From: Rich Bowen Date: Thu, 26 Apr 2012 14:57:35 +0000 (+0000) Subject: Rebuild Humbedooh's changes. X-Git-Tag: 2.5.0-alpha~7011 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e5d9d52e1b8e219329c84eea0313d14b7fd5a5c;p=thirdparty%2Fapache%2Fhttpd.git Rebuild Humbedooh's changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1330892 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/bind.html.en b/docs/manual/bind.html.en index 281f1399da6..7999aec41ab 100644 --- a/docs/manual/bind.html.en +++ b/docs/manual/bind.html.en @@ -68,25 +68,28 @@

For example, to make the server accept connections on both port 80 and port 8000, on all interfaces, use:

-

- Listen 80
- Listen 8000 -

+ 
+Listen 80
+Listen 8000
+
+

To make the server accept connections on port 80 for one interface, and port 8000 on another, use

-

- Listen 192.0.2.1:80
- Listen 192.0.2.5:8000 -

+ 
+Listen 192.0.2.1:80
+Listen 192.0.2.5:8000
+
+

IPv6 addresses must be enclosed in square brackets, as in the following example:

-

+ 

       Listen [2001:db8::a00:20ff:fea7:ccea]:80
-
+ +

Overlapping Listen directives will result in a fatal error which will prevent the server from starting up.

@@ -131,10 +134,11 @@ Listen directives, as in the following examples:

-

- Listen 0.0.0.0:80
- Listen 192.0.2.1:80 -

+ 
+Listen 0.0.0.0:80
+Listen 192.0.2.1:80
+
+

If your platform supports it and you want httpd to handle IPv4 and IPv6 connections on separate sockets (i.e., to disable IPv4-mapped @@ -156,9 +160,10 @@

You only need to set the protocol if you are running on non-standard ports. For example, running an https site on port 8443:

-

+ 

       Listen 192.170.2.1:8443 https
-
+ +
top

How This Works With Virtual Hosts

diff --git a/docs/manual/bind.html.fr b/docs/manual/bind.html.fr index 86bf0e79d05..b48b646a074 100644 --- a/docs/manual/bind.html.fr +++ b/docs/manual/bind.html.fr @@ -28,6 +28,8 @@  ko  |  tr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.

Configuration du serveur HTTP Apache pour l'écoute sur un port et une adresse IP spécifiques.

diff --git a/docs/manual/bind.html.tr.utf8 b/docs/manual/bind.html.tr.utf8 index 0eb91ac593d..961e0b37be9 100644 --- a/docs/manual/bind.html.tr.utf8 +++ b/docs/manual/bind.html.tr.utf8 @@ -28,6 +28,7 @@  ko  |  tr 

+
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

Apache HTTPD sunucusunun belli adresleri ve portları dinlemek üzere yapılandırılması.

diff --git a/docs/manual/bind.xml.de b/docs/manual/bind.xml.de index 4eef8998d6b..f4b34a7faa0 100644 --- a/docs/manual/bind.xml.de +++ b/docs/manual/bind.xml.de @@ -1,7 +1,7 @@ - + - + + + + - + + + + diff --git a/docs/manual/custom-error.xml.ja b/docs/manual/custom-error.xml.ja index cd28ce8eb6d..ffefc68cc46 100644 --- a/docs/manual/custom-error.xml.ja +++ b/docs/manual/custom-error.xml.ja @@ -1,7 +1,7 @@ - + + + + diff --git a/docs/manual/env.xml.ja b/docs/manual/env.xml.ja index 7f055439e67..b47a6054320 100644 --- a/docs/manual/env.xml.ja +++ b/docs/manual/env.xml.ja @@ -1,7 +1,7 @@ - + + + + - + + + + + - + + + + + diff --git a/docs/manual/misc/security_tips.xml.ko b/docs/manual/misc/security_tips.xml.ko index 94d8c0135fe..68b56802164 100644 --- a/docs/manual/misc/security_tips.xml.ko +++ b/docs/manual/misc/security_tips.xml.ko @@ -1,7 +1,7 @@ - + + + + + diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja index a328999e3dc..e3f480f25c4 100644 --- a/docs/manual/mod/core.xml.ja +++ b/docs/manual/mod/core.xml.ja @@ -1,7 +1,7 @@ - + + + - + + + + + diff --git a/docs/manual/ssl/ssl_faq.xml.meta b/docs/manual/ssl/ssl_faq.xml.meta index 61db8269666..a5d5a97804f 100644 --- a/docs/manual/ssl/ssl_faq.xml.meta +++ b/docs/manual/ssl/ssl_faq.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en index 423813f1a80..7e9d1237ff3 100644 --- a/docs/manual/ssl/ssl_howto.html.en +++ b/docs/manual/ssl/ssl_howto.html.en @@ -44,17 +44,16 @@ before progressing to the advanced techniques.

