From: Luca Toscano Date: Fri, 19 Feb 2016 13:26:22 +0000 (+0000) Subject: Backported Doc change for sections.html, moved example sections to highligh. X-Git-Tag: 2.2.32~150 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=575fb9e2f02dae6512285d1902d2edbb82e24d4e;p=thirdparty%2Fapache%2Fhttpd.git Backported Doc change for sections.html, moved example sections to highligh. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1731240 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/sections.xml b/docs/manual/sections.xml index cbe052667c1..4ec4b689604 100644 --- a/docs/manual/sections.xml +++ b/docs/manual/sections.xml @@ -74,11 +74,11 @@ with the following configuration, all requests will be redirected to another site only if the server is started using httpd -DClosedForNow:

- -<IfDefine ClosedForNow>
-Redirect / http://otherserver.example.com/
+ +<IfDefine ClosedForNow> + Redirect / http://otherserver.example.com/ </IfDefine> - +

The IfModule directive is very similar, except it encloses directives that will @@ -96,11 +96,11 @@ about missing modules.

module="mod_mime_magic">MimeMagicFile directive will be applied only if mod_mime_magic is available.

- -<IfModule mod_mime_magic.c>
-MimeMagicFile conf/magic
+ +<IfModule mod_mime_magic.c> + MimeMagicFile conf/magic </IfModule> - +

The IfVersion directive is very similar to - - <IfVersion >= 2.1>
- - # this happens only in versions greater or
- # equal 2.1.0.
- - </IfVersion> - + +<IfVersion >= 2.1> + # this happens only in versions greater or + # equal 2.1.0. +</IfVersion> +

IfDefine, IfModule, and the @@ -161,11 +159,11 @@ href="howto/htaccess.html">.htaccess files. For example, in the following configuration, directory indexes will be enabled for the /var/web/dir1 directory and all subdirectories.

- -<Directory /var/web/dir1>
-Options +Indexes
+ +<Directory /var/web/dir1> + Options +Indexes </Directory> - +

Directives enclosed in a Files section apply to any file with @@ -175,12 +173,12 @@ when placed in the main section of the configuration file, deny access to any file named private.html regardless of where it is found.

- -<Files private.html>
-Order allow,deny
-Deny from all
+ +<Files private.html> + Order allow,deny + Deny from all </Files> - +

To address files found in a particular part of the filesystem, the Files and @@ -192,14 +190,14 @@ access to /var/web/dir1/private.html, of private.html found under the /var/web/dir1/ directory.

- -<Directory /var/web/dir1>
-<Files private.html>
-Order allow,deny
-Deny from all
-</Files>
+ +<Directory /var/web/dir1> + <Files private.html> + Order allow,deny + Deny from all + </Files> </Directory> - +
Webspace Containers @@ -215,12 +213,12 @@ In particular, it will apply to requests for http://yoursite.example.com/private/dir/file.html as well as any other requests starting with the /private string.

- -<LocationMatch ^/private>
-Order Allow,Deny
-Deny from all
+ +<LocationMatch ^/private> + Order Allow,Deny + Deny from all </LocationMatch> - +

The Location directive need not have anything to do with the filesystem. @@ -229,11 +227,11 @@ URL to an internal Apache handler provided by mod_status. No file called server-status needs to exist in the filesystem.

- -<Location /server-status>
-SetHandler server-status
+ +<Location /server-status> + SetHandler server-status </Location> - +
Wildcards and Regular Expressions @@ -262,20 +260,20 @@ how directives are applied.

A non-regex wildcard section that changes the configuration of all user directories could look as follows:

- -<Directory /home/*/public_html>
-Options Indexes
+ +<Directory /home/*/public_html> + Options Indexes </Directory> - +

Using regex sections, we can deny access to many types of image files at once:

- -<FilesMatch \.(?i:gif|jpe?g|png)$>
-Order allow,deny
-Deny from all
+ +<FilesMatch \.(?i:gif|jpe?g|png)$> + Order allow,deny + Deny from all </FilesMatch> - +
@@ -297,12 +295,12 @@ different webspace locations (URLs) could map to the same filesystem location, allowing your restrictions to be circumvented. For example, consider the following configuration:

- -<Location /dir/>
-Order allow,deny
-Deny from all
+ +<Location /dir/> + Order allow,deny + Deny from all </Location> - +

This works fine if the request is for http://yoursite.example.com/dir/. But what if you are on @@ -346,16 +344,17 @@ see the Virtual Host Documentation.

and ProxyMatch containers apply enclosed configuration directives only to sites accessed through mod_proxy's proxy server -that match the specified URL. For example, the following configuration -will prevent the proxy server from being used to access the -cnn.com website.

