You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ch...@apache.org on 2008/12/19 21:01:23 UTC
svn commit: r728127 [1/3] - in /httpd/httpd/trunk/docs/manual: ./ howto/ mod/
Author: chrisd
Date: Fri Dec 19 12:01:21 2008
New Revision: 728127
URL: http://svn.apache.org/viewvc?rev=728127&view=rev
Log:
update transformation
Modified:
httpd/httpd/trunk/docs/manual/howto/auth.html.en
httpd/httpd/trunk/docs/manual/howto/auth.xml.ja
httpd/httpd/trunk/docs/manual/howto/auth.xml.ko
httpd/httpd/trunk/docs/manual/mod/allmodules.xml
httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de
httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es
httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja
httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko
httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr
httpd/httpd/trunk/docs/manual/mod/core.html.en
httpd/httpd/trunk/docs/manual/mod/core.xml.de
httpd/httpd/trunk/docs/manual/mod/core.xml.ja
httpd/httpd/trunk/docs/manual/mod/core.xml.meta
httpd/httpd/trunk/docs/manual/mod/core.xml.tr
httpd/httpd/trunk/docs/manual/mod/directives.html.en
httpd/httpd/trunk/docs/manual/mod/index.html.en
httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en
httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bybusyness.html.en
httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_byrequests.html.en
httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bytraffic.html.en
httpd/httpd/trunk/docs/manual/mod/mod_negotiation.xml.meta
httpd/httpd/trunk/docs/manual/mod/mod_privileges.html.en
httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
httpd/httpd/trunk/docs/manual/new_features_2_4.html.en
httpd/httpd/trunk/docs/manual/sitemap.html.en
Modified: httpd/httpd/trunk/docs/manual/howto/auth.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.html.en (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.html.en Fri Dec 19 12:01:21 2008
@@ -399,7 +399,7 @@
AuthBasicProvider file ldap<br />
AuthUserFile /usr/local/apache/passwd/passwords<br />
AuthLDAPURL ldap://ldaphost/o=yourorg<br />
- Require valid-user
+ Require valid-user<br />
</Directory>
</code></p></div>
@@ -425,14 +425,15 @@
AuthLDAPURL ldap://ldaphost/o=yourorg
AuthGroupFile /usr/local/apache/passwd/groups<br />
Require group GroupName<br />
- Require ldap-group cn=mygroup,o=yourorg
+ Require ldap-group cn=mygroup,o=yourorg<br />
</Directory>
</code></p></div>
<p>To take authorization a little further, authorization container
directives such as
- <code class="directive"><a href="../mod/mod_authz_core.html#matchall"><MatchAll></a></code> and
- <code class="directive"><a href="../mod/mod_authz_core.html#matchany"><MatchAny></a></code>
+ <code class="directive"><a href="../mod/mod_authz_core.html#requireall"><RequireAll></a></code>
+ and
+ <code class="directive"><a href="../mod/mod_authz_core.html#requireany"><RequireAny></a></code>
allow logic to be applied so that the order in which authorization
is handled can be completely controled through the configuration.
See <a href="../mod/mod_authz_core.html#logic">Authorization
@@ -455,20 +456,18 @@
configured and called in a specific order which didn't depend on the
load order of the auth module itself. This same provider based mechanism
has been brought forward into authorization as well. What this means is
- that the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and
- <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
- not only specify which authorization methods should be used, they also
+ that the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive
+ not only specifies which authorization methods should be used, it also
specifies the order in which they are called. Multiple authorization
- methods are called in the same order in which the
- <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
- or <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
+ methods are called in the same order in which the
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directives
appear in the configuration.</p>
<p>With the introduction of authorization container directives
such as
- <code class="directive"><a href="../mod/mod_authz_core.html#matchall"><MatchAll></a></code>
+ <code class="directive"><a href="../mod/mod_authz_core.html#requireall"><RequireAll></a></code>
and
- <code class="directive"><a href="../mod/mod_authz_core.html#matchany"><MatchAny></a></code>,
+ <code class="directive"><a href="../mod/mod_authz_core.html#requireany"><RequireAny></a></code>,
the configuration also has control over when the
authorization methods are called and what criteria determines when
access is granted. See
@@ -479,25 +478,11 @@
<p>By default all
<code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
directives are handled as though contained within a
- <code class="directive"><a href="../mod/mod_authz_core.html#matchany"><MatchAny></a></code>
+ <code class="directive"><a href="../mod/mod_authz_core.html#requireany"><RequireAny></a></code>
container directive. In other words, if
any of the specified authorization methods succeed, then authorization
is granted.</p>
- <p>In contrast, by default all
- <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
- are handled as though contained within a
- <code class="directive"><a href="../mod/mod_authz_core.html#matchall"><MatchAll></a></code>
- container directive (unless they are explicitly contained within
- a different authorization container directive).
- This permits
- <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
- to be usefully mixed with negated
- <code>Match not</code> directives. To authorize the request,
- none of the negated directives can match their parameters,
- while all of the positive directives must match their
- parameters (or else return a neutral result).</p>
-
<h3><a name="reqaccessctrl" id="reqaccessctrl">Using authorization providers for access control</a></h3>
@@ -515,9 +500,8 @@
a document.</p>
<p>The usage of these providers is specified through the
- <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and
- <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives.
- These directives register the authorization providers
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive.
