
 </div>
+
+      <p>In the following example, mixing old and new directives leads to 
+      unexpected results.</p>
+ 
+      <div class="example"><h3>Mixing old and new directives: NOT WORKING AS EXPECTED</h3><pre class="prettyprint lang-config">DocumentRoot "/var/www/html"
+
+&lt;Directory "/"&gt;
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+&lt;/Directory&gt;
+
+&lt;Location "/server-status"&gt;
+    SetHandler server-status
+    Require 127.0.0.1
+&lt;/Location&gt;
+
+access.log - GET /server-status 403 127.0.0.1
+error.log - AH01797: client denied by server configuration: /var/www/html/server-status</pre>
+</div>
+      <p>Why httpd denies access to servers-status even if the configuration seems to allow it?
+        Because <code class="module"><a href="./mod/mod_access_compat.html">mod_access_compat</a></code> directives take precedence
+        over the <code class="module"><a href="./mod/mod_authz_host.html">mod_authz_host</a></code> one in this configuration 
+        <a href="sections.html#merging">merge</a> scenario.</p>
+
+      <p>This example conversely works as expected:</p>
+
+      <div class="example"><h3>Mixing old and new directives: WORKING AS EXPECTED</h3><pre class="prettyprint lang-config">DocumentRoot "/var/www/html"
+
+&lt;Directory "/"&gt;
+    AllowOverride None
+    Require all denied
+&lt;/Directory&gt;
+
+&lt;Location "/server-status"&gt;
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow From 127.0.0.1
+&lt;/Location&gt;
+
+access.log - GET /server-status 200 127.0.0.1</pre>
+</div> 
+      <p>So even if mixing configuration is still
+        possible, please try to avoid it when upgrading: either keep old directives and then migrate
+        to the new ones on a later stage or just migrate everything in bulk.  
+      </p>
     
 
     
-- 
2.50.0