You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by el...@apache.org on 2018/06/24 07:27:31 UTC
svn commit: r1834235 - in /httpd/httpd/branches/2.4.x/docs/manual/mod:
mod_authz_core.html.en mod_authz_core.xml.fr mod_authz_core.xml.meta
mod_proxy.html.en mod_proxy.xml.fr mod_proxy.xml.ja mod_proxy.xml.meta
mod_ssl.html.en quickreference.html.en
Author: elukey
Date: Sun Jun 24 07:27:31 2018
New Revision: 1834235
URL: http://svn.apache.org/viewvc?rev=1834235&view=rev
Log:
documentation rebuild
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.fr
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.meta
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.fr
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.ja
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.meta
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en Sun Jun 24 07:27:31 2018
@@ -48,9 +48,9 @@
</div>
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>
<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#logic">Authorization Containers</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#authmerging">AuthMerging</a></li>
@@ -66,53 +66,6 @@
<li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>
-
- <p>Extended authorization providers can be created within the configuration
- file and assigned an alias name. The alias providers can then be referenced
- through the <code class="directive"><a href="#require">Require</a></code> directive
- in the same way as a base authorization provider. Besides the ability to
- create and alias an extended provider, it also allows the same extended
- authorization provider to be referenced by multiple locations.
- </p>
-
- <h3><a name="example" id="example">Example</a></h3>
- <p>The example below creates two different ldap authorization provider
- aliases based on the ldap-group authorization provider. This example
- allows a single authorization location to check group membership within
- multiple ldap hosts:
- </p>
-
- <pre class="prettyprint lang-config"><AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
- AuthLDAPBindDN cn=youruser,o=ctx
- AuthLDAPBindPassword yourpassword
- AuthLDAPURL ldap://ldap.host/o=ctx
-</AuthzProviderAlias>
-
-<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>
- AuthLDAPBindDN cn=yourotheruser,o=dev
- AuthLDAPBindPassword yourotherpassword
- AuthLDAPURL ldap://other.ldap.host/o=dev?cn
-</AuthzProviderAlias>
-
-Alias "/secure" "/webpages/secure"
-<Directory "/webpages/secure">
- Require all granted
-
- AuthBasicProvider file
-
- AuthType Basic
- AuthName LDAP_Protected_Place
-
- #implied OR operation
- Require ldap-group-alias1
- Require ldap-group-alias2
-</Directory></pre>
-
-
-
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
<h2><a name="logic" id="logic">Authorization Containers</a></h2>
<p>The authorization container directives
@@ -140,7 +93,7 @@ Alias "/secure" "/webpages/secure"
Require user superadmin
<RequireAll>
Require group admins
- Require ldap-group cn=Administrators,o=Airius
+ Require ldap-group "cn=Administrators,o=Airius"
<RequireAny>
Require group sales
Require ldap-attribute dept="sales"
@@ -149,7 +102,7 @@ Alias "/secure" "/webpages/secure"
</RequireAny>
<RequireNone>
Require group temps
- Require ldap-group cn=Temporary Employees,o=Airius
+ Require ldap-group "cn=Temporary Employees,o=Airius"
</RequireNone>
</RequireAll>
</Directory></pre>
@@ -176,7 +129,7 @@ Alias "/secure" "/webpages/secure"
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
- <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+ <pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
<Directory "/docroot">
Require env let_me_in
</Directory></pre>
@@ -268,6 +221,53 @@ Alias "/secure" "/webpages/secure"
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>
+
+ <p>Extended authorization providers can be created within the configuration
+ file and assigned an alias name. The alias providers can then be referenced
+ through the <code class="directive"><a href="#require">Require</a></code> directive
+ in the same way as a base authorization provider. Besides the ability to
+ create and alias an extended provider, it also allows the same extended
+ authorization provider to be referenced by multiple locations.
+ </p>
+
+ <h3><a name="example" id="example">Example</a></h3>
+ <p>The example below creates two different ldap authorization provider
+ aliases based on the ldap-group authorization provider. This example
+ allows a single authorization location to check group membership within
+ multiple ldap hosts:
+ </p>
+
+ <pre class="prettyprint lang-config"><AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx">
+ AuthLDAPBindDN "cn=youruser,o=ctx"
+ AuthLDAPBindPassword yourpassword
+ AuthLDAPUrl "ldap://ldap.host/o=ctx"
+</AuthzProviderAlias>
+
+<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev">
+ AuthLDAPBindDN "cn=yourotheruser,o=dev"
+ AuthLDAPBindPassword yourotherpassword
+ AuthLDAPUrl "ldap://other.ldap.host/o=dev?cn"
+</AuthzProviderAlias>
+
+Alias "/secure" "/webpages/secure"
+<Directory "/webpages/secure">
+ Require all granted
+
+ AuthBasicProvider file
+
+ AuthType Basic
+ AuthName LDAP_Protected_Place
+
+ #implied OR operation
+ Require ldap-group-alias1
+ Require ldap-group-alias2
+</Directory></pre>
+
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>
@@ -517,7 +517,7 @@ Require group admin</pre>
<h3>See also</h3>
<ul>
-<li><a href="../howto/access.html">Access control howto</a></li>
+<li><a href="../howto/access.html">Access Control howto</a></li>
<li><a href="#logic">Authorization Containers</a></li>
<li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>
<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.fr?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.fr [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.fr [utf-8] Sun Jun 24 07:27:31 2018
@@ -3,7 +3,7 @@
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
-<!-- English Revision : 1829392 -->
+<!-- English Revision: 1829392:1834205 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.meta?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.xml.meta Sun Jun 24 07:27:31 2018
@@ -8,6 +8,6 @@
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
</variants>
</metafile>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en Sun Jun 24 07:27:31 2018
@@ -1218,6 +1218,14 @@ ProxyPass "/mirror/foo" "http://backend.
to override the <code class="directive">ProxyIOBufferSize</code> for a specific worker.
