You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/10/01 22:57:49 UTC
svn commit: r1178089 [11/12] - in /httpd/httpd/trunk/docs/manual: ./
developer/ howto/ misc/ mod/ platform/ programs/ rewrite/ ssl/ vhosts/
Modified: httpd/httpd/trunk/docs/manual/rewrite/flags.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/flags.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/flags.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/flags.html.en Sat Oct 1 20:57:36 2011
@@ -64,7 +64,7 @@ RewriteRule pattern target [Flag1,Flag2,
a longer form, such as <code>cookie</code>. Some flags take one or more
arguments. Flags are not case sensitive.</p>
-<p>Each flag (with a few exceptions)
+<p>Each flag (with a few exceptions)
has a long and short form. While it is most common to use
the short form, it is recommended that you familiarize yourself with the
long form, so that you remember what each flag is supposed to do.</p>
@@ -283,7 +283,7 @@ redirects.</p>
<h2><a name="flag_f" id="flag_f">F|forbidden</a></h2>
<p>Using the [F] flag causes the server to return a 403 Forbidden status
code to the client. While the same behavior can be accomplished using
-the <code class="directive"><a href="../mod/mod_access.html#deny">Deny</a></code> directive, this
+the <code class="directive"><a href="../mod/mod_access.html#deny">Deny</a></code> directive, this
allows more flexibility in assigning a Forbidden status.</p>
<p>The following rule will forbid <code>.exe</code> files from being
@@ -358,13 +358,13 @@ C. Use this flag to indicate that the cu
immediately without considering further rules.</p>
<p>If you are using <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> in either
-<code>.htaccess</code> files or in
+<code>.htaccess</code> files or in
<code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> sections,
it is important to have some understanding of how the rules are
processed. The simplified form of this is that once the rules have been
processed, the rewritten request is handed back to the URL parsing
engine to do what it may with it. It is possible that as the rewritten
-request is handled, the <code>.htaccess</code> file or
+request is handled, the <code>.htaccess</code> file or
<code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> section
may be encountered again, and thus the ruleset may be run again from the
start. Most commonly this will happen if one of the rules causes a
@@ -384,7 +384,7 @@ redirects.</p>
<p>The example given here will rewrite any request to
<code>index.php</code>, giving the original request as a query string
-argument to <code>index.php</code>, however, the <code class="directive"><a href="../mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> ensures that if the request
+argument to <code>index.php</code>, however, the <code class="directive"><a href="../mod/mod_rewrite.html#rewritecond">RewriteCond</a></code> ensures that if the request
is already for <code>index.php</code>, the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> will be skipped.</p>
<div class="example"><p><code>
@@ -464,7 +464,7 @@ On subrequests, it is not always useful,
the complete set of rules are applied. Use this flag to exclude
problematic rules.</p>
-<p>To decide whether or not to use this rule: if you prefix URLs with
+<p>To decide whether or not to use this rule: if you prefix URLs with
CGI-scripts, to force them to be processed by the CGI-script, it's
likely that you will run into problems (or significant overhead)
on sub-requests. In these cases, use this flag.</p>
@@ -510,15 +510,15 @@ The target (or substitution string) in a
file path, by default. The use of the [PT] flag causes it to be treated
as a URI instead. That is to say, the
use of the [PT] flag causes the result of the <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> to be passed back through
-URL mapping, so that location-based mappings, such as <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>, <code class="directive"><a href="../mod/core.html#redirect">Redirect</a></code>, or <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>, for example, might have a
+URL mapping, so that location-based mappings, such as <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>, <code class="directive"><a href="../mod/core.html#redirect">Redirect</a></code>, or <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>, for example, might have a
chance to take effect.
</p>
<p>
-If, for example, you have an
+If, for example, you have an
<code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>
for /icons, and have a <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> pointing there, you should
-use the [PT] flag to ensure that the
+use the [PT] flag to ensure that the
<code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> is evaluated.
</p>
@@ -599,8 +599,8 @@ will be used to generate the URL sent wi
</p>
<p>
-<em>Any</em> valid HTTP response status code may be specified,
-using the syntax [R=305], with a 302 status code being used by
+<em>Any</em> valid HTTP response status code may be specified,
+using the syntax [R=305], with a 302 status code being used by
default if none is specified. The status code specified need not
necessarily be a redirect (3xx) status code.
</p>
@@ -610,7 +610,7 @@ substitution string is dropped entirely,
the <code>L</code> were used.</p>
<p>In addition to response status codes, you may also specify redirect
-status using their symbolic names: <code>temp</code> (default),
+status using their symbolic names: <code>temp</code> (default),
<code>permanent</code>, or <code>seeother</code>.</p>
<p>
@@ -644,9 +644,9 @@ RewriteRule (.*\.html) docs.php?$1
<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> immediately
following it. Thus, if you want to make a <code>RewriteCond</code> apply
to several <code>RewriteRule</code>s, one possible technique is to
-negate those conditions and use a [Skip] flag. So, you can
-use this to make pseudo if-then-else constructs: The last rule of
-the then-clause becomes <code>skip=N</code>, where N is the
+negate those conditions and use a [Skip] flag. So, you can
+use this to make pseudo if-then-else constructs: The last rule of
+the then-clause becomes <code>skip=N</code>, where N is the
number of rules in the else-clause.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
@@ -679,10 +679,10 @@ invariably be a less efficient solution
<p>
If used in per-directory context, use only <code>-</code> (dash)
-as the substitution <em>for the entire round of mod_rewrite processing</em>,
-otherwise the MIME-type set with this flag is lost due to an internal
+as the substitution <em>for the entire round of mod_rewrite processing</em>,
+otherwise the MIME-type set with this flag is lost due to an internal
re-processing (including subsequent rounds of mod_rewrite processing).