+ This directive registers the authorization providers
that will be called during the authorization stage of the request
processing. For example:</p>
@@ -541,7 +525,12 @@
following:</p>
<div class="example"><p><code>
- Match not ip 10.252.46.165
+ <RequireAll>
+ <span class="indent">
+ Require all granted<br />
+ Require not ip 10.252.46.165
+ </span>
+ </RequireAll>
</code></p></div>
<p>Visitors coming from that address will not be able to see
@@ -549,30 +538,37 @@
machine name, rather than an IP address, you can use that.</p>
<div class="example"><p><code>
- Match not host <var>host.example.com</var>
+ <RequireAll>
+ <span class="indent">
+ Require all granted<br />
+ Require not host <var>host.example.com</var>
+ </span>
+ </RequireAll>
</code></p></div>
<p>And, if you'd like to block access from an entire domain,
you can specify just part of an address or domain name:</p>
<div class="example"><p><code>
- Match all granted<br />
- <MatchNotAny>
+ <RequireAll>
<span class="indent">
- Match ip 192.168.205<br />
- Match host phishers.example.com moreidiots.example<br />
- Match host ke
+ Require all granted<br />
+ <RequireNone>
+ <span class="indent">
+ Require ip 192.168.205<br />
+ Require host phishers.example.com moreidiots.example<br />
+ Require host ke
+ </span>
+ </RequireNone>
</span>
- </MatchNotAny>
+ </RequireAll>
</code></p></div>
- <p>The above example uses the <code class="directive"><a href="../mod/mod_authz_core.html#matchnotany"><MatchNotAny></a></code> container directive
+ <p>The above example uses the <code class="directive"><a href="../mod/mod_authz_core.html#requirenone"><RequireNone></a></code> directive
to make sure that none of the
- <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
- match their parameters before granting access. Note that
- the <code>Match all granted</code> directive and the
- <code class="directive"><a href="../mod/mod_authz_core.html#matchnotany"><MatchNotAny></a></code> are implicitly contained
- within a <code class="directive"><a href="../mod/mod_authz_core.html#matchall"><MatchAll></a></code> directive.</p>
+ <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directives
+ contained within it
+ match their parameters before granting access.</p>
Modified: httpd/httpd/trunk/docs/manual/howto/auth.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.xml.ja?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.xml.ja [utf-8] Fri Dec 19 12:01:21 2008
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 479777:714054 (outdated) -->
+<!-- English Revision: 479777:728126 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/howto/auth.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.xml.ko?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.xml.ko [euc-kr] Fri Dec 19 12:01:21 2008
@@ -1,7 +1,7 @@
<?xml version='1.0' encoding='EUC-KR' ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:714054 (outdated) -->
+<!-- English Revision: 105989:728126 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml</modulefile>
<modulefile>mod_imagemap.xml</modulefile>
<modulefile>mod_include.xml</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml</modulefile>
<modulefile>mod_log_forensic.xml</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml</modulefile>
<modulefile>mod_imagemap.xml</modulefile>
<modulefile>mod_include.xml</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml</modulefile>
<modulefile>mod_log_forensic.xml</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml</modulefile>
<modulefile>mod_imagemap.xml</modulefile>
<modulefile>mod_include.xml</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml</modulefile>
<modulefile>mod_log_forensic.xml</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja [utf-8] Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml.ja</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml.ja</modulefile>
<modulefile>mod_imagemap.xml</modulefile>
<modulefile>mod_include.xml.ja</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml.ja</modulefile>
<modulefile>mod_log_forensic.xml.ja</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko [euc-kr] Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml.ko</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml.ko</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml.ko</modulefile>
<modulefile>mod_imagemap.xml.ko</modulefile>
<modulefile>mod_include.xml</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml.ko</modulefile>
<modulefile>mod_log_forensic.xml</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr [utf-8] Fri Dec 19 12:01:21 2008
@@ -46,6 +46,8 @@
<modulefile>mod_file_cache.xml</modulefile>
<modulefile>mod_filter.xml</modulefile>
<modulefile>mod_headers.xml</modulefile>
+ <modulefile>mod_heartbeat.xml</modulefile>
+ <modulefile>mod_heartmonitor.xml</modulefile>
<modulefile>mod_ident.xml</modulefile>
<modulefile>mod_imagemap.xml</modulefile>
<modulefile>mod_include.xml</modulefile>
@@ -54,6 +56,7 @@
<modulefile>mod_lbmethod_bybusyness.xml</modulefile>
<modulefile>mod_lbmethod_byrequests.xml</modulefile>
<modulefile>mod_lbmethod_bytraffic.xml</modulefile>
+ <modulefile>mod_lbmethod_heartbeat.xml</modulefile>
<modulefile>mod_ldap.xml</modulefile>
<modulefile>mod_log_config.xml.tr</modulefile>
<modulefile>mod_log_forensic.xml.tr</modulefile>
Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.html.en Fri Dec 19 12:01:21 2008
@@ -1970,8 +1970,8 @@
</div>
<p>For all origin (non-proxy) requests, the URL to be matched is a
- URL-path of the form <code>/path/</code>. No scheme, hostname,
- port, or query string may be included. For proxy requests, the
+ URL-path of the form <code>/path/</code>. <em>No scheme, hostname,
+ port, or query string may be included.</em> For proxy requests, the
URL to be matched is of the form
<code>scheme://servername/path</code>, and you must include the
prefix.</p>
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml.de
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml.de?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml.de (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml.de Fri Dec 19 12:01:21 2008
