You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2010/09/25 14:01:59 UTC
svn commit: r1001201 - in /httpd/httpd/trunk/docs/manual:
developer/new_api_2_4.html.en mod/mod_authz_core.html.en
mod/mod_authz_host.html.en
Author: sf
Date: Sat Sep 25 12:01:59 2010
New Revision: 1001201
URL: http://svn.apache.org/viewvc?rev=1001201&view=rev
Log:
Update transformations
Modified:
httpd/httpd/trunk/docs/manual/developer/new_api_2_4.html.en
httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en
Modified: httpd/httpd/trunk/docs/manual/developer/new_api_2_4.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/developer/new_api_2_4.html.en?rev=1001201&r1=1001200&r2=1001201&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/developer/new_api_2_4.html.en (original)
+++ httpd/httpd/trunk/docs/manual/developer/new_api_2_4.html.en Sat Sep 25 12:01:59 2010
@@ -72,7 +72,8 @@
<p>In addition to the existing regexp wrapper, a new higher-level API
<code>ap_rxplus</code> is now provided. This provides the capability to
compile Perl-style expressions like <code>s/regexp/replacement/flags</code>
- and to execute them against arbitrary strings. Also regexp memory.</p>
+ and to execute them against arbitrary strings. Support for regexp
+ backreference.</p>
<h3><a name="ap_slotmem" id="ap_slotmem">ap_slotmem (NEW!)</a></h3>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en?rev=1001201&r1=1001200&r2=1001201&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en Sat Sep 25 12:01:59 2010
@@ -53,6 +53,7 @@
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#logic">Authorization Containers</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
@@ -164,6 +165,88 @@
</span>
</Directory>
</code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
+
+ <p><code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code> provides some generic authorization
+ providers which can be used with the
+ <code class="directive"><a href="#require">Require</a></code> directive.</p>
+
+ <h3><a name="reqenv" id="reqenv">Require env</a></h3>
+
+ <p>The <code>env</code> provider allows access to the server
+ to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Require
+ env <var>env-variable</var></code> is specified, then the request is
+ allowed access if the environment variable <var>env-variable</var>
+ exists. The server provides the ability to set environment
+ variables in a flexible way based on characteristics of the client
+ request using the directives provided by
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
+ used to allow access based on such factors as the clients
+ <code>User-Agent</code> (browser type), <code>Referer</code>, or
+ other HTTP request header fields.</p>
+
+ <div class="example"><h3>Example:</h3><p><code>
+ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
+ <Directory /docroot><br />
+ <span class="indent">
+ Require env let_me_in<br />
+ </span>
+ </Directory>
+ </code></p></div>
+
+ <p>In this case, browsers with a user-agent string beginning
+ with <code>KnockKnock/2.0</code> will be allowed access, and all
+ others will be denied.</p>
+
+
+
+ <h3><a name="reqall" id="reqall">Require all</a></h3>
+
+ <p>The <code>all</code> provider mimics the functionality the
+ was previously provided by the 'Allow from all' and 'Deny from all'
+ directives. This provider can take one of two arguments which are
+ 'granted' or 'denied'. The following examples will grant or deny
+ access to all requests.</p>
+
+ <div class="example"><p><code>
+ Require all granted<br />
+ </code></p></div>
+
+ <div class="example"><p><code>
+ Require all denied<br />
+ </code></p></div>
+
+
+
+ <h3><a name="reqmethod" id="reqmethod">Require method</a></h3>
+
+ <p>The <code>method</code> provider allows to use the HTTP method in
+ authorization decisions. The GET and HEAD methods are treated as
+ equivalent. The TRACE method is not available to this provider,
+ use <code class="directive"><a href="../mod/core.html#traceenable">TraceEnable</a></code> instead.</p>
+
+ <p>The following example will only allow GET, HEAD, POST, and OPTIONS
+ requests:</p>
+
+ <div class="example"><p><code>
+ Require method GET POST OPTIONS<br />
+ </code></p></div>
+
+ <p>The following example will allow GET, HEAD, POST, and OPTIONS
+ requests without authentication, and require a valid user for all other
+ methods:</p>
+
+ <div class="example"><p><code>
+ <RequireAny><br />
+ Require method GET POST OPTIONS<br />
+ Require valid-user<br />
+ </RequireAny><br />
+ </code></p></div>
+
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>
@@ -273,9 +356,28 @@ an authorization provider.</td></tr>
</table>
<p>This directive tests whether an authenticated user is authorized
according to a particular authorization provider and the specified
- restrictions. Some of the allowed syntaxes provided by
- <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> and
- <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> are:</p>
+ restrictions. <code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code> provides the following
+ generic authorization providers:</p>
+
+ <dl>
+ <dt><code>Require all granted</code></dt>
+ <dd>Access is allowed unconditionally.</dd>
+
+ <dt><code>Require all denied</code></dt>
+ <dd>Access is denied unconditionally.</dd>
+
+ <dt><code>Require env <var>env-var</var> [<var>env-var</var>]
+ ...</code></dt>
+ <dd>Access is allowed only if one of the given environment variables is
+ set.</dd>
+
+ <dt><code>Require method <var>http-method</var> [<var>http-method</var>]
+ ...</code></dt>
+ <dd>Access is allowed only for the given HTTP methods.</dd>
+ </dl>
+
+ <p>Some of the allowed syntaxes provided by <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>
+ and <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> are:</p>
<dl>
<dt><code>Require user <var>userid</var> [<var>userid</var>]
@@ -296,8 +398,8 @@ an authorization provider.</td></tr>
<code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, and
<code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code>.</p>
- <p>For a complete authentication and authorization configuration,
- <code class="directive">Require</code> must be accompanied by
+ <p>In most cases, for a complete authentication and authorization
+ configuration, <code class="directive">Require</code> must be accompanied by
<code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code>, <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> and
<code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en?rev=1001201&r1=1001200&r2=1001201&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en Sat Sep 25 12:01:59 2010
@@ -40,8 +40,7 @@ address)</td></tr>
or <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section
as well as <code><a href="core.html#accessfilename">.htaccess</a>
</code> files to control access to particular parts of the server.