-The <code>L</code> flag can be useful in this context to end the
+The <code>L</code> flag can be useful in this context to end the
<em>current</em> round of mod_rewrite processing.</p>
</div></div>
Modified: httpd/httpd/trunk/docs/manual/rewrite/flags.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/flags.html.fr?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/flags.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/flags.html.fr Sat Oct 1 20:57:36 2011
@@ -109,7 +109,8 @@ ce que l'on souhaitait.</p>
<code>/search.php?term=x%20%26%20y%2Fz</code>.</p>
<p>Notez que vous devrez peut-être aussi définir la
-directive <code class="directive"><a href="../mod/core.html#allowencodedslashes">AllowEncodedSlashes</a></code> à <code>On</code> pour
+directive <code class="directive"><a href="../mod/core.html#allowencodedslashes">AllowEncodedSlashes</a></code>
+à <code>On</code> pour
que cet exemple particulier fonctionne, car httpd ne permet pas les
slashes encodés dans les URLs, et renvoie une erreur 404 s'il en
rencontre un.</p>
@@ -155,7 +156,7 @@ deux parties séparées par un point. C'
utiliser les valeurs <code>.com</code> ou <code>.net</code>. En effet,
ce style de cookie est interdit par le modèle de sécurité des cookies.</dd>
</dl>
-
+
<p>Vous pouvez aussi définir les valeurs suivantes :</p>
<dl>
Modified: httpd/httpd/trunk/docs/manual/rewrite/htaccess.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/htaccess.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/htaccess.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/htaccess.html.en Sat Oct 1 20:57:36 2011
@@ -22,7 +22,7 @@
</div>
-<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="../mod/mod_rewrite.html">reference documentation</a>. It describes
the way that the rules change when you use mod_rewrite in .htaccess files,
and how to deal with these changes.</p>
Modified: httpd/httpd/trunk/docs/manual/rewrite/index.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/index.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/index.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/index.html.en Sat Oct 1 20:57:36 2011
@@ -26,7 +26,7 @@
<p><code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> provides a way to modify incoming
- URL requests, dynamically, based on <a href="intro.html#regex">regular
+ URL requests, dynamically, based on <a href="intro.html#regex">regular
expression</a> rules. This allows you to map arbitrary URLs onto
your internal URL structure in any way you like.</p>
Modified: httpd/httpd/trunk/docs/manual/rewrite/index.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/index.html.fr?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/index.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/index.html.fr Sat Oct 1 20:57:36 2011
@@ -24,12 +24,12 @@
<a href="../zh-cn/rewrite/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p>
</div>
-
+
<p><code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> permet de modifier les requêtes
entrantes dynamiquement, en fonction de règles manipulant des <a href="intro.html#regex">expressions rationnelles</a>. Vous pouvez
ainsi relier des URLs arbitraires à votre propre structure d'URLs
interne comme vous le souhaitez.</p>
-
+
<p>Il fournit un
mécanisme de manipulation d'URL particulièrement souple et
puissant en supportant un nombre illimité de règles et de
Modified: httpd/httpd/trunk/docs/manual/rewrite/index.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/index.xml.tr?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/index.xml.tr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/index.xml.tr [utf-8] Sat Oct 1 20:57:36 2011
@@ -1,7 +1,7 @@
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 636374:1169760 (outdated) -->
+<!-- English Revision: 636374:1174747 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by: Orhan Berent <berent belgeler.org>
Modified: httpd/httpd/trunk/docs/manual/rewrite/intro.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/intro.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/intro.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/intro.html.en Sat Oct 1 20:57:36 2011
@@ -100,7 +100,7 @@ well as write your own.</p>
character</td><td><code>c.t</code> will match <code>cat</code>,
<code>cot</code>, <code>cut</code>, etc.</td></tr>
<tr><td><code>+</code></td><td>Repeats the previous match one or more
-times</td><td><code>a+</code> matches <code>a</code>, <code>aa</code>,
+times</td><td><code>a+</code> matches <code>a</code>, <code>aa</code>,
<code>aaa</code>, etc</td></tr>
<tr><td><code>*</code></td><td>Repeats the previous match zero or more
times.</td><td><code>a*</code> matches all the same things
@@ -115,7 +115,7 @@ of the string</td><td><code>^a</code> ma
the string.</td><td><code>a$</code> matches a string that ends with
<code>a</code>.</td></tr>
<tr><td><code>( )</code></td><td>Groups several characters into a single
-unit, and captures a match for use in a backreference.</td><td><code>(ab)+</code>
+unit, and captures a match for use in a backreference.</td><td><code>(ab)+</code>
matches <code>ababab</code> - that is, the <code>+</code> applies to the group.
For more on backreferences see <a href="#InternalBackRefs">below</a>.</td></tr>
<tr><td><code>[ ]</code></td><td>A character class - matches one of the
Modified: httpd/httpd/trunk/docs/manual/rewrite/proxy.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/proxy.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/proxy.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/proxy.html.en Sat Oct 1 20:57:36 2011
@@ -22,7 +22,7 @@
</div>
-<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="../mod/mod_rewrite.html">reference documentation</a>. It describes
how to use the RewriteRule's [P] flag to proxy content to another server.
A number of recipes are provided that describe common scenarios.</p>
@@ -78,7 +78,7 @@ ProxyPassReverse / http://old.example.co
<dd><p>In each case, we add a <code class="directive"><a href="../mod/mod_proxy.html#proxypassreverse">ProxyPassReverse</a></code> directive to ensure
that any redirects issued by the backend are correctly passed on to
the client.</p>
-
+
<p>Consider using either <code class="directive"><a href="../mod/mod_proxy.html#proxypass">ProxyPass</a></code> or <code class="directive"><a href="../mod/mod_rewrite.html#proxypassmatch">ProxyPassMatch</a></code> whenever possible in
preference to mod_rewrite.</p>
</dd>
Modified: httpd/httpd/trunk/docs/manual/rewrite/remapping.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/remapping.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/remapping.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/remapping.html.en Sat Oct 1 20:57:36 2011
@@ -22,7 +22,7 @@
</div>
-<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="../mod/mod_rewrite.html">reference documentation</a>. It describes
how you can use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> to redirect and remap
request. This includes many examples of common uses of mod_rewrite,
@@ -294,7 +294,7 @@ hostname(s).</p>
</VirtualHost>
</code></p></div>
-<p>You can alternatively accomplish this using the
+<p>You can alternatively accomplish this using the
<code class="directive"><a href="../mod/core.html#if"><If></a></code>
directive:</p>
@@ -318,7 +318,7 @@ Redirect /admin/ https://www.example.com
</code></p></div>
<p>If, for whatever reason, you still want to use <code>mod_rewrite</code>
-- if, for example, you need this to work with a larger set of RewriteRules -
+- if, for example, you need this to work with a larger set of RewriteRules -
you might use one of the recipes below.</p>
<p>For sites running on a port other than 80:</p>
@@ -441,8 +441,8 @@ com http://www.example.com/<br />
<dt>Discussion</dt>
<dd>
- <div class="warning">This ruleset relies on
- <code class="directive"><a href="../mod/core.html#hostnamelookups">HostNameLookups</a></code>
+ <div class="warning">This ruleset relies on
+ <code class="directive"><a href="../mod/core.html#hostnamelookups">HostNameLookups</a></code>
being set <code>on</code>, which can be
a significant performance hit.</div>
@@ -561,7 +561,7 @@ using the following ruleset:</p>
<p>We redirect the URL <code>/</code> to
<code>/about/</code>:
</p>
-
+
<div class="example"><p><code>
RewriteEngine on<br />
RewriteRule <strong>^/$</strong> /about/ [<strong>R</strong>]
@@ -575,9 +575,9 @@ RedirectMatch ^/$ http://example.com/abo
<p>Note also that the example rewrites only the root URL. That is, it
rewrites a request for <code>http://example.com/</code>, but not a
-request for <code>http://example.com/page.html</code>. If you have in
-fact changed your document root - that is, if <strong>all</strong> of
-your content is in fact in that subdirectory, it is greatly preferable
+request for <code>http://example.com/page.html</code>. If you have in
+fact changed your document root - that is, if <strong>all</strong> of
+your content is in fact in that subdirectory, it is greatly preferable
to simply change your <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>
directive, or move all of the content up one directory,
rather than rewriting URLs.</p>
Modified: httpd/httpd/trunk/docs/manual/rewrite/rewritemap.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/rewritemap.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/rewritemap.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/rewritemap.html.en Sat Oct 1 20:57:36 2011
@@ -22,7 +22,7 @@
</div>
- <p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+ <p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="../mod/mod_rewrite.html">reference documentation</a>. It describes
the use of the <code class="directive"><a href="../mod/mod_rewrite.html#rewritemap">RewriteMap</a></code> directive,
and provides examples of each of the various <code>RewriteMap</code> types.</p>
@@ -64,7 +64,7 @@ configuration.</div>
<div class="example"><p><code>
RewriteMap <em>MapName</em> <em>MapType</em>:<em>MapSource</em>
</code></p></div>
-
+
<p>The <a id="mapfunc" name="mapfunc"><em>MapName</em></a> is an
arbitray name that you assign to the map, and which you will use in
directives later on. Arguments are passed to the map via the
@@ -299,9 +299,9 @@ by many requests.
<p>When a MapType of <code>int</code> is used, the MapSource is one
- of the available internal RewriteMap functions. Module authors can provide
+ of the available internal RewriteMap functions. Module authors can provide
additional internal functions by registering them with the
- <code>ap_register_rewrite_mapfunc</code> API.