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 167959:720186 (outdated) -->
+<!-- English Revision: 167959:726882 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml.ja?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml.ja [utf-8] Fri Dec 19 12:01:21 2008
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 669847:720186 (outdated) -->
+<!-- English Revision: 669847:726882 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml.meta?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml.meta Fri Dec 19 12:01:21 2008
@@ -10,6 +10,6 @@
<variant outdated="yes">de</variant>
<variant>en</variant>
<variant outdated="yes">ja</variant>
- <variant>tr</variant>
+ <variant outdated="yes">tr</variant>
</variants>
</metafile>
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml.tr?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml.tr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml.tr [utf-8] Fri Dec 19 12:01:21 2008
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 720186 -->
+<!-- English Revision: 720186:726882 (outdated) -->
<!-- =====================================================
Translated by: Nilgün Belma Bugüner <nilgun belgeler.org>
Reviewed by: Orhan Berent <berent belgeler.org>
Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Fri Dec 19 12:01:21 2008
@@ -120,6 +120,7 @@
<li><a href="mod_authnz_ldap.html#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></li>
<li><a href="mod_authnz_ldap.html#authldapsubgroupclass">AuthLDAPSubGroupClass</a></li>
<li><a href="mod_authnz_ldap.html#authldapurl">AuthLDAPUrl</a></li>
+<li><a href="mod_authz_core.html#authmerging">AuthMerging</a></li>
<li><a href="mod_authn_core.html#authname">AuthName</a></li>
<li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li>
<li><a href="mod_authn_core.html#authtype">AuthType</a></li>
@@ -229,6 +230,10 @@
<li><a href="mod_unixd.html#group">Group</a></li>
<li><a href="mod_headers.html#header" id="H" name="H">Header</a></li>
<li><a href="mod_autoindex.html#headername">HeaderName</a></li>
+<li><a href="mod_heartbeat.html#heartbeataddress">HeartbeatAddress</a></li>
+<li><a href="mod_heartmonitor.html#heartbeatlisten">HeartbeatListen</a></li>
+<li><a href="mod_heartmonitor.html#heartbeatstorage">HeartbeatStorage</a></li>
+<li><a href="mod_lbmethod_heartbeat.html#heartbeatstorage">HeartbeatStorage</a></li>
<li><a href="core.html#hostnamelookups">HostnameLookups</a></li>
<li><a href="mod_ident.html#identitycheck" id="I" name="I">IdentityCheck</a></li>
<li><a href="mod_ident.html#identitychecktimeout">IdentityCheckTimeout</a></li>
@@ -286,12 +291,7 @@
<li><a href="mpm_common.html#lockfile">LockFile</a></li>
<li><a href="mod_log_config.html#logformat">LogFormat</a></li>
<li><a href="core.html#loglevel">LogLevel</a></li>
-<li><a href="mod_authz_core.html#match" id="M" name="M">Match</a></li>
-<li><a href="mod_authz_core.html#matchall"><MatchAll></a></li>
-<li><a href="mod_authz_core.html#matchany"><MatchAny></a></li>
-<li><a href="mod_authz_core.html#matchnotall"><MatchNotAll></a></li>
-<li><a href="mod_authz_core.html#matchnotany"><MatchNotAny></a></li>
-<li><a href="mpm_common.html#maxclients">MaxClients</a></li>
+<li><a href="mpm_common.html#maxclients" id="M" name="M">MaxClients</a></li>
<li><a href="core.html#maxkeepaliverequests">MaxKeepAliveRequests</a></li>
<li><a href="mpm_common.html#maxmemfree">MaxMemFree</a></li>
<li><a href="mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></li>
@@ -300,7 +300,6 @@
<li><a href="mpm_common.html#maxsparethreads">MaxSpareThreads</a></li>
<li><a href="mpm_netware.html#maxthreads">MaxThreads</a></li>
<li><a href="perchild.html#maxthreadsperchild">MaxThreadsPerChild</a></li>
-<li><a href="mod_authz_core.html#mergeauthz">MergeAuthz</a></li>
<li><a href="mod_cern_meta.html#metadir">MetaDir</a></li>
<li><a href="mod_cern_meta.html#metafiles">MetaFiles</a></li>
<li><a href="mod_cern_meta.html#metasuffix">MetaSuffix</a></li>
@@ -360,6 +359,9 @@
<li><a href="mod_mime.html#removetype">RemoveType</a></li>
<li><a href="mod_headers.html#requestheader">RequestHeader</a></li>
<li><a href="mod_authz_core.html#require">Require</a></li>
+<li><a href="mod_authz_core.html#requireall"><RequireAll></a></li>
+<li><a href="mod_authz_core.html#requireany"><RequireAny></a></li>
+<li><a href="mod_authz_core.html#requirenone"><RequireNone></a></li>
<li><a href="mod_rewrite.html#rewritebase">RewriteBase</a></li>
<li><a href="mod_rewrite.html#rewritecond">RewriteCond</a></li>
<li><a href="mod_rewrite.html#rewriteengine">RewriteEngine</a></li>
Modified: httpd/httpd/trunk/docs/manual/mod/index.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/index.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/index.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/index.html.en Fri Dec 19 12:01:21 2008
@@ -134,6 +134,8 @@
<dt><a href="mod_filter.html">mod_filter</a></dt><dd>Context-sensitive smart filter configuration module</dd>
<dt><a href="mod_headers.html" id="H" name="H">mod_headers</a></dt><dd>Customization of HTTP request and response
headers</dd>
+<dt><a href="mod_heartbeat.html">mod_heartbeat</a></dt><dd />
+<dt><a href="mod_heartmonitor.html">mod_heartmonitor</a></dt><dd />
<dt><a href="mod_ident.html" id="I" name="I">mod_ident</a></dt><dd>RFC 1413 ident lookups</dd>
<dt><a href="mod_imagemap.html">mod_imagemap</a></dt><dd>Server-side imagemap processing</dd>
<dt><a href="mod_include.html">mod_include</a></dt><dd>Server-parsed html documents (Server Side Includes)</dd>
@@ -143,6 +145,7 @@
<dt><a href="mod_lbmethod_bybusyness.html" id="L" name="L">mod_lbmethod_bybusyness</a></dt><dd>Pending Request Counting load balancer scheduler algorithm for <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></dd>
<dt><a href="mod_lbmethod_byrequests.html">mod_lbmethod_byrequests</a></dt><dd>Request Counting load balancer scheduler algorithm for <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></dd>
<dt><a href="mod_lbmethod_bytraffic.html">mod_lbmethod_bytraffic</a></dt><dd>Weighted Traffic Counting load balancer scheduler algorithm for <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></dd>