- Access can be controlled based on the client hostname, IP address, or
- other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>.</p>
+ Access can be controlled based on the client hostname or IP address.</p>
<p>In general, access restriction directives apply to all
access methods (<code>GET</code>, <code>PUT</code>,
@@ -69,44 +68,13 @@ address)</td></tr>
<p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
directive is used during the authorization phase to ensure that a user is allowed or
denied access to a resource. mod_authz_host extends the
- authorization types with <code>env</code>, <code>ip</code>,
- <code>host</code> and <code>all</code>. Other authorization types may also be
+ authorization types with <code>ip</code> and <code>host</code>.
+ Other authorization types may also be
used but may require that additional authorization modules be loaded.</p>
<p>These authorization providers affect which hosts can
access an area of the server. Access can be controlled by
- hostname, IP Address, IP Address range, or by other
- characteristics of the client request captured in environment
- variables.</p>
-
-<h3><a name="reqenv" id="reqenv">Require env</a></h3>
-
- <p>The <code>env</code> provider allows access to the server
- to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Require
- env <var>env-variable</var></code> is specified, then the request is
- allowed access if the environment variable <var>env-variable</var>
- exists. The server provides the ability to set environment
- variables in a flexible way based on characteristics of the client
- request using the directives provided by
- <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
- used to allow access based on such factors as the clients
- <code>User-Agent</code> (browser type), <code>Referer</code>, or
- other HTTP request header fields.</p>
-
- <div class="example"><h3>Example:</h3><p><code>
- SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
- <Directory /docroot><br />
- <span class="indent">
- Require env let_me_in<br />
- </span>
- </Directory>
- </code></p></div>
-
- <p>In this case, browsers with a user-agent string beginning
- with <code>KnockKnock/2.0</code> will be allowed access, and all
- others will be denied.</p>
-
-
+ hostname, IP Address, or IP Address range.</p>
<h3><a name="reqip" id="reqip">Require ip</a></h3>
@@ -191,52 +159,6 @@ address)</td></tr>
-<h3><a name="reqall" id="reqall">Require all</a></h3>
-
- <p>The <code>all</code> provider mimics the functionality the
- was previously provided by the 'Allow from all' and 'Deny from all'
- directives. This provider can take one of two arguments which are
- 'granted' or 'denied'. The following examples will grant or deny
- access to all requests.</p>
-
- <div class="example"><p><code>
- Require all granted<br />
- </code></p></div>
-
- <div class="example"><p><code>
- Require all denied<br />
- </code></p></div>
-
-
-
-<h3><a name="reqmethod" id="reqmethod">Require method</a></h3>
-
- <p>The <code>method</code> provider allows to use the HTTP method in
- authorization decisions. The GET and HEAD methods are treated as
- equivalent. The TRACE method is not available to this provider,
- use <code class="directive"><a href="../mod/core.html#traceenable">TraceEnable</a></code> instead.</p>
-
- <p>The following example will only allow GET, HEAD, POST, and OPTIONS
- requests:</p>
-
- <div class="example"><p><code>
- Require method GET POST OPTIONS<br />
- </code></p></div>
-
- <p>The following example will allow GET, HEAD, POST, and OPTIONS
- requests without authentication, and require a valid user for all other
- methods:</p>
-
- <div class="example"><p><code>
- <RequireAny><br />
- Require method GET POST OPTIONS<br />
- Require valid-user<br />
- </RequireAny><br />
- </code></p></div>
-
-
-
-
</div>
</div>
<div class="bottomlang">