+ <code>ap_register_rewrite_mapfunc</code> API.
The functions that are provided by default are:
</p>
@@ -435,7 +435,7 @@ RewriteMap myquery "fastdbd:SELECT desti
once. For each mapping-function use one
<code class="directive">RewriteMap</code> directive to declare its rewriting
mapfile.</p>
-
+
<p>While you cannot <strong>declare</strong> a map in
per-directory context (<code>.htaccess</code> files or
<Directory> blocks) it is possible to
Modified: httpd/httpd/trunk/docs/manual/rewrite/tech.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/tech.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/tech.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/tech.html.en Sat Oct 1 20:57:36 2011
@@ -92,7 +92,7 @@ and URL matching.</p>
the <code>RewriteBase</code> directive below for the
trick to achieve this) and then initiates a new internal
sub-request with the new URL. This restarts processing of
- the API phases.
+ the API phases.
<p>Again mod_rewrite tries hard to make this complicated
step totally transparent to the user, but you should
@@ -109,7 +109,7 @@ and URL matching.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="InternalRuleset" id="InternalRuleset">Ruleset Processing</a></h2>
-
+
<p>Now when mod_rewrite is triggered in these two API phases, it
reads the configured rulesets from its configuration
structure (which itself was either created on startup for
Modified: httpd/httpd/trunk/docs/manual/rewrite/vhosts.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/vhosts.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/vhosts.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/vhosts.html.en Sat Oct 1 20:57:36 2011
@@ -22,9 +22,9 @@
</div>
-<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+<p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="../mod/mod_rewrite.html">reference documentation</a>. It describes
-how you can use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> to create dynamically
+how you can use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> to create dynamically
configured virtual hosts.</p>
<div class="warning">mod_rewrite is not the best way to configure
@@ -74,9 +74,9 @@ RewriteRule ^(.*) /home/<strong>%1</st
<dt>Discussion</dt>
<dd>
- <div class="warning">You will need to take care of the DNS
+ <div class="warning">You will need to take care of the DNS
resolution - Apache does
- not handle name resolution. You'll need either to create CNAME
+ not handle name resolution. You'll need either to create CNAME
records for each hostname, or a DNS wildcard record. Creating DNS
records is beyond the scope of this document.</div>
@@ -95,7 +95,7 @@ As with many techniques discussed in thi
isn't the best way to accomplish this task. You should, instead,
consider using <code class="module"><a href="../mod/mod_vhost_alias.html">mod_vhost_alias</a></code> instead, as it will much
more gracefully handle anything beyond serving static files, such as any
-dynamic content, and Alias resolution.
+dynamic content, and Alias resolution.
</p>
</dd>
</dl>
Modified: httpd/httpd/trunk/docs/manual/sections.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.html.en (original)
+++ httpd/httpd/trunk/docs/manual/sections.html.en Sat Oct 1 20:57:36 2011
@@ -135,7 +135,7 @@ directives, along with their <a class="g
counterparts, apply directives to
parts of the filesystem. Directives enclosed in a <code class="directive"><a href="./mod/core.html#directory"><Directory></a></code> section apply to
the named filesystem directory and all subdirectories of that
-directory (as well as the files in those directories).
+directory (as well as the files in those directories).
The same effect can be obtained using <a href="howto/htaccess.html">.htaccess files</a>. For example, in the
following configuration, directory indexes will be enabled for the
<code>/var/web/dir1</code> directory and all subdirectories.</p>
@@ -236,7 +236,7 @@ directives:</p>
ProxyPass /special-area http://special.example.com smax=5 max=10<br />
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On
</code></p></div>
-
+
<h3><a name="wildcards" id="wildcards">Wildcards and Regular Expressions</a></h3>
@@ -383,7 +383,7 @@ Deny from all<br />
<p>To find out what directives are allowed in what types of
configuration sections, check the <a href="mod/directive-dict.html#Context">Context</a> of the directive.
-Everything that is allowed in
+Everything that is allowed in
<code class="directive"><a href="./mod/core.html#directory"><Directory></a></code>
sections is also syntactically allowed in
<code class="directive"><a href="./mod/core.html#directorymatch"><DirectoryMatch></a></code>,
Modified: httpd/httpd/trunk/docs/manual/sections.html.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.html.fr?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.html.fr (original)
+++ httpd/httpd/trunk/docs/manual/sections.html.fr Sat Oct 1 20:57:36 2011
@@ -254,7 +254,7 @@ Alias /foo /srv/www/common/foo<br />
ProxyPass /special-area http://special.example.com smax=5 max=10<br />
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On
</code></p></div>
-
+
<h3><a name="wildcards" id="wildcards">Caractères de remplacement
Modified: httpd/httpd/trunk/docs/manual/sections.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.xml.ja?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/sections.xml.ja [utf-8] Sat Oct 1 20:57:36 2011
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
-<!-- English Revision: 420990:1060606 (outdated) -->
+<!-- English Revision: 420990:1174747 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/sections.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.xml.ko?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/sections.xml.ko [euc-kr] Sat Oct 1 20:57:36 2011
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
-<!-- English Revision: 105989:1060606 (outdated) -->
+<!-- English Revision: 105989:1174747 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/sections.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.xml.tr?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.xml.tr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/sections.xml.tr [utf-8] Sat Oct 1 20:57:36 2011
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.tr.xsl"?>
-<!-- English Revision: 735922:1060606 (outdated) -->
+<!-- English Revision: 735922:1174747 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by: Orhan Berent <berent belgeler.org>
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_compat.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_compat.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_compat.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_compat.html.en Sat Oct 1 20:57:36 2011
@@ -69,9 +69,9 @@ doesn't provide.</p>
<tr class="odd"><td><code>SSLDisable</code></td><td><code>SSLEngine off</code></td><td>compactified</td></tr>
<tr><td><code>SSLLogFile</code> <em>file</em></td><td><code>SSLLog</code> <em>file</em></td><td>compactified</td></tr>
<tr class="odd"><td><code>SSLRequiredCiphers</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
-<tr><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>",
+<tr><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>",
...}</code></td><td>generalized</td></tr>
-<tr class="odd"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>",
+<tr class="odd"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>",
...})</code></td><td>generalized</td></tr>
<tr><td><code>SSLFakeBasicAuth</code></td><td><code>SSLOptions +FakeBasicAuth</code></td><td>merged</td></tr>
<tr class="odd"><td><code>SSLCacheServerPath</code> <em>dir</em></td><td>-</td><td>functionality removed</td></tr>
@@ -115,7 +115,7 @@ doesn't provide.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="variables" id="variables">Environment Variables</a></h2>
+<h2><a name="variables" id="variables">Environment Variables</a></h2>
<p>The mapping between environment variable names used by the older
SSL solutions and the names used by mod_ssl is given in <a href="#table2">Table 2</a>.</p>
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_faq.html.en Sat Oct 1 20:57:36 2011
@@ -39,13 +39,13 @@ he poses the right questions.</p>
<div class="section">
<h2><a name="installation" id="installation">Installation</a></h2>
<ul>
-<li><a href="#mutex">Why do I get permission errors related to
+<li><a href="#mutex">Why do I get permission errors related to
SSLMutex when I start Apache?</a></li>
-<li><a href="#entropy">Why does mod_ssl stop with the error "Failed to
+<li><a href="#entropy">Why does mod_ssl stop with the error "Failed to
generate temporary 512 bit RSA private key" when I start Apache?</a></li>
