From: Stefan Fritsch Date: Sat, 25 Sep 2010 12:01:59 +0000 (+0000) Subject: Update transformations X-Git-Tag: 2.3.9~430 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8a9c06fcc76982e082ba8a9af8d160ca26c01a5;p=thirdparty%2Fapache%2Fhttpd.git Update transformations git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1001201 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/developer/new_api_2_4.html.en b/docs/manual/developer/new_api_2_4.html.en index acea6b43c14..8c09bfac876 100644 --- a/docs/manual/developer/new_api_2_4.html.en +++ b/docs/manual/developer/new_api_2_4.html.en @@ -72,7 +72,8 @@

In addition to the existing regexp wrapper, a new higher-level API ap_rxplus is now provided. This provides the capability to compile Perl-style expressions like s/regexp/replacement/flags - and to execute them against arbitrary strings. Also regexp memory.

+ and to execute them against arbitrary strings. Support for regexp + backreference.

ap_slotmem (NEW!)

diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en index 18f573c5896..70d8eb2278c 100644 --- a/docs/manual/mod/mod_authz_core.html.en +++ b/docs/manual/mod/mod_authz_core.html.en @@ -53,6 +53,7 @@
top
@@ -164,6 +165,88 @@ </Directory>

+
top
+
+

The Require Directives

+ +

mod_authz_core provides some generic authorization + providers which can be used with the + Require directive.

+ +

Require env

+ +

The env provider allows access to the server + to be controlled based on the existence of an environment variable. When Require + env env-variable is specified, then the request is + allowed access if the environment variable env-variable + exists. The server provides the ability to set environment + variables in a flexible way based on characteristics of the client + request using the directives provided by + mod_setenvif. Therefore, this directive can be + used to allow access based on such factors as the clients + User-Agent (browser type), Referer, or + other HTTP request header fields.

+ +

Example:

+ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+ <Directory /docroot>
+ + Require env let_me_in
+ + </Directory> +

+ +

In this case, browsers with a user-agent string beginning + with KnockKnock/2.0 will be allowed access, and all + others will be denied.

+ + + +

Require all

+ +

The all provider mimics the functionality the + was previously provided by the 'Allow from all' and 'Deny from all' + directives. This provider can take one of two arguments which are + 'granted' or 'denied'. The following examples will grant or deny + access to all requests.

+ +

+ Require all granted
+

+ +

+ Require all denied
+

+ + + +

Require method

+ +

The method provider allows to use the HTTP method in + authorization decisions. The GET and HEAD methods are treated as + equivalent. The TRACE method is not available to this provider, + use TraceEnable instead.

+ +

The following example will only allow GET, HEAD, POST, and OPTIONS + requests:

+ +

+ Require method GET POST OPTIONS
+

+ +

The following example will allow GET, HEAD, POST, and OPTIONS + requests without authentication, and require a valid user for all other + methods:

+ +

+ <RequireAny>
+  Require method GET POST OPTIONS
+  Require valid-user
+ </RequireAny>
+

+ + +
top

AuthMerging Directive

@@ -273,9 +356,28 @@ an authorization provider.

This directive tests whether an authenticated user is authorized according to a particular authorization provider and the specified - restrictions. Some of the allowed syntaxes provided by - mod_authz_user and - mod_authz_groupfile are:

+ restrictions. mod_authz_core provides the following + generic authorization providers:

+ +
+
Require all granted
+
Access is allowed unconditionally.
+ +
Require all denied
+
Access is denied unconditionally.
+ +
Require env env-var [env-var] + ...
+
Access is allowed only if one of the given environment variables is + set.
+ +
Require method http-method [http-method] + ...
+
Access is allowed only for the given HTTP methods.
+
+ +

Some of the allowed syntaxes provided by mod_authz_user + and mod_authz_groupfile are:

Require user userid [userid] @@ -296,8 +398,8 @@ an authorization provider. mod_authz_host, and mod_authz_owner.

-

For a complete authentication and authorization configuration, - Require must be accompanied by +

In most cases, for a complete authentication and authorization + configuration, Require must be accompanied by AuthName, AuthType and AuthBasicProvider or AuthDigestProvider diff --git a/docs/manual/mod/mod_authz_host.html.en b/docs/manual/mod/mod_authz_host.html.en index c2fa94c1fb2..42cc0877b2a 100644 --- a/docs/manual/mod/mod_authz_host.html.en +++ b/docs/manual/mod/mod_authz_host.html.en @@ -40,8 +40,7 @@ address) or <Location> section as well as .htaccess files to control access to particular parts of the server. - Access can be controlled based on the client hostname, IP address, or - other characteristics of the client request, as captured in environment variables.

+ Access can be controlled based on the client hostname or IP address.

In general, access restriction directives apply to all access methods (GET, PUT, @@ -69,44 +68,13 @@ address)

Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the - authorization types with env, ip, - host and all. Other authorization types may also be + authorization types with ip and host. + Other authorization types may also be used but may require that additional authorization modules be loaded.

These authorization providers affect which hosts can access an area of the server. Access can be controlled by - hostname, IP Address, IP Address range, or by other - characteristics of the client request captured in environment - variables.

- -

Require env

- -

The env provider allows access to the server - to be controlled based on the existence of an environment variable. When Require - env env-variable is specified, then the request is - allowed access if the environment variable env-variable - exists. The server provides the ability to set environment - variables in a flexible way based on characteristics of the client - request using the directives provided by - mod_setenvif. Therefore, this directive can be - used to allow access based on such factors as the clients - User-Agent (browser type), Referer, or - other HTTP request header fields.

- -

Example:

- SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
- <Directory /docroot>
- - Require env let_me_in
- - </Directory> -

- -

In this case, browsers with a user-agent string beginning - with KnockKnock/2.0 will be allowed access, and all - others will be denied.

- - + hostname, IP Address, or IP Address range.

Require ip

@@ -191,52 +159,6 @@ address) -

Require all

- -

The all provider mimics the functionality the - was previously provided by the 'Allow from all' and 'Deny from all' - directives. This provider can take one of two arguments which are - 'granted' or 'denied'. The following examples will grant or deny - access to all requests.

- -

- Require all granted
-

- -

- Require all denied
-

- - - -

Require method

- -

The method provider allows to use the HTTP method in - authorization decisions. The GET and HEAD methods are treated as - equivalent. The TRACE method is not available to this provider, - use TraceEnable instead.

- -

The following example will only allow GET, HEAD, POST, and OPTIONS - requests:

- -

- Require method GET POST OPTIONS
-

- -

The following example will allow GET, HEAD, POST, and OPTIONS - requests without authentication, and require a valid user for all other - methods:

- -

- <RequireAny>
-  Require method GET POST OPTIONS
-  Require valid-user
- </RequireAny>
-

- - - -