From: Daniel Gruno Date: Fri, 20 Jul 2012 12:52:22 +0000 (+0000) Subject: Some more backports of information from trunk that applies to 2.2 as well. X-Git-Tag: 2.2.23~109 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d3aaaae817c539eeb9ab36e1479b4c525eac3d1;p=thirdparty%2Fapache%2Fhttpd.git Some more backports of information from trunk that applies to 2.2 as well. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1363757 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/howto/auth.xml b/docs/manual/howto/auth.xml index 39054ec1a94..511e6bf5459 100644 --- a/docs/manual/howto/auth.xml +++ b/docs/manual/howto/auth.xml @@ -23,13 +23,16 @@ How-To / Tutorials -Authentication, Authorization and Access Control +Authentication and Authorization

Authentication is any process by which you verify that someone is who they claim they are. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.

+ +

For general access control, see the Access + Control How-To.
Getting it working @@ -192,7 +205,7 @@ module from each group.

# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
- Require user rbowen +Require user rbowen

Let's examine each of those directives individually. The >mod_auth_digest and is much more secure. Most recent browsers support Digest authentication.

-

The AuthName directive sets +

The AuthName directive sets the Realm to be used in the authentication. The realm serves two major functions. First, the client often presents this information to the user as part of the password dialog box. Second, it is used by the @@ -247,7 +260,7 @@ module from each group.

href="http://modules.apache.org/">Apache Modules Database.

-

Finally, the Require +

Finally, the Require directive provides the authorization part of the process by setting the user that is allowed to access this region of the server. In the next section, we discuss various ways to use the @@ -327,7 +340,7 @@ person in AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
- Require group GroupName +Require group GroupName

Now, anyone that is listed in the group GroupName, @@ -394,7 +407,7 @@ person in AuthBasicProvider dbm
AuthDBMUserFile /www/passwords/passwd.dbm
Require valid-user
- </Directory> +</Directory>

Other options are available. Consult the diff --git a/docs/manual/howto/cgi.xml b/docs/manual/howto/cgi.xml index 32140322cba..60b58c3cbcb 100644 --- a/docs/manual/howto/cgi.xml +++ b/docs/manual/howto/cgi.xml @@ -57,10 +57,21 @@ need to have Apache configured to permit CGI execution. There are several ways to do this.

+ Note: If Apache has been built with shared module + support you need to ensure that the module is loaded; in your + httpd.conf you need to make sure the + LoadModule + directive has not been commented out. A correctly configured directive + may look like this: + + + LoadModule cgi_module modules/mod_cgi.so + +
ScriptAlias -

The +

The ScriptAlias directive tells Apache that a particular directory is set @@ -95,7 +106,7 @@

For example, if the URL http://www.example.com/cgi-bin/test.pl - is requested, Apache will attempt to execute the file + is requested, Apache will attempt to execute the file /usr/local/apache2/cgi-bin/test.pl and return the output. Of course, the file will have to exist, and be executable, and return output in a particular @@ -111,7 +122,7 @@ use CGI programs. However, if the proper security precautions are taken, there is no reason why CGI programs cannot be run from arbitrary directories. For example, you may wish to let users - have web content in their home directories with the + have web content in their home directories with the UserDir directive. If they want to have their own CGI programs, but don't have access to the main cgi-bin directory, they will need to be able to @@ -123,7 +134,7 @@ module="mod_mime">AddHandler or SetHandler directive. Second, ExecCGI must be specified in the Options directive.

+ module="core">Options directive.

@@ -139,7 +150,7 @@ Options +ExecCGI
 - </Directory> +</Directory>

The above directive tells Apache to permit the execution @@ -175,7 +186,7 @@ Options +ExecCGI
AddHandler cgi-script .cgi
- </Directory> +</Directory>

If you wish designate a cgi-bin subdirectory of @@ -188,7 +199,7 @@ Options ExecCGI
SetHandler cgi-script
- </Directory> +</Directory>

@@ -224,13 +235,13 @@

The following is an example CGI program that prints one line to your browser. Type in the following, save it to a - file called first.pl, and put it in your + file called first.pl, and put it in your cgi-bin directory.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
- print "Hello, World."; +print "Hello, World.";

Even if you are not familiar with Perl, you should be able @@ -252,7 +263,7 @@ http://www.example.com/cgi-bin/first.pl -

or wherever you put your file, you will see the one line +

or wherever you put your file, you will see the one line Hello, World. appear in your browser window. It's not very exciting, but once you get that working, you'll have a good chance of getting just about anything working.

@@ -274,7 +285,7 @@
The source code of your CGI program or a "POST Method Not Allowed" message
That means that you have not properly configured Apache - to process your CGI program. Reread the section on + to process your CGI program. Reread the section on configuring Apache and try to find what you missed.
@@ -284,7 +295,7 @@ file permissions.
A message saying "Internal Server Error"
-
If you check the +
If you check the Apache error log, you will probably find that it says "Premature end of script headers", possibly along with an error message @@ -341,11 +352,6 @@

Make sure that this is in fact the path to the interpreter.

- -

In addition, if your CGI program depends on other environment variables, you will need to - assure that those variables are passed by Apache.

- When editing CGI scripts on Windows, end-of-line characters may be appended to the interpreter path. Ensure that files are then @@ -354,6 +360,21 @@ unrecognized end-of-line character being interpreted as a part of the interpreter filename. +
+ +
+ Missing environment variables + +

If your CGI program depends on non-standard environment variables, you will need to + assure that those variables are passed by Apache.

+ +

When you miss HTTP headers from the environment, make + sure they are formatted according to + RFC 2616, + section 4.2: Header names must start with a letter, + followed only by letters, numbers or hyphen. Any header + violating this rule will be dropped silently.

@@ -441,7 +462,7 @@ (where the computer searches for the actual file implementing a command when you type it), your username, your terminal type, and so on. For a full list of your normal, - every day environment variables, type + every day environment variables, type env at a command prompt.

During the CGI transaction, the server and the browser @@ -458,13 +479,13 @@

This simple Perl CGI program will display all of the environment variables that are being passed around. Two - similar programs are included in the + similar programs are included in the cgi-bin directory of the Apache distribution. Note that some variables are required, while others are optional, so you may see some variables listed that were not in the official list. - In addition, Apache provides many different ways for you to + In addition, Apache provides many different ways for you to add your own environment variables to the basic ones provided by default.

@@ -475,7 +496,7 @@ print "$key --> $ENV{$key}<br>";
 - } +} @@ -484,10 +505,10 @@

Other communication between the server and the client happens over standard input (STDIN) and standard - output (STDOUT). In normal everyday context, - STDIN means the keyboard, or a file that a + output (STDOUT). In normal everyday context, + STDIN means the keyboard, or a file that a program is given to act on, and STDOUT - usually means the console or screen.

+ usually means the console or screen.

When you POST a web form to a CGI program, the data in that form is bundled up into a special format @@ -509,10 +530,10 @@

You'll sometimes also see this type of string appended to a URL. When that is done, the server puts that string - into the environment variable called + into the environment variable called QUERY_STRING. That's called a GET request. Your HTML form specifies whether a GET - or a POST is used to deliver the data, by setting the + or a POST is used to deliver the data, by setting the METHOD attribute in the FORM tag.

Your program is then responsible for splitting that string @@ -536,7 +557,7 @@ set of functionality, which is all you need in most programs.

If you're writing CGI programs in C, there are a variety of - options. One of these is the CGIC library, from + options. One of these is the CGIC library, from http://www.boutell.com/cgic/.