</ul>
-<h3><a name="mutex" id="mutex">Why do I get permission errors related to
+<h3><a name="mutex" id="mutex">Why do I get permission errors related to
SSLMutex when I start Apache?</a></h3>
<p>Errors such as ``<code>mod_ssl: Child could not open
SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
@@ -58,7 +58,7 @@ generate temporary 512 bit RSA private k
<h3><a name="entropy" id="entropy">Why does mod_ssl stop with the error
- "Failed to generate temporary 512 bit RSA private key" when I start
+ "Failed to generate temporary 512 bit RSA private key" when I start
Apache?</a></h3>
<p>Cryptographic software needs a source of unpredictable data
to work correctly. Many open source operating systems provide
@@ -69,38 +69,38 @@ generate temporary 512 bit RSA private k
encryption. As of version 0.9.5, the OpenSSL functions that need
randomness report an error if the PRNG has not been seeded with
at least 128 bits of randomness.</p>
- <p>To prevent this error, <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> has to provide
- enough entropy to the PRNG to allow it to work correctly. This can
- be done via the <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code>
+ <p>To prevent this error, <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> has to provide
+ enough entropy to the PRNG to allow it to work correctly. This can
+ be done via the <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code>
directive.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="aboutconfig" id="aboutconfig">Configuration</a></h2>
<ul>
-<li><a href="#parallel">Is it possible to provide HTTP and HTTPS from
+<li><a href="#parallel">Is it possible to provide HTTP and HTTPS from
the same server?</a></li>
<li><a href="#ports">Which port does HTTPS use?</a></li>
-<li><a href="#httpstest">How do I speak HTTPS manually for testing
+<li><a href="#httpstest">How do I speak HTTPS manually for testing
purposes?</a></li>
-<li><a href="#hang">Why does the connection hang when I connect to my
+<li><a href="#hang">Why does the connection hang when I connect to my
SSL-aware Apache server?</a></li>
-<li><a href="#refused">Why do I get ``Connection Refused'' errors, when
+<li><a href="#refused">Why do I get ``Connection Refused'' errors, when
trying to access my newly installed Apache+mod_ssl server via HTTPS?</a></li>
<li><a href="#envvars">Why are the <code>SSL_XXX</code> variables not
available to my CGI & SSI scripts?</a></li>
-<li><a href="#relative">How can I switch between HTTP and HTTPS in
+<li><a href="#relative">How can I switch between HTTP and HTTPS in
relative hyperlinks?</a></li>
</ul>
-<h3><a name="parallel" id="parallel">Is it possible to provide HTTP and HTTPS
+<h3><a name="parallel" id="parallel">Is it possible to provide HTTP and HTTPS
from the same server?</a></h3>
- <p>Yes. HTTP and HTTPS use different server ports (HTTP binds to
- port 80, HTTPS to port 443), so there is no direct conflict between
- them. You can either run two separate server instances bound to
- these ports, or use Apache's elegant virtual hosting facility to
- create two virtual servers, both served by the same instance of Apache
- - one responding over HTTP to requests on port 80, and the other
+ <p>Yes. HTTP and HTTPS use different server ports (HTTP binds to
+ port 80, HTTPS to port 443), so there is no direct conflict between
+ them. You can either run two separate server instances bound to
+ these ports, or use Apache's elegant virtual hosting facility to
+ create two virtual servers, both served by the same instance of Apache
+ - one responding over HTTP to requests on port 80, and the other
responding over HTTPS to requests on port 443.</p>
@@ -114,15 +114,15 @@ relative hyperlinks?</a></li>
<h3><a name="httpstest" id="httpstest">How do I speak HTTPS manually for testing purposes?</a></h3>
<p>While you usually just use</p>
-
+
<div class="example"><p><code>$ telnet localhost 80<br />
GET / HTTP/1.0</code></p></div>
<p>for simple testing of Apache via HTTP, it's not so easy for
HTTPS because of the SSL protocol between TCP and HTTP. With the
- help of OpenSSL's <code>s_client</code> command, however, you can
+ help of OpenSSL's <code>s_client</code> command, however, you can
do a similar check via HTTPS:</p>
-
+
<div class="example"><p><code>$ openssl s_client -connect localhost:443 -state -debug<br />
GET / HTTP/1.0</code></p></div>
@@ -139,7 +139,7 @@ relative hyperlinks?</a></li>
$ curl https://localhost/</code></p></div>
-<h3><a name="hang" id="hang">Why does the connection hang when I connect
+<h3><a name="hang" id="hang">Why does the connection hang when I connect
to my SSL-aware Apache server?</a></h3>
<p>This can happen when you try to connect to a HTTPS server (or virtual
@@ -150,28 +150,28 @@ relative hyperlinks?</a></li>
or which supports it on a non-standard port). Make sure that you're
connecting to a (virtual) server that supports SSL.</p>
-<h3><a name="refused" id="refused">Why do I get ``Connection Refused'' messages,
+<h3><a name="refused" id="refused">Why do I get ``Connection Refused'' messages,
when trying to access my newly installed Apache+mod_ssl server via HTTPS?</a></h3>
<p>
This error can be caused by an incorrect configuration.
- Please make sure that your <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives match your
+ Please make sure that your <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives match your
<code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code>
- directives. If all else fails, please start afresh, using the default
+ directives. If all else fails, please start afresh, using the default
configuration provided by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>.</p>
-<h3><a name="envvars" id="envvars">Why are the <code>SSL_XXX</code> variables
+<h3><a name="envvars" id="envvars">Why are the <code>SSL_XXX</code> variables
not available to my CGI & SSI scripts?</a></h3>
<p>Please make sure you have ``<code>SSLOptions +StdEnvVars</code>''
enabled for the context of your CGI/SSI requests.</p>
-<h3><a name="relative" id="relative">How can I switch between HTTP and HTTPS in relative
+<h3><a name="relative" id="relative">How can I switch between HTTP and HTTPS in relative
hyperlinks?</a></h3>
-<p>Usually, to switch between HTTP and HTTPS, you have to use
- fully-qualified hyperlinks (because you have to change the URL
- scheme). Using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> however, you can
+<p>Usually, to switch between HTTP and HTTPS, you have to use
+ fully-qualified hyperlinks (because you have to change the URL
+ scheme). Using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> however, you can
manipulate relative hyperlinks, to achieve the same effect.</p>
<div class="example"><p><code>
RewriteEngine on<br />
@@ -187,24 +187,24 @@ relative hyperlinks?</a></li>
<div class="section">
<h2><a name="aboutcerts" id="aboutcerts">Certificates</a></h2>
<ul>
-<li><a href="#keyscerts">What are RSA Private Keys, CSRs and
+<li><a href="#keyscerts">What are RSA Private Keys, CSRs and
Certificates?</a></li>
<li><a href="#startup">Is there a difference on startup between
a non-SSL-aware Apache and an SSL-aware Apache?</a></li>
-<li><a href="#selfcert">How do I create a self-signed SSL
+<li><a href="#selfcert">How do I create a self-signed SSL
Certificate for testing purposes?</a></li>
<li><a href="#realcert">How do I create a real SSL Certificate?</a></li>
-<li><a href="#ownca">How do I create and use my own Certificate
+<li><a href="#ownca">How do I create and use my own Certificate
Authority (CA)?</a></li>
-<li><a href="#passphrase">How can I change the pass-phrase on my private
+<li><a href="#passphrase">How can I change the pass-phrase on my private
key file?</a></li>
-<li><a href="#removepassphrase">How can I get rid of the pass-phrase
+<li><a href="#removepassphrase">How can I get rid of the pass-phrase
dialog at Apache startup time?</a></li>
-<li><a href="#verify">How do I verify that a private key matches its
+<li><a href="#verify">How do I verify that a private key matches its
Certificate?</a></li>
-<li><a href="#badcert">Why do connections fail with an "alert bad
+<li><a href="#badcert">Why do connections fail with an "alert bad
certificate" error?</a></li>
-<li><a href="#pemder">How can I convert a certificate from PEM to DER
+<li><a href="#pemder">How can I convert a certificate from PEM to DER
format?</a></li>
<li><a href="#gid">Why do browsers complain that they cannot
verify my Verisign Global ID server certificate?</a></li>
@@ -217,7 +217,7 @@ verify my Verisign Global ID server cert
you.</p>
<p>A Certificate Signing Request (CSR) is a digital file which contains