+<dt><a href="mod_lbmethod_heartbeat.html">mod_lbmethod_heartbeat</a></dt><dd> This document is still under development.</dd>
<dt><a href="mod_ldap.html">mod_ldap</a></dt><dd>LDAP connection pooling and result caching services for use
by other LDAP modules</dd>
<dt><a href="mod_log_config.html">mod_log_config</a></dt><dd>Logging of the requests made to the server</dd>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.html.en Fri Dec 19 12:01:21 2008
@@ -180,7 +180,7 @@
access.</li>
<li>Fetch the distinguished name of the entry retrieved from
- the search and attempt to bind to the LDAP server using the
+ the search and attempt to bind to the LDAP server using that
DN and the password passed by the HTTP client. If the bind is
unsuccessful, deny or decline access.</li>
</ol>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en Fri Dec 19 12:01:21 2008
@@ -42,14 +42,12 @@
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#authmerging">AuthMerging</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authzprovideralias"><AuthzProviderAlias></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#match">Match</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#matchall"><MatchAll></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#matchany"><MatchAny></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#matchnotall"><MatchNotAll></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#matchnotany"><MatchNotAny></a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#mergeauthz">MergeAuthz</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#require">Require</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requireall"><RequireAll></a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requireany"><RequireAny></a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requirenone"><RequireNone></a></li>
</ul>
<h3>Topics</h3>
<ul id="topics">
@@ -62,8 +60,7 @@
<p>Extended authorization providers can be created within the configuration
file and assigned an alias name. The alias providers can then be referenced
- through the <code class="directive"><a href="#require">Require</a></code> and
- <code class="directive"><a href="#match">Match</a></code> directives
+ through the <code class="directive"><a href="#require">Require</a></code> directive
in the same way as a base authorization provider. Besides the ability to
create and alias an extended provider, it also allows the same extended
authorization provider to be reference by multiple locations.
@@ -116,13 +113,12 @@
<h2><a name="logic" id="logic">Authorization Containers</a></h2>
<p>The authorization container directives
- <code class="directive"><a href="#matchall"><MatchAll></a></code>,
- <code class="directive"><a href="#matchany"><MatchAny></a></code>,
- <code class="directive"><a href="#matchnotall"><MatchNotAll></a></code>
+ <code class="directive"><a href="#requireall"><RequireAll></a></code>,
+ <code class="directive"><a href="#requireany"><RequireAny></a></code>
and
- <code class="directive"><a href="#matchnotany"><MatchNotAny></a></code>
+ <code class="directive"><a href="#requirenone"><RequireNone></a></code>
may be combined with each other and with the
- <code class="directive"><a href="#match">Match</a></code>
+ <code class="directive"><a href="#require">Require</a></code>
directive to express complex authorization logic.</p>
<p>The example below expresses the following authorization logic.
@@ -138,34 +134,112 @@
<div class="example"><p><code>
<Directory /www/mydocs>
<span class="indent">
- <MatchAny>
+ <RequireAll>
<span class="indent">
- Match user superadmin<br />
- <MatchAll>
+ <RequireAny>
<span class="indent">
- Match group admins<br />
- Match ldap-group cn=Administrators,o=Airius<br />
- <MatchAny>
+ Require user superadmin<br />
+ <RequireAll>
<span class="indent">
- Match group sales<br />
- Match ldap-attribute dept="sales"
+ Require group admins<br />
+ Require ldap-group cn=Administrators,o=Airius<br />
+ <RequireAny>
+ <span class="indent">
+ Require group sales<br />
+ Require ldap-attribute dept="sales"
+ </span>
+ </RequireAny>
</span>
- </MatchAny>
+ </RequireAll>
</span>
- </MatchAll>
- </span>
- </MatchAny><br />
- <MatchNotAny>
- <span class="indent">
- Match group temps<br />
- Match ldap-group cn=Temporary Employees,o=Airius
+ </RequireAny><br />
+ <RequireNone>
+ <span class="indent">
+ Require group temps<br />
+ Require ldap-group cn=Temporary Employees,o=Airius
+ </span>
+ </RequireNone>
</span>
- </MatchNotAny>
+ </RequireAll>
</span>
</Directory>
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls the manner in which each configuration section's
+authorization logic is combined with that of preceding configuration
+sections.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthMerging Off | And | Or</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthMerging Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+ <p>When authorization is enabled, it is normally inherited by each
+ subsequent <a href="../sections.html#mergin">configuration section</a>,
+ unless a different set of authorization directives are specified.
+ This is the default action, which corresponds to an explicit setting
+ of <code>AuthMerging Off</code>.</p>
+
+ <p>However, there may be circumstances in which is it desirable
+ for a configuration section's authorization to be combined with
+ that of its predecessor while configuration sections are being
+ merged. Two options are available for this case, <code>And</code>
+ and <code>Or</code>.</p>
+
+ <p>When a configuration section contains <code>AuthMerging And</code>
+ or <code>AuthMerging Or</code>,
+ its authorization logic is combined with that of the nearest
+ predecessor (according to the overall order of configuration sections)
+ which also contains authorization logic as if the two sections
+ were jointly contained within a
+ <code class="directive"><a href="#requireall"><RequireAll></a></code> or
+ <code class="directive"><a href="#requireany"><RequireAny></a></code>
+ directive, respectively.</p>
+
+ <div class="note">The setting of <code class="directive">AuthMerging</code> is not
+ inherited outside of the configuration section in which it appears.
+ In the following example, only users belonging to group <code>alpha</code>
+ may access <code>/www/docs</code>. Users belonging to either
+ groups <code>alpha</code> or <code>beta</code> may access
+ <code>/www/docs/ab</code>. However, the default <code>Off</code>
+ setting of <code class="directive">AuthMerging</code> applies to the
+ <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>
+ configuration section for <code>/www/docs/ab/gamma</code>, so
+ that section's authorization directives override those of the
+ preceding sections. Thus only users belong to the group
+ <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
+
+ <div class="example"><p><code>
+ <Directory /www/docs>
+ <span class="indent">
+ AuthType Basic<br />
+ AuthName Documents<br />
+ AuthBasicProvider file<br />
+ AuthUserFile /usr/local/apache/passwd/passwords<br />
+ Require group alpha
+ </span>
+ </Directory><br />
+ <br />
+ <Directory /www/docs/ab>
+ <span class="indent">
+ AuthMerging Or<br />
+ Require group beta
+ </span>
+ </Directory><br />
+ <br />
+ <Directory /www/docs/ab/gamma>
+ <span class="indent">
+ Require group gamma
+ </span>
+ </Directory>
+ </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthzProviderAlias" id="AuthzProviderAlias"><AuthzProviderAlias></a> <a name="authzprovideralias" id="authzprovideralias">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
@@ -186,31 +260,75 @@
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Match" id="Match">Match</a> <a name="match" id="match">Directive</a></h2>
+<div class="directive-section"><h2><a name="Require" id="Require">Require</a> <a name="require" id="require">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Tests whether an authenticated user is authorized by
an authorization provider.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Match [not] <var>entity-name</var>
-[<var>entity-name</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Require [not] <var>entity-name</var>
+ [<var>entity-name</var>] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
</table>
- <p>This directive is similar to the
- <code class="directive"><a href="#require">Require</a></code> directive;
- it tests whether an authenticated user is authorized according to
- a particular authorization provider and the specified restrictions.</p>
-
- <p>Unlike the <code class="directive"><a href="#require">Require</a></code>
- directive, it may be used with and inside authorization container
- directives such as
- <code class="directive"><a href="#matchall"><MatchAll></a></code>.</p>
-
- <p>Furthermore, its result may be negated through the use of the
- <code>not</code> option. As with other negated authorization directives,
- in this case the <code class="directive">Match</code> directive may only
- either fail or return a neutral result, and can therefore never
+ <p>This directive tests whether an authenticated user is authorized
+ according to a particular authorization provider and the specified
+ restrictions. Some of the allowed syntaxes provided by
+ <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> and
+ <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> are:</p>
+
+ <dl>
+ <dt><code>Require user <var>userid</var> [<var>userid</var>]
+ ...</code></dt>
+ <dd>Only the named users can access the resource.</dd>
+
+ <dt><code>Require group <var>group-name</var> [<var>group-name</var>]
+ ...</code></dt>
+ <dd>Only users in the named groups can access the resource.</dd>
+
+ <dt><code>Require valid-user</code></dt>
+ <dd>All valid users can access the resource.</dd>
+ </dl>
+
+ <p>Other authorization modules that implement require options
+ include <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>,
+ <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code>,
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, and
+ <code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code>.</p>
+
+ <p>For a complete authentication and authorization configuration,
+ <code class="directive">Require</code> must be accompanied by
+ <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code>, <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> and
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
+ <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
+ directives, and directives such as
+ <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code>
+ and <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> (to
+ define users and groups) in order to work correctly. Example:</p>
+
+ <div class="example"><p><code>
+ AuthType Basic<br />
+ AuthName "Restricted Resource"<br />
+ AuthBasicProvider file<br />
+ AuthUserFile /web/users<br />
+ AuthGroupFile /web/groups<br />
+ Require group admin
+ </code></p></div>
+
+ <p>Access controls which are applied in this way are effective for
+ <strong>all</strong> methods. <strong>This is what is normally
+ desired.</strong> If you wish to apply access controls only to
+ specific methods, while leaving other methods unprotected, then
+ place the <code class="directive">Require</code> statement into a
+ <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code>
+ section.</p>
+
+ <p>The result of the <code class="directive">Require</code> directive
+ may be negated through the use of the
+ <code>not</code> option. As with the other negated authorization
+ directive <code class="directive"><RequireNone></code>,
+ when the <code class="directive">Require</code> directive is negated it can
+ only fail or return a neutral result, and therefore may never
independently authorize a request.</p>
<p>In the following example, all users in the <code>alpha</code>
@@ -220,59 +338,59 @@
<div class="example"><p><code>
<Directory /www/docs>
<span class="indent">
- Match group alpha beta<br />
- Match not group reject
+ <RequireAll>
+ <span class="indent">
+ Require group alpha beta<br />
+ Require not group reject
+ </span>
+ </RequireAll>
</span>
</Directory>
</code></p></div>
- <p>When multiple <code class="directive">Match</code> directives are
+ <p>When multiple <code class="directive">Require</code> directives are
used in a single
<a href="../sections.html#mergin">configuration section</a>
and are not contained in another authorization directive like
- <code class="directive"><a href="#matchany"><MatchAny></a></code>,
+ <code class="directive"><a href="#requireall"><RequireAll></a></code>,
they are implicitly contained within a
- <code class="directive"><a href="#matchall"><MatchAll></a></code>
- directive. Thus for the user to be authorized, all such
- <code class="directive">Match</code> directives must not fail, and
- at least one must be successful.</p>
-
- <div class="note"><code class="directive">Match</code> directives may not be combined
- with the <code class="directive"><a href="#require">Require</a></code>
- directive.</div>
+ <code class="directive"><a href="#requireany"><RequireAny></a></code>
+ directive. Thus the first one to authorize a user authorizes the
+ entire request, and subsequent <code class="directive">Require</code> directives
+ are ignored.</p>
<h3>See also</h3>
<ul>
-<li><code class="directive"><a href="#require">Require</a></code></li>