Your SSL configuration will need to contain, at minimum, the following directives.

-

- Listen 443
- <VirtualHost *:443>
- - ServerName www.example.com
- SSLEngine on
- SSLCertificateFile /path/to/www.example.com.cert
- SSLCertificateKeyFile /path/to/www.example.com.key
- - </VirtualHost> -

+
+Listen 443
+<VirtualHost *:443>
+    ServerName www.example.com
+    SSLEngine on
+    SSLCertificateFile /path/to/www.example.com.cert
+    SSLCertificateKeyFile /path/to/www.example.com.key
+</VirtualHost>
+
+
top
@@ -70,18 +69,20 @@ requires a strong cipher for access to a particular URL? only?

The following enables only the strongest ciphers:

-

httpd.conf

- SSLCipherSuite HIGH:!aNULL:!MD5
-

+ 
+      SSLCipherSuite HIGH:!aNULL:!MD5
+
+

While with the following configuration you specify a preference for specific speed-optimized ciphers (which will be selected by mod_ssl, provided that they are supported by the client):

-

httpd.conf

- SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
- SSLHonorCipherOrder on -

+ 
+SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
+SSLHonorCipherOrder on
+
+

How can I create an SSL server which accepts all types of ciphers @@ -94,16 +95,17 @@ URL?

blocks, to give a per-directory solution, and can automatically force a renegotiation of the SSL parameters to meet the new configuration. This can be done as follows:

-

- # be liberal in general
- SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-
- <Location /strong/area>
- # but https://hostname/strong/area/ and below
- # requires strong ciphers
- SSLCipherSuite HIGH:!aNULL:!MD5
- </Location> -

+ 
+# be liberal in general
+SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
+
+<Location /strong/area>
+# but https://hostname/strong/area/ and below
+# requires strong ciphers
+SSLCipherSuite HIGH:!aNULL:!MD5
+</Location>
+
+
top
@@ -128,13 +130,14 @@ Intranet website, for clients coming from the Internet? need to do is to create client certificates signed by your own CA certificate (ca.crt) and then verify the clients against this certificate.

-

httpd.conf

- # require a client certificate which has to be directly
- # signed by our CA certificate in ca.crt
- SSLVerifyClient require
- SSLVerifyDepth 1
- SSLCACertificateFile conf/ssl.crt/ca.crt -

+ 
+# require a client certificate which has to be directly
+# signed by our CA certificate in ca.crt
+SSLVerifyClient require
+SSLVerifyDepth 1
+SSLCACertificateFile conf/ssl.crt/ca.crt
+
+

How can I force clients to authenticate using certificates for a @@ -145,15 +148,16 @@ Intranet website, for clients coming from the Internet? you can use the per-directory reconfiguration features of mod_ssl:

-

httpd.conf

- SSLVerifyClient none
- SSLCACertificateFile conf/ssl.crt/ca.crt
-
- <Location /secure/area>
- SSLVerifyClient require
- SSLVerifyDepth 1
- </Location>
-