your public key and your name. You send the CSR to a Certifying Authority
- (CA), who will convert it into a real Certificate, by signing it.</p>
+ (CA), who will convert it into a real Certificate, by signing it.</p>
<p>A Certificate contains your
RSA public key, your name, the name of the CA, and is digitally signed by
the CA. Browsers that know the CA can verify the signature on that
@@ -227,23 +227,23 @@ verify my Verisign Global ID server cert
description of the SSL protocol.</p>
-<h3><a name="startup" id="startup">Is there a difference on startup between
+<h3><a name="startup" id="startup">Is there a difference on startup between
a non-SSL-aware Apache and an SSL-aware Apache?</a></h3>
-<p>Yes. In general, starting Apache with
- <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> built-in is just like starting Apache
- without it. However, if you have a passphrase on your SSL private
- key file, a startup dialog will pop up which asks you to enter the
+<p>Yes. In general, starting Apache with
+ <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> built-in is just like starting Apache
+ without it. However, if you have a passphrase on your SSL private
+ key file, a startup dialog will pop up which asks you to enter the
pass phrase.</p>
-
- <p>Having to manually enter the passphrase when starting the server
- can be problematic - for example, when starting the server from the
+
+ <p>Having to manually enter the passphrase when starting the server
+ can be problematic - for example, when starting the server from the
system boot scripts. In this case, you can follow the steps
<a href="#removepassphrase">below</a> to remove the passphrase from
your private key. Bear in mind that doing so brings additional security
risks - proceed with caution!</p>
-<h3><a name="selfcert" id="selfcert">How do I create a self-signed SSL
+<h3><a name="selfcert" id="selfcert">How do I create a self-signed SSL
Certificate for testing purposes?</a></h3>
<ol>
<li>Make sure OpenSSL is installed and in your <code>PATH</code>.<br />
@@ -251,23 +251,23 @@ Certificate for testing purposes?</a></h
</li>
<li>Run the following command, to create <code>server.key</code> and
<code>server.crt</code> files:<br />
- <code><strong>$ openssl req -new -x509 -nodes -out server.crt
+ <code><strong>$ openssl req -new -x509 -nodes -out server.crt
-keyout server.key</strong></code><br />
- These can be used as follows in your <code>httpd.conf</code>
+ These can be used as follows in your <code>httpd.conf</code>
file:
<pre>
SSLCertificateFile /path/to/this/server.crt
SSLCertificateKeyFile /path/to/this/server.key
</pre>
</li>
- <li>It is important that you are aware that this
+ <li>It is important that you are aware that this
<code>server.key</code> does <em>not</em> have any passphrase.
- To add a passphrase to the key, you should run the following
+ To add a passphrase to the key, you should run the following
command, and enter & verify the passphrase as requested.<br />
- <p><code><strong>$ openssl rsa -des3 -in server.key -out
+ <p><code><strong>$ openssl rsa -des3 -in server.key -out
server.key.new</strong></code><br />
<code><strong>$ mv server.key.new server.key</strong></code><br /></p>
- Please backup the <code>server.key</code> file, and the passphrase
+ Please backup the <code>server.key</code> file, and the passphrase
you entered, in a secure location.
</li>
</ol>
@@ -292,7 +292,7 @@ Certificate for testing purposes?</a></h
<br />
<code><strong>$ openssl rsa -noout -text -in server.key</strong></code><br />
<br />
- If necessary, you can also create a decrypted PEM version (not
+ If necessary, you can also create a decrypted PEM version (not
recommended) of this RSA private key with:<br />
<br />
<code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code><br />
@@ -315,18 +315,18 @@ Certificate for testing purposes?</a></h
<br />
</li>
<li>You now have to send this Certificate Signing Request (CSR) to
- a Certifying Authority (CA) to be signed. Once the CSR has been
+ a Certifying Authority (CA) to be signed. Once the CSR has been
signed, you will have a real Certificate, which can be used by
- Apache. You can have a CSR signed by a commercial CA, or you can
+ Apache. You can have a CSR signed by a commercial CA, or you can
create your own CA to sign it.<br />
- Commercial CAs usually ask you to post the CSR into a web form,
- pay for the signing, and then send a signed Certificate, which
+ Commercial CAs usually ask you to post the CSR into a web form,
+ pay for the signing, and then send a signed Certificate, which
you can store in a server.crt file.<br />
For details on how to create your own CA, and use this to sign
a CSR, see <a href="#ownca">below</a>.<br />
-
- Once your CSR has been signed, you can see the details of the
+
+ Once your CSR has been signed, you can see the details of the
Certificate as follows:<br />
<br />
<code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br />
@@ -347,10 +347,10 @@ Certificate for testing purposes?</a></h
<h3><a name="ownca" id="ownca">How do I create and use my own Certificate Authority (CA)?</a></h3>
<p>The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
- script provided by OpenSSL. Unless you have a good reason not to,
+ script provided by OpenSSL. Unless you have a good reason not to,
you should use these for preference. If you cannot, you can create a
self-signed Certificate as follows:</p>
-
+
<ol>
<li>Create a RSA private key for your server
(will be Triple-DES encrypted and PEM formatted):<br />
@@ -359,11 +359,11 @@ Certificate for testing purposes?</a></h
<br />
Please backup this <code>host.key</code> file and the
pass-phrase you entered in a secure location.
- You can see the details of this RSA private key by using the
+ You can see the details of this RSA private key by using the
command:<br />
<code><strong>$ openssl rsa -noout -text -in server.key</strong></code><br />
<br />
- If necessary, you can also create a decrypted PEM version (not
+ If necessary, you can also create a decrypted PEM version (not
recommended) of this RSA private key with:<br />
<br />
<code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code><br />
@@ -372,7 +372,7 @@ Certificate for testing purposes?</a></h
<li>Create a self-signed Certificate (X509 structure)
with the RSA key you just created (output will be PEM formatted):<br />
<br />
- <code><strong>$ openssl req -new -x509 -nodes -sha1 -days 365
+ <code><strong>$ openssl req -new -x509 -nodes -sha1 -days 365
-key server.key -out server.crt</strong></code><br />
<br />
This signs the server CSR and results in a <code>server.crt</code> file.<br />
@@ -389,14 +389,14 @@ Certificate for testing purposes?</a></h
specifying the new pass-phrase. You can accomplish this with the following
commands:</p>
-
+
<p><code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br />
<code><strong>$ mv server.key.new server.key</strong></code><br /></p>
-
+
<p>The first time you're asked for a PEM pass-phrase, you should
- enter the old pass-phrase. After that, you'll be asked again to
+ enter the old pass-phrase. After that, you'll be asked again to
enter a pass-phrase - this time, use the new pass-phrase. If you
- are asked to verify the pass-phrase, you'll need to enter the new
+ are asked to verify the pass-phrase, you'll need to enter the new
pass-phrase a second time.</p>
@@ -404,7 +404,7 @@ Certificate for testing purposes?</a></h
<p>The reason this dialog pops up at startup and every re-start
is that the RSA private key inside your server.key file is stored in
encrypted format for security reasons. The pass-phrase is needed to decrypt
- this file, so it can be read and parsed. Removing the pass-phrase
+ this file, so it can be read and parsed. Removing the pass-phrase
removes a layer of security from your server - proceed with caution!</p>
<ol>
<li>Remove the encryption from the RSA private key (while
@@ -429,7 +429,7 @@ Certificate for testing purposes?</a></h
file are such that only root or the web server user can read it
(preferably get your web server to start as root but run as another
user, and have the key readable only by root).</p>
-
+
<p>As an alternative approach you can use the ``<code>SSLPassPhraseDialog
exec:/path/to/program</code>'' facility. Bear in mind that this is
neither more nor less secure, of course.</p>
@@ -441,28 +441,28 @@ Certificate for testing purposes?</a></h
key" bits are included when you generate a CSR, and subsequently form
part of the associated Certificate.</p>
<p>To check that the public key in your Certificate matches the public
- portion of your private key, you simply need to compare these numbers.