-<li><a href="#logic">Authorization Containers</a></li>
<li><a href="../howto/auth.html">Authentication, Authorization,
and Access Control</a></li>
+<li><a href="#logic">Authorization Containers</a></li>
+<li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>
+<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MatchAll" id="MatchAll"><MatchAll></a> <a name="matchall" id="matchall">Directive</a></h2>
+<div class="directive-section"><h2><a name="RequireAll" id="RequireAll"><RequireAll></a> <a name="requireall" id="requireall">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which none
must fail and at least one must succeed for the enclosing directive to
succeed.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><MatchAll>
-... </MatchAll></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><RequireAll> ... </RequireAll></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
</table>
- <p><code class="directive"><MatchAll></code> and
- <code></MatchAll></code> are used to enclose a group of
+ <p><code class="directive"><RequireAll></code> and
+ <code></RequireAll></code> are used to enclose a group of
authorization directives of which none must fail and at least one
must succeed in order for
- the <code class="directive"><MatchAll></code> directive to
+ the <code class="directive"><RequireAll></code> directive to
succeed.</p>
<p>If none of the directives contained within the
- <code class="directive"><MatchAll></code> directive fails,
+ <code class="directive"><RequireAll></code> directive fails,
and at least one succeeds, then the
- <code class="directive"><MatchAll></code> directive
+ <code class="directive"><RequireAll></code> directive
succeeds. If none succeed and none fail, then it returns a
neutral result. In all other cases, it fails.</p>
@@ -284,36 +402,35 @@
</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MatchAny" id="MatchAny"><MatchAny></a> <a name="matchany" id="matchany">Directive</a></h2>
+<div class="directive-section"><h2><a name="RequireAny" id="RequireAny"><RequireAny></a> <a name="requireany" id="requireany">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which one
must succeed for the enclosing directive to succeed.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><MatchAny>
-... </MatchAny></code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><RequireAny> ... </RequireAny></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
</table>
- <p><code class="directive"><MatchAny></code> and
- <code></MatchAny></code> are used to enclose a group of
+ <p><code class="directive"><RequireAny></code> and
+ <code></RequireAny></code> are used to enclose a group of
authorization directives of which one must succeed in order for
- the <code class="directive"><MatchAny></code> directive to
+ the <code class="directive"><RequireAny></code> directive to
succeed.</p>
<p>If one or more of the directives contained within the
- <code class="directive"><MatchAny></code> directive succeed,
- then the <code class="directive"><MatchAny></code> directive
+ <code class="directive"><RequireAny></code> directive succeed,
+ then the <code class="directive"><RequireAny></code> directive
succeeds. If none succeed and none fail, then it returns a
neutral result. In all other cases, it fails.</p>
<div class="note">Because negated authorization directives are unable to
return a successful result, they can not significantly influence
- the result of a <code class="directive"><MatchAny></code>
+ the result of a <code class="directive"><RequireAny></code>
directive. (At most they could cause the directive to fail in
the case where they failed and all other directives returned a
neutral value.) Therefore negated authorization directives
- are not permitted within a <code class="directive"><MatchAny></code>
+ are not permitted within a <code class="directive"><RequireAny></code>
directive.</div>
<h3>See also</h3>
@@ -324,76 +441,39 @@
</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MatchNotAll" id="MatchNotAll"><MatchNotAll></a> <a name="matchnotall" id="matchnotall">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which some
-must fail or none must succeed for the enclosing directive to
-not fail.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><MatchNotAll>
-... </MatchNotAll></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
- <p><code class="directive"><MatchNotAll></code> and
- <code></MatchNotAll></code> are used to enclose a group of
- authorization directives of which some must fail or none must succeed
- in order for the
- <code class="directive"><MatchNotAll></code> directive to
- not fail.</p>
-
- <p>If none of the directives contained within the
- <code class="directive"><MatchNotAll></code> directive
- fail, and one or more succeed, then the
- <code class="directive"><MatchNotAll></code> directive fails.
- In all other cases, it returns a neutral result. Thus as with
- the other negated authorization directives, it can never independently
- authorize a request because it can never return a successful result.
- It can be used, however, to restrict the set of users who are
- authorized to access a resource.</p>
-
-<h3>See also</h3>
-<ul>
-<li><a href="#logic">Authorization Containers</a></li>
-<li><a href="../howto/auth.html">Authentication, Authorization,
- and Access Control</a></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MatchNotAny" id="MatchNotAny"><MatchNotAny></a> <a name="matchnotany" id="matchnotany">Directive</a></h2>
+<div class="directive-section"><h2><a name="RequireNone" id="RequireNone"><RequireNone></a> <a name="requirenone" id="requirenone">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which none
-none must succeed for the enclosing directive to not fail.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><MatchNotAny>
-... </MatchNotAny></code></td></tr>
+must succeed for the enclosing directive to not fail.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code><RequireNone> ... </RequireNone></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
</table>
- <p><code class="directive"><MatchNotAny></code> and
- <code></MatchNotAny></code> are used to enclose a group of
+ <p><code class="directive"><RequireNone></code> and
+ <code></RequireNone></code> are used to enclose a group of
authorization directives of which none must succeed
in order for the
- <code class="directive"><MatchNotAny></code> directive to
+ <code class="directive"><RequireNone></code> directive to
not fail.</p>
<p>If one or more of the directives contained within the
- <code class="directive"><MatchNotAny></code> directive succeed,
- then the <code class="directive"><MatchNotAny></code> directive
+ <code class="directive"><RequireNone></code> directive succeed,
+ then the <code class="directive"><RequireNone></code> directive
fails. In all other cases, it returns a neutral result. Thus as with
- the other negated authorization directives, it can never independently
+ the other negated authorization directive <code>Require not</code>,
+ it can never independently
authorize a request because it can never return a successful result.