+ 
+SSLVerifyClient none
+SSLCACertificateFile conf/ssl.crt/ca.crt
+
+<Location /secure/area>
+SSLVerifyClient require
+SSLVerifyDepth 1
+</Location>
+
+

How can I allow only clients who have certificates to access a @@ -172,22 +176,23 @@ Intranet website, for clients coming from the Internet? you should establish a password database containing all clients allowed, as follows:

-

httpd.conf

+    
 SSLVerifyClient      none
 <Directory /usr/local/apache2/htdocs/secure/area>
+    SSLVerifyClient      require
+    SSLVerifyDepth       5
+    SSLCACertificateFile conf/ssl.crt/ca.crt
+    SSLCACertificatePath conf/ssl.crt
+    SSLOptions           +FakeBasicAuth
+    SSLRequireSSL
+    AuthName             "Snake Oil Authentication"
+    AuthType             Basic
+    AuthBasicProvider    file
+    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    Require              valid-user
+</Directory>
+    

 
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-AuthName             "Snake Oil Authentication"
-AuthType             Basic
-AuthBasicProvider    file
-AuthUserFile         /usr/local/apache2/conf/httpd.passwd
-Require              valid-user
-</Directory>

The password used in this example is the DES encrypted string "password". See the SSLOptions docs for more @@ -202,10 +207,9 @@ Require valid-user into the DN, you can match them more easily using SSLRequire, as follows:

-

httpd.conf

+    
 SSLVerifyClient      none
 <Directory /usr/local/apache2/htdocs/secure/area>
-
   SSLVerifyClient      require
   SSLVerifyDepth       5
   SSLCACertificateFile conf/ssl.crt/ca.crt
@@ -214,7 +218,9 @@ SSLVerifyClient      none
   SSLRequireSSL
   SSLRequire       %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." \
                and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
-</Directory>
+</Directory> + +

How can I require HTTPS with strong ciphers, and either basic @@ -229,49 +235,51 @@ plain HTTP access for clients on the Intranet.

This configuration should remain outside of your HTTPS virtual host, so that it applies to both HTTPS and HTTP.

-

httpd.conf

+    
 SSLCACertificateFile conf/ssl.crt/company-ca.crt
 
 <Directory /usr/local/apache2/htdocs>
-#   Outside the subarea only Intranet access is granted
-Order                deny,allow
-Deny                 from all
-Allow                from 192.168.1.0/24
+    #   Outside the subarea only Intranet access is granted
+    Order                deny,allow
+    Deny                 from all
+    Allow                from 192.168.1.0/24
 </Directory>
 
 <Directory /usr/local/apache2/htdocs/subarea>
-#   Inside the subarea any Intranet access is allowed
-#   but from the Internet only HTTPS + Strong-Cipher + Password
-#   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-
-#   If HTTPS is used, make sure a strong cipher is used.
-#   Additionally allow client certs as alternative to basic auth.
-SSLVerifyClient      optional
-SSLVerifyDepth       1
-SSLOptions           +FakeBasicAuth +StrictRequire
-SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
-
-#   Force clients from the Internet to use HTTPS
-RewriteEngine        on
-RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-RewriteCond          %{HTTPS} !=on
-RewriteRule          . - [F]
-
-#   Allow Network Access and/or Basic Auth
-Satisfy              any
-
-#   Network Access Control
-Order                deny,allow
-Deny                 from all
-Allow                192.168.1.0/24
-
-#   HTTP Basic Authentication
-AuthType             basic
-AuthName             "Protected Intranet Area"
-AuthBasicProvider    file
-AuthUserFile         conf/protected.passwd
-Require              valid-user
-</Directory>
+ # Inside the subarea any Intranet access is allowed + # but from the Internet only HTTPS + Strong-Cipher + Password + # or the alternative HTTPS + Strong-Cipher + Client-Certificate + + # If HTTPS is used, make sure a strong cipher is used. + # Additionally allow client certs as alternative to basic auth. + SSLVerifyClient optional + SSLVerifyDepth 1 + SSLOptions +FakeBasicAuth +StrictRequire + SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + + # Force clients from the Internet to use HTTPS + RewriteEngine on + RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ + RewriteCond %{HTTPS} !=on + RewriteRule . - [F] + + # Allow Network Access and/or Basic Auth + Satisfy any + + # Network Access Control + Order deny,allow + Deny from all + Allow 192.168.1.0/24 + + # HTTP Basic Authentication + AuthType basic + AuthName "Protected Intranet Area" + AuthBasicProvider file + AuthUserFile conf/protected.passwd + Require valid-user +</Directory> + +
top
diff --git a/docs/manual/ssl/ssl_howto.html.fr b/docs/manual/ssl/ssl_howto.html.fr index d698794d3f3..0fe1dbf46e2 100644 --- a/docs/manual/ssl/ssl_howto.html.fr +++ b/docs/manual/ssl/ssl_howto.html.fr @@ -24,6 +24,8 @@