+ portion of your private key, you simply need to compare these numbers.
To view the Certificate and the key run the commands:</p>
-
+
<p><code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br />
<code><strong>$ openssl rsa -noout -text -in server.key</strong></code></p>
-
+
<p>The `modulus' and the `public exponent' portions in the key and the
Certificate must match. As the public exponent is usually 65537
and it's difficult to visually check that the long modulus numbers
are the same, you can use the following approach:</p>
-
+
<p><code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br />
<code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code></p>
-
+
<p>This leaves you with two rather shorter numbers to compare. It is,
- in theory, possible that these numbers may be the same, without the
- modulus numbers being the same, but the chances of this are
+ in theory, possible that these numbers may be the same, without the
+ modulus numbers being the same, but the chances of this are
overwhelmingly remote.</p>
- <p>Should you wish to check to which key or certificate a particular
- CSR belongs you can perform the same calculation on the CSR as
+ <p>Should you wish to check to which key or certificate a particular
+ CSR belongs you can perform the same calculation on the CSR as
follows:</p>
-
+
<p><code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code></p>
@@ -475,22 +475,22 @@ Certificate for testing purposes?</a></h
<code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code></p>
-<h3><a name="gid" id="gid">Why do browsers complain that they cannot
+<h3><a name="gid" id="gid">Why do browsers complain that they cannot
verify my Verisign Global ID server certificate?</a></h3>
-<p>Verisign uses an intermediate CA certificate between the root CA
- certificate (which is installed in the browsers) and the server
- certificate (which you installed on the server). You should have
+<p>Verisign uses an intermediate CA certificate between the root CA
+ certificate (which is installed in the browsers) and the server
+ certificate (which you installed on the server). You should have
received this additional CA certificate from Verisign.
If not, complain to them. Then, configure this certificate with the
- <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile</a></code>
- directive. This ensures that the intermediate CA certificate is
+ <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile</a></code>
+ directive. This ensures that the intermediate CA certificate is
sent to the browser, filling the gap in the certificate chain.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="aboutssl" id="aboutssl">The SSL Protocol</a></h2>
<ul>
-<li><a href="#random">Why do I get lots of random SSL protocol
+<li><a href="#random">Why do I get lots of random SSL protocol
errors under heavy server load?</a></li>
<li><a href="#load">Why does my webserver have a higher load, now
that it serves SSL encrypted traffic?</a></li>
@@ -501,7 +501,7 @@ sometimes take up to 30 seconds to estab
trying to use Anonymous Diffie-Hellman (ADH) ciphers?</a></li>
<li><a href="#sharedciphers">Why do I get a 'no shared ciphers'
error when connecting to my newly installed server?</a></li>
-<li><a href="#vhosts">Why can't I use SSL with name-based/non-IP-based
+<li><a href="#vhosts">Why can't I use SSL with name-based/non-IP-based
virtual hosts?</a></li>
<li><a href="#vhosts2">Is it possible to use Name-Based Virtual
Hosting to identify different SSL virtual hosts?</a></li>
@@ -510,11 +510,11 @@ Hosting to identify different SSL virtua
the lock icon in Netscape browsers stays unlocked when the dialog pops up.
Does this mean the username/password is being sent unencrypted?</a></li>
<li><a href="#msie">Why do I get I/O errors when connecting via
-HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer
+HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer
(MSIE)?</a></li>
</ul>
-<h3><a name="random" id="random">Why do I get lots of random SSL protocol
+<h3><a name="random" id="random">Why do I get lots of random SSL protocol
errors under heavy server load?</a></h3>
<p>There can be a number of reasons for this, but the main one
is problems with the SSL session Cache specified by the
@@ -523,7 +523,7 @@ errors under heavy server load?</a></h3>
no cache at all) may help.</p>
-<h3><a name="load" id="load">Why does my webserver have a higher load, now
+<h3><a name="load" id="load">Why does my webserver have a higher load, now
that it serves SSL encrypted traffic?</a></h3>
<p>SSL uses strong cryptographic encryption, which necessitates a lot of
number crunching. When you request a webpage via HTTPS, everything (even
@@ -531,62 +531,62 @@ that it serves SSL encrypted traffic?</a
traffic leads to load increases.</p>
-<h3><a name="establishing" id="establishing">Why do HTTPS connections to my server
+<h3><a name="establishing" id="establishing">Why do HTTPS connections to my server
sometimes take up to 30 seconds to establish a connection?</a></h3>
<p>This is usually caused by a <code>/dev/random</code> device for
- <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code> which blocks the
- read(2) call until enough entropy is available to service the
+ <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code> which blocks the
+ read(2) call until enough entropy is available to service the
request. More information is available in the reference
manual for the <code class="directive"><a href="../mod/mod_ssl.html#sslrandomseed">SSLRandomSeed</a></code>
directive.</p>
<h3><a name="ciphers" id="ciphers">What SSL Ciphers are supported by mod_ssl?</a></h3>
-<p>Usually, any SSL ciphers supported by the version of OpenSSL in use,
- are also supported by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. Which ciphers are
- available can depend on the way you built OpenSSL. Typically, at
+<p>Usually, any SSL ciphers supported by the version of OpenSSL in use,
+ are also supported by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. Which ciphers are
+ available can depend on the way you built OpenSSL. Typically, at
least the following ciphers are supported:</p>
-
+
<ol>
<li>RC4 with SHA1</li>
<li>AES with SHA1</li>
<li>Triple-DES with SHA1</li>
</ol>
-
- <p>To determine the actual list of ciphers available, you should run
+
+ <p>To determine the actual list of ciphers available, you should run
the following:</p>
<div class="example"><p><code>$ openssl ciphers -v</code></p></div>
-<h3><a name="adh" id="adh">Why do I get ``no shared cipher'' errors, when
+<h3><a name="adh" id="adh">Why do I get ``no shared cipher'' errors, when
trying to use Anonymous Diffie-Hellman (ADH) ciphers?</a></h3>
<p>By default, OpenSSL does <em>not</em> allow ADH ciphers, for security
- reasons. Please be sure you are aware of the potential side-effects
+ reasons. Please be sure you are aware of the potential side-effects
if you choose to enable these ciphers.</p>
- <p>In order to use Anonymous Diffie-Hellman (ADH) ciphers, you must
+ <p>In order to use Anonymous Diffie-Hellman (ADH) ciphers, you must
build OpenSSL with ``<code>-DSSL_ALLOW_ADH</code>'', and then add
``<code>ADH</code>'' into your <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>.</p>
-<h3><a name="sharedciphers" id="sharedciphers">Why do I get a 'no shared ciphers'
+<h3><a name="sharedciphers" id="sharedciphers">Why do I get a 'no shared ciphers'
error when connecting to my newly installed server?</a></h3>
-<p>Either you have made a mistake with your
+<p>Either you have made a mistake with your
<code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
directive (compare it with the pre-configured example in
<code>extra/httpd-ssl.conf</code>) or you chose to use DSA/DH
algorithms instead of RSA when you generated your private key
and ignored or overlooked the warnings. If you have chosen
- DSA/DH, then your server cannot communicate using RSA-based SSL
+ DSA/DH, then your server cannot communicate using RSA-based SSL
ciphers (at least until you configure an additional RSA-based
- certificate/key pair). Modern browsers like NS or IE can only
- communicate over SSL using RSA ciphers. The result is the
- "no shared ciphers" error. To fix this, regenerate your server
+ certificate/key pair). Modern browsers like NS or IE can only
+ communicate over SSL using RSA ciphers. The result is the
+ "no shared ciphers" error. To fix this, regenerate your server
certificate/key pair, using the RSA algorithm.</p>
<h3><a name="vhosts" id="vhosts">Why can't I use SSL with name-based/non-IP-based virtual hosts?</a></h3>
-<p>The reason is very technical, and a somewhat "chicken and egg" problem.