It can be used, however, to restrict the set of users who are
authorized to access a resource.</p>
<div class="note">Because negated authorization directives are unable to
return a successful result, they can not significantly influence
- the result of a <code class="directive"><MatchNotAny></code>
+ the result of a <code class="directive"><RequireNone></code>
directive. Therefore negated authorization directives
are not permitted within a
- <code class="directive"><MatchNotAny></code> directive.</div>
+ <code class="directive"><RequireNone></code> directive.</div>
<h3>See also</h3>
<ul>
@@ -402,164 +482,6 @@
and Access Control</a></li>
</ul>
</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="MergeAuthz" id="MergeAuthz">MergeAuthz</a> <a name="mergeauthz" id="mergeauthz">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls the manner in which each configuration section's
-authorization logic is combined with that of preceding configuration
-sections.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MergeAuthz Off | MatchAll | MatchAny</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MergeAuthz Off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
- <p>When authorization is enabled, it is normally inherited by each
- subsequent <a href="../sections.html#mergin">configuration section</a>,
- unless a different set of authorization directives are specified.
- This is the default action, which corresponds to an explicit setting
- of <code>MergeAuthz Off</code>.</p>
-
- <p>However, there may be circumstances in which is it desirable
- for a configuration section's authorization to be combined with
- that of its predecessor while configuration sections are being
- merged. Two options are available for this case, <code>MatchAll</code>
- and <code>MatchAny</code>.</p>
-
- <p>When a configuration section contains <code>AuthzMerge MatchAll</code>
- or <code>AuthzMerge MatchAny</code>,
- its authorization logic is combined with that of the nearest
- predecessor (according to the overall order of configuration sections)
- which also contains authorization logic as if the two sections
- were jointly contained within a
- <code class="directive"><a href="#matchall"><MatchAll></a></code> or
- <code class="directive"><a href="#matchany"><MatchAny></a></code>
- directive, respectively.</p>
-
- <div class="note">The setting of <code class="directive">AuthzMerge</code> is not
- inherited outside of the configuration section in which it appears.
- In the following example, only users belonging to group <code>alpha</code>
- may access <code>/www/docs</code>. Users belonging to either
- groups <code>alpha</code> or <code>beta</code> may access
- <code>/www/docs/ab</code>. However, the default <code>Off</code>
- setting of <code class="directive">AuthzMerge</code> applies to the
- <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>
- configuration section for <code>/www/docs/ab/gamma</code>, so
- that section's authorization directives override those of the
- preceding sections. Thus only users belong to the group
- <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
-
- <div class="example"><p><code>
- <Directory /www/docs>
- <span class="indent">
- AuthType Basic<br />
- AuthName Documents<br />
- AuthBasicProvider file<br />
- AuthUserFile /usr/local/apache/passwd/passwords<br />
- Match group alpha
- </span>
- </Directory><br />
- <br />
- <Directory /www/docs/ab>
- <span class="indent">
- AuthzMerge MatchAny<br />
- Match group beta
- </span>
- </Directory><br />
- <br />
- <Directory /www/docs/ab/gamma>
- <span class="indent">
- Match group gamma
- </span>
- </Directory>
- </code></p></div>
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Require" id="Require">Require</a> <a name="require" id="require">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Tests whether an authenticated user is authorized by
-an authorization provider.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Require <var>entity-name</var> [<var>entity-name</var>] ...</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
- <p>This directive tests whether an authenticated user is authorized
- according to a particular authorization provider and the specified
- restrictions. Some of the allowed syntaxes provided by
- <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> and
- <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> are:</p>
-
- <dl>
- <dt><code>Require user <var>userid</var> [<var>userid</var>]
- ...</code></dt>
- <dd>Only the named users can access the resource.</dd>
-
- <dt><code>Require group <var>group-name</var> [<var>group-name</var>]
- ...</code></dt>
- <dd>Only users in the named groups can access the resource.</dd>
-
- <dt><code>Require valid-user</code></dt>
- <dd>All valid users can access the resource.</dd>
- </dl>
-
- <p>Other authorization modules that implement require options
- include <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>,
- <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code>,
- <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>, and
- <code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code>.</p>
-
- <p>For a complete authentication and authorization configuration,
- <code class="directive">Require</code> must be accompanied by
- <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code>, <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> and
- <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
- <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
- directives, and directives such as
- <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code>
- and <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> (to
- define users and groups) in order to work correctly. Example:</p>
-
- <div class="example"><p><code>
- AuthType Basic<br />
- AuthName "Restricted Resource"<br />
- AuthBasicProvider file<br />
- AuthUserFile /web/users<br />
- AuthGroupFile /web/groups<br />
- Require group admin
- </code></p></div>
-
- <p>Access controls which are applied in this way are effective for
- <strong>all</strong> methods. <strong>This is what is normally
- desired.</strong> If you wish to apply access controls only to
- specific methods, while leaving other methods unprotected, then
- place the <code class="directive">Require</code> statement into a
- <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code>
- section.</p>
-
- <p>When multiple <code class="directive">Require</code> directives are
- used in a single
- <a href="../sections.html#mergin">configuration section</a>,
- the first one to authorize a user authorizes the entire request,
- and subsequent <code class="directive">Require</code> directives are
- ignored. In other words, all <code class="directive">Require</code> directives
- are enclosed in an implied <code class="directive"><a href="#matchany"><MatchAny></a></code> directive.</p>
-
- <div class="note"><code class="directive">Require</code> directives may not be combined
- with the <code class="directive"><a href="#match">Match</a></code> directive
- or any authorization container directives, such as
- <code class="directive"><a href="#matchall"><MatchAll></a></code>.</div>
-
-<h3>See also</h3>
-<ul>
-<li><a href="../howto/auth.html">Authentication, Authorization,
- and Access Control</a></li>
-<li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>
-<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
-</ul>
-</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_authz_core.html" title="English"> en </a></p>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bybusyness.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bybusyness.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bybusyness.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bybusyness.html.en Fri Dec 19 12:01:21 2008
@@ -30,6 +30,7 @@
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Split off from <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> in 2.3</td></tr></table>
<h3>Summary</h3>
+ This document is still under development.