- - -<Proxy http://cnn.com/*>
-Order allow,deny
-Deny from all
+that match the specified URL. For example, the following configuration +will allow only a subset of clients to access the +www.example.com website using the proxy server:

+ + +<Proxy "http://www.example.com/*"> + Order allow,deny + Allow from 192.168.1.104 192.168.1.205 + Deny from all </Proxy> - +
What Directives are Allowed? @@ -448,9 +447,7 @@ are interpreted, it is important to understand how this works.

type="section">Directory container in the processing order.

-

Later sections override earlier ones.

- -Technical Note + Technical Note There is actually a <Location>/<LocationMatch> sequence performed just before the name translation phase @@ -458,7 +455,51 @@ are interpreted, it is important to understand how this works.

are used to map URLs to filenames). The results of this sequence are completely thrown away after the translation has completed. - + + +
Relationship between modules and configuration sections +

One question that often arises after reading how configuration sections are + merged is related to how and when directives of specific modules like mod_rewrite + are processed. The answer is not trivial and needs a bit of background. + Each httpd module manages its own configuration, and each of its directives in httpd.conf specify one piece + of configuration in a particular context. httpd does not execute a command as it is read.

+

At runtime, the core of httpd iterates over the defined configuration sections in the order + described above to determine which ones apply to the current request. When the first section matches, + it is considered the current configuration for this request. If a subsequent section matches too, + then each module with a directive in either of the sections is given a chance to merge its configuration between the two sections. The result is a third configuration, and the process goes on until all the configuration sections + are evaluated.

+

After the above step, the "real" processing of the HTTP request begins: each module has a chance to run + and perform whatever tasks they like. They can retrieve their own final merged configuration from the core + of the httpd to determine how they should act.

+

An example can help to visualize the whole process. The following configuration uses the + Header directive of mod_headers to set + a specific HTTP header. What value will httpd set in the CustomHeaderName header for a request to + /example/index.html ? +

+ + +<Directory "/"> + Header set CustomHeaderName one + <FilesMatch ".*"> + Header set CustomHeaderName three + </FilesMatch> +</Directory> + +<Directory "/example"> + Header set CustomHeaderName two +</Directory> + + +
    +
  • Directory "/" matches and an initial configuration to set the CustomHeaderName header with the value one is created.
    • +
  • Directory "/example" matches, and since mod_headers specifies in its code to override in case of a merge, a new configuration is created to set the CustomHeaderName header with the value two.
    • +
  • FilesMatch ".*" matches and another merge opportunity arises, causing the CustomHeaderName header to be set with the value three.
    • +
  • Eventually during the next steps of the HTTP request processing mod_headers will be called and it will receive the configuration to set the CustomHeaderName header with the value three. mod_headers normally uses this configuration to perfom its job, namely setting the foo header. This does not mean that a module can't perform a more complex action like discarding directives because not needed or deprecated, etc..
    • +
+ +

This is true for .htaccess too since they have the same priority as Directory in the merge order. The important concept to understand is that configuration sections like Directory and FilesMatch are not comparable to module specific directives like Header or RewriteRule because they operate on different levels. +

+
Some Examples @@ -467,30 +508,30 @@ merging. Assuming they all apply to the request, the directives in this example will be applied in the order A > B > C > D > E.

- -<Location />
-E
-</Location>
-
-<Files f.html>
-D
-</Files>
-
-<VirtualHost *>
-<Directory /a/b>
-B
-</Directory>
-</VirtualHost>
-
-<DirectoryMatch "^.*b/">
-C
-</DirectoryMatch>
-
-<Directory /a/b>
-A
-</Directory>
-
- + +<Location "/"> + E +</Location> + +<Files "f.html"> + D +</Files> + +<VirtualHost *> +<Directory "/a/b"> + B +</Directory> +</VirtualHost> + +<DirectoryMatch "^.*b$"> + C +</DirectoryMatch> + +<Directory "/a/b"> + A +</Directory> + +

For a more concrete example, consider the following. Regardless of any access restrictions placed in Location section will be evaluated last and will allow unrestricted access to the server. In other words, order of merging is important, so be careful!

- -<Location />
-Order deny,allow
-Allow from all
-</Location>
-
-# Woops! This <Directory> section will have no effect
-<Directory />
-Order allow,deny
-Allow from all
-Deny from badguy.example.com
+ +<Location "/"> + Require all granted +</Location> + +# Woops! This <Directory> section will have no effect +<Directory "/"> + <RequireAll> + Require all granted + Require not host badguy.example.com + </RequireAll> </Directory> - +