- The SSL protocol layer stays below the HTTP protocol layer and
+<p>The reason is very technical, and a somewhat "chicken and egg" problem.
+ The SSL protocol layer stays below the HTTP protocol layer and
encapsulates HTTP. When an SSL connection (HTTPS) is established
Apache/mod_ssl has to negotiate the SSL protocol parameters with the
client. For this, mod_ssl has to consult the configuration of the virtual
@@ -594,7 +594,7 @@ error when connecting to my newly instal
certificate, etc.). But in order to go to the correct virtual server
Apache has to know the <code>Host</code> HTTP header field. To do this, the
HTTP request header has to be read. This cannot be done before the SSL
- handshake is finished, but the information is needed in order to
+ handshake is finished, but the information is needed in order to
complete the SSL handshake phase. See the next question for how to
circumvent this issue.</p>
@@ -613,12 +613,12 @@ Virtual Hosting to identify different SS
specification added, called Server Name Indication (SNI).</p>
<p>The reason is that the SSL protocol is a separate layer which
- encapsulates the HTTP protocol. So the SSL session is a separate
- transaction, that takes place before the HTTP session has begun.
- The server receives an SSL request on IP address X and port Y
- (usually 443). Since the SSL request did not contain any Host:
+ encapsulates the HTTP protocol. So the SSL session is a separate
+ transaction, that takes place before the HTTP session has begun.
+ The server receives an SSL request on IP address X and port Y
+ (usually 443). Since the SSL request did not contain any Host:
field, the server had no way to decide which SSL virtual host to use.
- Usually, it just used the first one it found which matched the
+ Usually, it just used the first one it found which matched the
port and IP address specified.</p>
<p>If you are using a version of the web server and OpenSSL that
@@ -627,19 +627,19 @@ Virtual Hosting to identify different SS
web server can select the correct SSL virtual host.</p>
<p>You can, of course, use Name-Based Virtual Hosting to identify many
- non-SSL virtual hosts (all on port 80, for example) and then
+ non-SSL virtual hosts (all on port 80, for example) and then
have a single SSL virtual host (on port 443). But if you do this,
you must make sure to put the non-SSL port number on the NameVirtualHost
- directive, e.g.</p>
+ directive, e.g.</p>
<div class="example"><p><code>
NameVirtualHost 192.168.1.1:80
</code></p></div>
-
+
<p>Other workaround solutions include: </p>
- <p>Using separate IP addresses for different SSL hosts.
- Using different port numbers for different SSL hosts.</p>
+ <p>Using separate IP addresses for different SSL hosts.
+ Using different port numbers for different SSL hosts.</p>
<h3><a name="comp" id="comp">How do I get SSL compression working?</a></h3>
@@ -653,50 +653,50 @@ it will be used. However, most clients s
SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms
in its handshake, compression cannot be negotiated with these clients.
If the client disables support for SSLv2, either an SSLv3 or TLS Hello
-may be sent, depending on which SSL library is used, and compression may
-be set up. You can verify whether clients make use of SSL compression by
+may be sent, depending on which SSL library is used, and compression may
+be set up. You can verify whether clients make use of SSL compression by
logging the <code>%{SSL_COMPRESS_METHOD}x</code> variable.
</p>
-<h3><a name="lockicon" id="lockicon">When I use Basic Authentication over HTTPS
-the lock icon in Netscape browsers stays unlocked when the dialog pops up.
+<h3><a name="lockicon" id="lockicon">When I use Basic Authentication over HTTPS
+the lock icon in Netscape browsers stays unlocked when the dialog pops up.
Does this mean the username/password is being sent unencrypted?</a></h3>
<p>No, the username/password is transmitted encrypted. The icon in
Netscape browsers is not actually synchronized with the SSL/TLS layer.
- It only toggles to the locked state when the first part of the actual
- webpage data is transferred, which may confuse people. The Basic
- Authentication facility is part of the HTTP layer, which is above
- the SSL/TLS layer in HTTPS. Before any HTTP data communication takes
- place in HTTPS, the SSL/TLS layer has already completed its handshake
+ It only toggles to the locked state when the first part of the actual
+ webpage data is transferred, which may confuse people. The Basic
+ Authentication facility is part of the HTTP layer, which is above
+ the SSL/TLS layer in HTTPS. Before any HTTP data communication takes
+ place in HTTPS, the SSL/TLS layer has already completed its handshake
phase, and switched to encrypted communication. So don't be
confused by this icon.</p>
-<h3><a name="msie" id="msie">Why do I get I/O errors when connecting via
+<h3><a name="msie" id="msie">Why do I get I/O errors when connecting via
HTTPS to an Apache+mod_ssl server with older versions of Microsoft Internet
Explorer (MSIE)?</a></h3>
<p>The first reason is that the SSL implementation in some MSIE versions has
some subtle bugs related to the HTTP keep-alive facility and the SSL close
notify alerts on socket connection close. Additionally the interaction
- between SSL and HTTP/1.1 features are problematic in some MSIE versions.
- You can work around these problems by forcing Apache not to use HTTP/1.1,
- keep-alive connections or send the SSL close notify messages to MSIE clients.
- This can be done by using the following directive in your SSL-aware
+ between SSL and HTTP/1.1 features are problematic in some MSIE versions.
+ You can work around these problems by forcing Apache not to use HTTP/1.1,
+ keep-alive connections or send the SSL close notify messages to MSIE clients.
+ This can be done by using the following directive in your SSL-aware
virtual host section:</p>
<div class="example"><p><code>
SetEnvIf User-Agent "MSIE [2-5]" \<br />
nokeepalive ssl-unclean-shutdown \<br />
downgrade-1.0 force-response-1.0
</code></p></div>
- <p>Further, some MSIE versions have problems with particular ciphers.
- Unfortunately, it is not possible to implement a MSIE-specific
- workaround for this, because the ciphers are needed as early as the
- SSL handshake phase. So a MSIE-specific
- <code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> won't solve these
+ <p>Further, some MSIE versions have problems with particular ciphers.
+ Unfortunately, it is not possible to implement a MSIE-specific
+ workaround for this, because the ciphers are needed as early as the
+ SSL handshake phase. So a MSIE-specific
+ <code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> won't solve these
problems. Instead, you will have to make more drastic
adjustments to the global parameters. Before you decide to do
- this, make sure your clients really have problems. If not, do not
+ this, make sure your clients really have problems. If not, do not
make these changes - they will affect <em>all</em> your clients, MSIE
or otherwise.</p>
@@ -705,11 +705,11 @@ Explorer (MSIE)?</a></h3>
<div class="section">
<h2><a name="support" id="support">mod_ssl Support</a></h2>
<ul>
-<li><a href="#resources">What information resources are available in
+<li><a href="#resources">What information resources are available in
case of mod_ssl problems?</a></li>
-<li><a href="#contact">What support contacts are available in case of
+<li><a href="#contact">What support contacts are available in case of
mod_ssl problems?</a></li>
-<li><a href="#reportdetails">What information should I
+<li><a href="#reportdetails">What information should I
provide when writing a bug report?</a></li>
<li><a href="#coredumphelp">I had a core dump, can you help me?</a></li>
<li><a href="#backtrace">How do I get a backtrace, to help find the reason
@@ -731,10 +731,10 @@ for my core dump?</a></li>
</dl>
-<h3><a name="contact" id="contact">What support contacts are available in case
+<h3><a name="contact" id="contact">What support contacts are available in case
of mod_ssl problems?</a></h3>
<p>The following lists all support possibilities for mod_ssl, in order of
- preference. Please go through these possibilities
+ preference. Please go through these possibilities
<em>in this order</em> - don't just pick the one you like the look of. </p>
<ol>
@@ -772,22 +772,22 @@ provide when writing a bug report?</a></
<dt>The details on how you built and installed Apache httpd and OpenSSL</dt>
<dd>For this you can provide a logfile of your terminal session which shows
- the configuration and install steps. If this is not possible, you
+ the configuration and install steps. If this is not possible, you
should at least provide the <code class="program"><a href="../programs/configure.html">configure</a></code> command line you used.
</dd>
<dt>In case of core dumps please include a Backtrace</dt>
<dd>If your Apache httpd dumps its core, please attach
- a stack-frame ``backtrace'' (see <a href="#backtrace">below</a>
+ a stack-frame ``backtrace'' (see <a href="#backtrace">below</a>
for information on how to get this). This information is required
in order to find a reason for your core dump.
</dd>
-
+
<dt>A detailed description of your problem</dt>
- <dd>Don't laugh, we really mean it! Many problem reports don't
+ <dd>Don't laugh, we really mean it! Many problem reports don't
include a description of what the actual problem is. Without this,
- it's very difficult for anyone to help you. So, it's in your own
- interest (you want the problem be solved, don't you?) to include as
+ it's very difficult for anyone to help you. So, it's in your own
+ interest (you want the problem be solved, don't you?) to include as
much detail as possible, please. Of course, you should still include
all the essentials above too.
</dd>
@@ -802,7 +802,7 @@ provide when writing a bug report?</a></
fixing it.</p>
-<h3><a name="backtrace" id="backtrace">How do I get a backtrace, to help find
+<h3><a name="backtrace" id="backtrace">How do I get a backtrace, to help find
the reason for my core dump?</a></h3>
<p>Following are the steps you will need to complete, to get a backtrace:</p>
<ol>
@@ -816,7 +816,7 @@ the reason for my core dump?</a></h3>
want to use a directive like ``<code>CoreDumpDirectory /tmp</code>'' to
make sure that the core-dump file can be written. This should result
in a <code>/tmp/core</code> or <code>/tmp/httpd.core</code> file. If you
- don't get one of these, try running your server under a non-root UID.
+ don't get one of these, try running your server under a non-root UID.
Many modern kernels do not allow a process to dump core after it has
done a <code>setuid()</code> (unless it does an <code>exec()</code>) for
security reasons (there can be privileged information left over in
@@ -825,9 +825,9 @@ the reason for my core dump?</a></h3>
</li>
<li>Analyze the core-dump. For this, run <code>gdb /path/to/httpd
- /tmp/httpd.core</code> or a similar command. In GDB, all you
+ /tmp/httpd.core</code> or a similar command. In GDB, all you
have to do then is to enter <code>bt</code>, and voila, you get the
- backtrace. For other debuggers consult your local debugger manual.
+ backtrace. For other debuggers consult your local debugger manual.
</li>
</ol>
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en?rev=1178089&r1=1178088&r2=1178089&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.html.en Sat Oct 1 20:57:36 2011
@@ -59,7 +59,7 @@ following directives.</p>
<ul>
<li><a href="#onlystrong">How can I create an SSL server which accepts strong encryption only?</a></li>
-<li><a href="#strongurl">How can I create an SSL server which accepts all types of ciphers in general, but
+<li><a href="#strongurl">How can I create an SSL server which accepts all types of ciphers in general, but
requires a strong cipher for access to a particular URL?</a></li>
</ul>
@@ -88,8 +88,8 @@ only?</a></h3>
in general, but requires a strong ciphers for access to a particular
URL?</a></h3>
- <p>Obviously, a server-wide <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> which restricts
- ciphers to the strong variants, isn't the answer here. However,
+ <p>Obviously, a server-wide <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code> which restricts
+ ciphers to the strong variants, isn't the answer here. However,
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> can be reconfigured within <code>Location</code>
blocks, to give a per-directory solution, and can automatically force
a renegotiation of the SSL parameters to meet the new configuration.
@@ -111,7 +111,7 @@ URL?</a></h3>
<ul>
<li><a href="#allclients">How can I force clients to authenticate using certificates?</a></li>
-<li><a href="#arbitraryclients">How can I force clients to authenticate using certificates for a
+<li><a href="#arbitraryclients">How can I force clients to authenticate using certificates for a
particular URL, but still allow arbitrary clients to access the rest of the server?</a></li>
<li><a href="#certauthenticate">How can I allow only clients who have certificates to access a
particular URL, but allow all clients to access the rest of the server?</a></li>
@@ -164,14 +164,14 @@ Intranet website, for clients coming fro
matches what you expect. Usually this means checking all or part of the
Distinguished Name (DN), to see if it contains some known string.
There are two ways to do this, using either <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> or
- <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code>.</p>
-
+ <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code>.</p>
+
<p>The <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> method is generally required when
the certificates are completely arbitrary, or when their DNs have
no common fields (usually the organisation, etc.). In this case,
you should establish a password database containing <em>all</em>
clients allowed, as follows:</p>
-
+
<div class="example"><h3>httpd.conf</h3><pre>
SSLVerifyClient none
<Directory /usr/local/apache2/htdocs/secure/area>
@@ -188,11 +188,11 @@ AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
Require valid-user
</Directory></pre></div>
-
+
<p>The password used in this example is the DES encrypted string "password".
- See the <code class="directive"><a href="../mod/mod_ssl.html#ssloptions">SSLOptions</a></code> docs for more
+ See the <code class="directive"><a href="../mod/mod_ssl.html#ssloptions">SSLOptions</a></code> docs for more
information.</p>
-
+
<div class="example"><h3>httpd.passwd</h3><pre>
/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
@@ -222,10 +222,10 @@ authentication or client certificates, f
Intranet website, for clients coming from the Internet? I still want to allow
plain HTTP access for clients on the Intranet.</a></h3>
-
- <p>These examples presume that clients on the Intranet have IPs in the range
+
+ <p>These examples presume that clients on the Intranet have IPs in the range
192.168.1.0/24, and that the part of the Intranet website you want to allow
- internet access to is <code>/usr/local/apache2/htdocs/subarea</code>.
+ internet access to is <code>/usr/local/apache2/htdocs/subarea</code>.
This configuration should remain outside of your HTTPS virtual host, so
that it applies to both HTTPS and HTTP.</p>