you can specify just part of an address or domain name:</p>
<example>
- <RequireAll><br />
+ <SatisfyAll><br />
Reject ip <var>192.101.205</var><br />
Reject host <var>cyberthugs.com</var> <var>moreidiots.com</var><br />
Reject host ke<br />
- </RequireAll>
+ </SatisfyAll>
</example>
<p>Using the <directive module="mod_authz_host">Reject</directive> directive
- inside of a <directive module="mod_authz_core"><RequireAll></directive>
+ inside of a <directive module="mod_authz_core"><SatisfyAll></directive>
block, will let you be sure that you are actually restricting things to
only the group that you want to let in.</p>
<p>The above example uses the <directive module="mod_authz_core">
- <RequireAll></directive> block to make sure that all of the
+ <SatisfyAll></directive> block to make sure that all of the
<directive module="mod_authz_host">Reject</directive> directives are
satisfied before granting access. The <directive module="mod_authz_core">
- <RequireAll></directive> block as well as the
- <directive module="mod_authz_core"><RequireOne></directive> block
+ <SatisfyAll></directive> block as well as the
+ <directive module="mod_authz_core"><SatisfyOne></directive> block
allow you to apply "AND" and "OR" logic to the authorization processing.
For example the following authorization block would apply the logic:</p>
AuthBasicProvider ...<br />
...<br />
Require user John<br />
- <RequireAll><br />
+ <SatisfyAll><br />
Require Group admins<br />
Require ldap-group cn=mygroup,o=foo<br />
- <RequireOne><br />
+ <SatisfyOne><br />
Require ldap-attribute dept="sales"<br />
Require file-group<br />
- </RequireOne><br />
- </RequireAll><br />
+ </SatisfyOne><br />
+ </SatisfyAll><br />
</Directory><br />
</example>
</directivesynopsis>\r
\r
<directivesynopsis type="section">\r
-<name>RequireAll</name>\r
+<name>SatisfyAll</name>\r
<description>Enclose a group of authorization directives that must all\r
be satisfied in order to grant access to a resource. This block allows\r
for 'AND' logic to be applied to various authorization providers.</description>\r
-<syntax><RequireAll>\r
-... </RequireAll></syntax>\r
+<syntax><SatisfyAll>\r
+... </SatisfyAll></syntax>\r
<contextlist><context>directory</context><context>.htaccess</context>\r
</contextlist>\r
<override>AuthConfig</override>\r
\r
<usage>\r
- <p><directive type="section">RequireAll</directive> and\r
- <code></RequireAll></code> are used to enclose a group of\r
+ <p><directive type="section">SatisfyAll</directive> and\r
+ <code></SatisfyAll></code> are used to enclose a group of\r
authorization directives that must all be satisfied in order to \r
grant access to a resource.</p>\r
\r
<p>The <directive module="mod_authz_core">\r
- <RequireAll></directive> block as well as the \r
- <directive module="mod_authz_core"><RequireOne></directive> block \r
+ <SatisfyAll></directive> block as well as the \r
+ <directive module="mod_authz_core"><SatisfyOne></directive> block \r
allow you to apply "AND" and "OR" logic to the authorization processing. \r
For example the following authorization block would apply the logic:</p>\r
\r
AuthBasicProvider ...<br />\r
...<br />\r
Require user John<br />\r
- <RequireAll><br />\r
+ <SatisfyAll><br />\r
Require Group admins<br />\r
Require ldap-group cn=mygroup,o=foo<br />\r
- <RequireOne><br />\r
+ <SatisfyOne><br />\r
Require ldap-attribute dept="sales"<br />\r
Require file-group<br />\r
- </RequireOne><br />\r
- </RequireAll><br />\r
+ </SatisfyOne><br />\r
+ </SatisfyAll><br />\r
</Directory><br />\r
</example>\r
\r
</directivesynopsis>\r
\r
<directivesynopsis type="section">\r
-<name>RequireOne</name>\r
+<name>SatisfyOne</name>\r
<description>Enclose a group of authorization directives that must \r
satisfy at least one in order to grant access to a resource. This \r
block allows for 'OR' logic to be applied to various authorization \r
providers.</description>\r
-<syntax><RequireOne>\r
-... </RequireOne></syntax>\r
+<syntax><SatisfyOne>\r
+... </SatisfyOne></syntax>\r
<contextlist><context>directory</context><context>.htaccess</context>\r
</contextlist>\r
<override>AuthConfig</override>\r
\r
<usage>\r
- <p><directive type="section">RequireOne</directive> and\r
- <code></RequireOne></code> are used to enclose a group of\r
+ <p><directive type="section">SatisfyOne</directive> and\r
+ <code></SatisfyOne></code> are used to enclose a group of\r
authorization directives that must satisfy at least one in order to \r
grant access to a resource.</p>\r
\r
<p>See the <directive module="mod_authz_core">\r
- <RequireAll></directive> directive for a usage example.</p>\r
+ <SatisfyAll></directive> directive for a usage example.</p>\r
\r
</usage>\r
\r
is even necessary. This was used in authn to support
authn_alias. Is there a need for an authz_alias?
X- Remove the Satisfy directive functionality and replace it with the
- <RequireAll>, <RequireOne> directives
+ <SatisfyAll>, <SatisfyOne> directives
X- Remove the Satisfy directive
-X- Implement the <RequireAll> <RequireOne> block directives
+X- Implement the <SatisfyAll> <SatisfyOne> block directives
to handle the 'and' and 'or' logic for authorization.
X- Remove the AuthzXXXAuthoritative directives from all of
the authz providers
X- Implement the Reject directive that will deny authorization
if the argument is true
-X- Fold the Reject directive into the <RequireAll> <RequireOne>
+X- Fold the Reject directive into the <SatisfyAll> <SatisfyOne>
logic
X- Reimplement the host based authorization 'allow', 'deny'
and 'order' as authz providers
the req_state and the level will allow it to traverse the list to find
the last element in the provider calling list. */
old_reqstate = conf->req_state;
- if (strcasecmp (cmd->directive->directive, "<RequireAll") == 0) {
+ if (strcasecmp (cmd->directive->directive, "<SatisfyAll") == 0) {
conf->req_state = AUTHZ_REQSTATE_ALL;
}
else {
AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
"Container for authorization directives grouped under "
"an authz provider alias"),
- AP_INIT_RAW_ARGS("<RequireAll", authz_require_section, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("<SatisfyAll", authz_require_section, NULL, OR_AUTHCFG,
"Container for grouping require statements that must all "
"succeed for authorization to be granted"),
- AP_INIT_RAW_ARGS("<RequireOne", authz_require_section, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("<SatisfyOne", authz_require_section, NULL, OR_AUTHCFG,
"Container for grouping require statements of which one "
"must succeed for authorization to be granted"),
{NULL}
projects / thirdparty / apache / httpd.git / commitdiff