Langues Disponibles:  en  |  fr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.

Ce document doit vous permettre de démarrer et de faire fonctionner diff --git a/docs/manual/ssl/ssl_howto.xml.fr b/docs/manual/ssl/ssl_howto.xml.fr index 632ea4b2898..035106e20d4 100644 --- a/docs/manual/ssl/ssl_howto.xml.fr +++ b/docs/manual/ssl/ssl_howto.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/ssl/ssl_howto.xml.meta b/docs/manual/ssl/ssl_howto.xml.meta index b7c021fd9a8..8d9a5237f4e 100644 --- a/docs/manual/ssl/ssl_howto.xml.meta +++ b/docs/manual/ssl/ssl_howto.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en index c990224cd73..6fca13483fc 100644 --- a/docs/manual/suexec.html.en +++ b/docs/manual/suexec.html.en @@ -476,10 +476,11 @@

If for example, your web server is configured to run as:

-

- User www
- Group webgroup
-

+ 
+User www
+Group webgroup
+
+

and suexec is installed at "/usr/local/apache2/bin/suexec", you should run:

diff --git a/docs/manual/suexec.html.fr b/docs/manual/suexec.html.fr index 44bec918468..5eebc32d4eb 100644 --- a/docs/manual/suexec.html.fr +++ b/docs/manual/suexec.html.fr @@ -27,6 +27,8 @@  ko  |  tr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.

La fonctionnalité suEXEC permet l'exécution des programmes CGI et diff --git a/docs/manual/suexec.xml.fr b/docs/manual/suexec.xml.fr index 19fbaac9bb4..a346dba3bf9 100644 --- a/docs/manual/suexec.xml.fr +++ b/docs/manual/suexec.xml.fr @@ -3,7 +3,7 @@ - + + + + - + - + + + + + diff --git a/docs/manual/vhosts/examples.xml.ja b/docs/manual/vhosts/examples.xml.ja index 0da43c657e1..ed7237d7f25 100644 --- a/docs/manual/vhosts/examples.xml.ja +++ b/docs/manual/vhosts/examples.xml.ja @@ -1,7 +1,7 @@ - + + + + + + + + diff --git a/docs/manual/vhosts/ip-based.xml.ja b/docs/manual/vhosts/ip-based.xml.ja index 2acee10af0b..7bb1e28ad8e 100644 --- a/docs/manual/vhosts/ip-based.xml.ja +++ b/docs/manual/vhosts/ip-based.xml.ja @@ -1,7 +1,7 @@ - + + + + + + + + diff --git a/docs/manual/vhosts/name-based.xml.ja b/docs/manual/vhosts/name-based.xml.ja index f9d8bd8e77d..e9167b986a9 100644 --- a/docs/manual/vhosts/name-based.xml.ja +++ b/docs/manual/vhosts/name-based.xml.ja @@ -1,7 +1,7 @@ - + + +