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<p>This module provides no
Modified: httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_byrequests.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_byrequests.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_byrequests.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_byrequests.html.en Fri Dec 19 12:01:21 2008
@@ -30,6 +30,7 @@
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Split off from <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> in 2.3</td></tr></table>
<h3>Summary</h3>
+ This document is still under development.
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<p>This module provides no
Modified: httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bytraffic.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bytraffic.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bytraffic.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_lbmethod_bytraffic.html.en Fri Dec 19 12:01:21 2008
@@ -30,6 +30,7 @@
<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Split off from <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> in 2.3</td></tr></table>
<h3>Summary</h3>
+ This document is still under development.
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<p>This module provides no
Modified: httpd/httpd/trunk/docs/manual/mod/mod_negotiation.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_negotiation.xml.meta?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_negotiation.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_negotiation.xml.meta Fri Dec 19 12:01:21 2008
@@ -8,6 +8,6 @@
<variants>
<variant>en</variant>
- <variant outdated="yes">ja</variant>
+ <variant>ja</variant>
</variants>
</metafile>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_privileges.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_privileges.html.en?rev=728127&r1=728126&r2=728127&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_privileges.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_privileges.html.en Fri Dec 19 12:01:21 2008
@@ -66,8 +66,98 @@
<li><img alt="" src="../images/down.gif" /> <a href="#vhostsecure">VHostSecure</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#vhostuser">VHostUser</a></li>
</ul>
-</div>
+<h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
+</ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="security" id="security">Security Considerations</a></h2>
+<p>There are three principal security concerns with mod_privileges:</p>
+<ul><li>Running as a system user introduces the same security issues
+ as mod_suexec, and near-equivalents such as cgiwrap and suphp.</li>
+<li>A privileges-aware malicious user extension (module or script)
+ could escalate its privileges to anything available to the
+ httpd process in any virtual host.</li>
+<li>A privileges-aware malicious user extension (module or script)
+ could escalate privileges to set its user ID to another
+ system user (and/or group).</li>
+</ul>
+
+<p>The first is amply discussed in the suexec page and elsewhere, and
+doesn't need repeating here. The second and third boil down to one
+principle: ensure no untrusted privileges-aware code can be loaded.
+</p>
+
+<p>There are several ways privileges-aware code could be loaded into Apache:</p>
+<ul>
+<li>within the base system (e.g. mod_privileges itself if statically linked).</li>
+<li>Loaded at startup using a LoadModule or LoadFile directive.</li>
+<li>Loaded at startup indirectly by an application module such as mod_php.</li>
+<li>Loaded at runtime by an application module or script.</li>
+</ul>
+
+<p>What gets loaded at startup is under the control of the sysop, and
+relatively easy to deal with. A tool will be provided to audit your
+installation. That leaves code loaded in the course of processing a
+request as the threat. There is unfortunately no generic way apache
+can control what a script running under an application module can load,
+so you should use the security provided by your scripting module
+and language.</p>
+
+<h3>Security with mod_php</h3>
+
+<p>There is no known PHP extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-PHP) privileges-aware code. However, you should
+nevertheless audit your mod_php installation.</p>
+
+<p>To prevent scripts loading privileges-aware code, PHP's dl() function
+should be disabled. This is automatic in safe mode.</p>
+
+
+
+<h3>Security with mod_perl</h3>
+
+<p>Perl has an extension Sun::Solaris::Privileges that exposes the privileges
+API to scripts. You should ensure this extension is NOT installed if you
+have untrusted users.</p>
+<p>You will also need to ensure that your users cannot load shared objects
+(including PerlXS) from their own user directories, or that if this is
+enabled, the entire user-space must be carefully audited.</p>
+
+
+<h3>Security with mod_python</h3>
+
+<p>There is no known Python extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-Python) privileges-aware code. However, you should
+nevertheless audit your mod_ruby installation.</p>
+
+<p>*** What are the issues of Python loading a shared object?</p>
+
+
+<h3>Security with mod_ruby</h3>
+
+<p>There is no known Ruby extension supporting Solaris privileges, so it
+is unlikely that a script could escalate privileges unless it can
+load external (non-Ruby) privileges-aware code. However, you should
+nevertheless audit your mod_ruby installation.</p>
+
+<p>*** What are the issues of Ruby loading a shared object?</p>
+
+
+<h3>Security with Lua/mod_wombat</h3>
+
+<p>???</p>
+
+<h3>Security with scripts</h3>
+<p>The security issues of mod_privileges do not affect scripts such as
+traditional CGI, which run in a separate process. That includes
+PHP, Perl, Python, Ruby, etc, run out-of-process.</p>
+
+</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DTracePrivileges" id="DTracePrivileges">DTracePrivileges</a> <a name="dtraceprivileges" id="dtraceprivileges">Directive</a></h2>
<table class="directive">