From: Graham Leggett Date: Fri, 4 Apr 2008 16:25:37 +0000 (+0000) Subject: Run transformation on new documentation X-Git-Tag: 2.3.0~815 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db55a56f3f2088d828add8d5ef3641db4d0ec95f;p=thirdparty%2Fapache%2Fhttpd.git Run transformation on new documentation git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644759 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/allmodules.xml b/docs/manual/mod/allmodules.xml index 2bf8eefa029..771fbfec40b 100644 --- a/docs/manual/mod/allmodules.xml +++ b/docs/manual/mod/allmodules.xml @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml mod_so.xml mod_speling.xml diff --git a/docs/manual/mod/allmodules.xml.de b/docs/manual/mod/allmodules.xml.de index 787e05075af..0c764736a66 100644 --- a/docs/manual/mod/allmodules.xml.de +++ b/docs/manual/mod/allmodules.xml.de @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml mod_so.xml mod_speling.xml diff --git a/docs/manual/mod/allmodules.xml.es b/docs/manual/mod/allmodules.xml.es index adf09fb8a20..c7d89c3ab65 100644 --- a/docs/manual/mod/allmodules.xml.es +++ b/docs/manual/mod/allmodules.xml.es @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml mod_so.xml mod_speling.xml diff --git a/docs/manual/mod/allmodules.xml.ja b/docs/manual/mod/allmodules.xml.ja index 0782c2eb312..5453d59e833 100644 --- a/docs/manual/mod/allmodules.xml.ja +++ b/docs/manual/mod/allmodules.xml.ja @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml.ja mod_so.xml.ja mod_speling.xml.ja diff --git a/docs/manual/mod/allmodules.xml.ko b/docs/manual/mod/allmodules.xml.ko index 057508fac8e..55fa83c3789 100644 --- a/docs/manual/mod/allmodules.xml.ko +++ b/docs/manual/mod/allmodules.xml.ko @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml.ko mod_so.xml.ko mod_speling.xml.ko diff --git a/docs/manual/mod/allmodules.xml.tr b/docs/manual/mod/allmodules.xml.tr index 2bf8eefa029..771fbfec40b 100644 --- a/docs/manual/mod/allmodules.xml.tr +++ b/docs/manual/mod/allmodules.xml.tr @@ -66,6 +66,9 @@ mod_proxy_ftp.xml mod_proxy_http.xml mod_rewrite.xml + mod_session.xml + mod_session_cookie.xml + mod_session_crypto.xml mod_setenvif.xml mod_so.xml mod_speling.xml diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 830b2c30bce..f0e486a5628 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -379,6 +379,21 @@
  • ServerRoot
  • ServerSignature
  • ServerTokens
    • +
  • Session
    • +
  • SessionCookieName
    • +
  • SessionCookieName2
    • +
  • SessionCookieRemove
    • +
  • SessionCryptoCertificateFile
    • +
  • SessionCryptoCertificateKeyFile
    • +
  • SessionCryptoCipher
    • +
  • SessionCryptoDigest
    • +
  • SessionCryptoEngine
    • +
  • SessionCryptoPassphrase
    • +
  • SessionEnv
    • +
  • SessionExclude
    • +
  • SessionHeader
    • +
  • SessionInclude
    • +
  • SessionMaxAge
  • SetEnv
  • SetEnvIf
  • SetEnvIfNoCase
    • diff --git a/docs/manual/mod/index.html.en b/docs/manual/mod/index.html.en index f830799725a..def8c3e6f09 100644 --- a/docs/manual/mod/index.html.en +++ b/docs/manual/mod/index.html.en @@ -166,7 +166,10 @@ by other LDAP modules mod_proxy
    mod_rewrite
    Provides a rule-based rewriting engine to rewrite requested URLs on the fly
    -
    mod_setenvif
    Allows the setting of environment variables based +
    mod_session
    Session support
    +
    mod_session_cookie
    Cookie based session support
    +
    mod_session_crypto
    Session encryption support
    +
    mod_setenvif
    Allows the setting of environment variables based on characteristics of the request
    mod_so
    Loading of executable code and modules into the server at start-up or restart time
    diff --git a/docs/manual/mod/mod_session.html b/docs/manual/mod/mod_session.html new file mode 100644 index 00000000000..d1b7201085c --- /dev/null +++ b/docs/manual/mod/mod_session.html @@ -0,0 +1,3 @@ +URI: mod_session.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 diff --git a/docs/manual/mod/mod_session.html.en b/docs/manual/mod/mod_session.html.en new file mode 100644 index 00000000000..c2a03edc43c --- /dev/null +++ b/docs/manual/mod/mod_session.html.en @@ -0,0 +1,426 @@ + + + +mod_session - Apache HTTP Server + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.3

    +
    +
    <-
    +
    +Apache > HTTP Server > Documentation > