<p>Here are some examples of old and new ways to do the same
access control.</p>
- <p>In this example, all requests are denied.</p>
+ <p>In this example, there is no authentication and all requests are denied.</p>
<example>
<title>2.2 configuration:</title>
<highlight language="config">
</highlight>
</example>
- <p>In this example, all requests are allowed.</p>
+ <p>In this example, there is no authentication and all requests are allowed.</p>
<example>
<title>2.2 configuration:</title>
<highlight language="config">
</highlight>
</example>
- <p>In the following example, all hosts in the example.org domain
+ <p>In the following example, there is no authentication and all hosts in the example.org domain
are allowed access; all other hosts are denied access.</p>
<example>
</p>
</section>
+ <p>In many configurations with authentication, where the value of the
+ <directive>Satisfy</directive> was the default of <em>ALL</em>, snippets
+ that simply disabled host-based access control are omitted:</p>
+
+ <example>
+ <title>2.2 configuration:</title>
+ <highlight language="config">
+Order Deny,Allow
+Deny from all
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user
+ </highlight>
+ </example>
+ <example>
+ <title>2.4 configuration:</title>
+ <highlight language="config">
+# No replacement needed
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user
+ </highlight>
+ </example>
+
+ <p>In configurations where both authentication and access control were meaningfully combined, the
+ access control directives should be migrated. This example allows requests meeting <em>both</em> criteria:</p>
+ <example>
+ <title>2.2 configuration:</title>
+ <highlight language="config">
+Order allow,deny
+Deny from all
+# Satisfy ALL is the default
+Satisfy ALL
+Allow from 127.0.0.1
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user
+ </highlight>
+ </example>
+ <example>
+ <title>2.4 configuration:</title>
+ <highlight language="config">
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+<RequireAll>
+ Require valid-user
+ require ip 127.0.0.1
+</RequireAll>
+ </highlight>
+ </example>
+
+ <p>In configurations where both authentication and access control were meaningfully combined, the
+ access control directives should be migrated. This example allows requests meeting <em>either</em> criteria:</p>
+ <example>
+ <title>2.2 configuration:</title>
+ <highlight language="config">
+Order allow,deny
+Deny from all
+Satisfy any
+Allow from 127.0.0.1
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user
+ </highlight>
+ </example>
+ <example>
+ <title>2.4 configuration:</title>
+ <highlight language="config">
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+# Implicitly <RequireAny>
+Require valid-user
+Require ip 127.0.0.1
+ </highlight>
+ </example>
+
</section>
<section id="config">
projects / thirdparty / apache / httpd.git / commitdiff
