From: Rich Bowen <rbowen@apache.org>
Date: Wed, 29 Apr 2026 20:39:00 +0000 (+0000)
Subject: mod_ssl: Update StrictRequire docs — replace legacy Satisfy references with RequireAn... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a15f61b977c44aa49eb41e4cba3e3f4cf79be0b;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Update StrictRequire docs — replace legacy Satisfy references with RequireAny (Bug 65252)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933555 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 6f18dc391c..1bb4f9b5b5 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1627,17 +1627,18 @@ The available <var>option</var>s are:</p>
 </li>
 <li><code>StrictRequire</code>
     <p>
-    This <em>forces</em> forbidden access when <directive module="mod_ssl">SSLRequireSSL</directive> or
-    <directive module="mod_ssl">SSLRequire</directive> successfully decided that access should be
-    forbidden. Usually the default is that in the case where a ``<code>Satisfy
-    any</code>'' directive is used, and other access restrictions are passed,
-    denial of access due to <code>SSLRequireSSL</code> or
-    <code>SSLRequire</code> is overridden (because that's how the Apache
-    <code>Satisfy</code> mechanism should work.) But for strict access restriction
-    you can use <code>SSLRequireSSL</code> and/or <code>SSLRequire</code> in
-    combination with an ``<code>SSLOptions +StrictRequire</code>''. Then an
-    additional ``<code>Satisfy Any</code>'' has no chance once mod_ssl has
-    decided to deny access.</p>
+    This <em>forces</em> forbidden access when
+    <directive module="mod_ssl">SSLRequireSSL</directive> or
+    <directive module="mod_ssl">SSLRequire</directive> has decided
+    that access should be denied. Without
+    <code>StrictRequire</code>, it is possible for other
+    authorization directives (such as <directive module="mod_authz_core"
+    type="section">RequireAny</directive>) to override the SSL
+    access denial and grant access anyway. With
+    <code>SSLOptions +StrictRequire</code>, the denial by
+    <code>SSLRequireSSL</code> or <code>SSLRequire</code> is
+    enforced unconditionally, regardless of other authorization
+    settings.</p>
 </li>
 <li><code>OptRenegotiate</code>
     <p>