This must be at least 512 or set to 0 for the system default of 8192.
</td></tr>
+ <tr><td>responsefieldsize</td>
+ <td>8192</td>
+ <td>Adjust the size of the proxy response field buffer. The buffer size
+ should be at least the size of the largest expected header size from
+ a proxied response. Setting the value to 0 will use the system
+ default of 8192 bytes.<br />
+ Available in Apache HTTP Server 2.4.34 and later.
+ </td></tr>
<tr><td>keepalive</td>
<td>Off</td>
<td><p>This parameter should be used when you have a firewall between your
@@ -1501,9 +1509,10 @@ ProxyPass "/" "balancer://mycluster/" st
environment variables will not exist when this interpolation happens,
so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
for complex rules. Also note that interpolation is not supported
- within the scheme portion of a URL. Dynamic determination of the
- scheme can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> as in the
- following example.</p>
+ within the scheme/hostname/port portion of a URL. Dynamic determination of
+ those fields can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+ The following example describes how to use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+ to dynamically set the scheme to http or https:</p>
<pre class="prettyprint lang-config">RewriteEngine On
@@ -1564,7 +1573,12 @@ ProxyPassReverse "/mirror/foo/" "https:
and causes them to substitute the value of an environment
variable <code>varname</code> for the string <code>${varname}</code>
in configuration directives if the <var>interpolate</var> option is set.</p>
- <p>Keep this turned off (for server performance) unless you need it!</p>
+ <p>The scheme/hostname/port portion of <code class="directive">ProxyPass</code> cannot
+ contain variables, please consider using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> instead.</p>
+ <p>Keep this turned off (for server performance) unless you need it!
+ Adding variables to <code class="directive">ProxyPass</code> for example may lead to
+ using the default mod_proxy's workers configured (that don't allow any fine
+ tuning like connections reuse, etc..).</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.fr?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.fr [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.fr [utf-8] Sun Jun 24 07:27:31 2018
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1834093 -->
+<!-- English Revision: 1834093:1834234 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.ja?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.ja [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.ja [utf-8] Sun Jun 24 07:27:31 2018
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 344971:1834093 (outdated) -->
+<!-- English Revision: 344971:1834234 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.meta?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.meta (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml.meta Sun Jun 24 07:27:31 2018
@@ -8,7 +8,7 @@
<variants>
<variant>en</variant>
- <variant>fr</variant>
+ <variant outdated="yes">fr</variant>
<variant outdated="yes">ja</variant>
</variants>
</metafile>
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en Sun Jun 24 07:27:31 2018
@@ -1077,16 +1077,18 @@ the certificate being verified.</p>
<div class="directive-section"><h2><a name="SSLOCSPEnable" id="SSLOCSPEnable">SSLOCSPEnable</a> <a name="sslocspenable" id="sslocspenable">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable OCSP validation of the client certificate chain</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLOCSPEnable on|off</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLOCSPEnable on|leaf|off</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLOCSPEnable off</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Mode <em>leaf</em> available in httpd 2.4.34 and later</td></tr>
</table>
<p>This option enables OCSP validation of the client certificate
chain. If this option is enabled, certificates in the client's
certificate chain will be validated against an OCSP responder after
-normal verification (including CRL checks) have taken place.</p>
+normal verification (including CRL checks) have taken place. In
+mode 'leaf', only the client certificate itself will be validated.</p>
<p>The OCSP responder used is either extracted from the certificate
itself, or derived by configuration; see the
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en?rev=1834235&r1=1834234&r2=1834235&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en Sun Jun 24 07:27:31 2018
@@ -1018,7 +1018,7 @@ handshake</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Option to prefer the server's cipher preference order</td></tr>
<tr><td><a href="mod_ssl.html#sslinsecurerenegotiation">SSLInsecureRenegotiation on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Option to enable support for insecure renegotiation</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslocspdefaultresponder">SSLOCSDefaultResponder <em>uri</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Set the default responder URI for OCSP validation</td></tr>
-<tr><td><a href="mod_ssl.html#sslocspenable">SSLOCSPEnable on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable OCSP validation of the client certificate chain</td></tr>
+<tr><td><a href="mod_ssl.html#sslocspenable">SSLOCSPEnable on|leaf|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Enable OCSP validation of the client certificate chain</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslocspnoverify">SSLOCSPNoverify <em>On/Off</em></a></td><td> Off </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">skip the OCSP responder certificates verification</td></tr>
<tr><td><a href="mod_ssl.html#sslocspoverrideresponder">SSLOCSPOverrideResponder on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Force use of the default responder URI for OCSP validation</td></tr>
<tr class="odd"><td><a href="mod_ssl.html#sslocspproxyurl">SSLOCSPProxyURL <em>url</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Proxy URL to use for OCSP requests</td></tr>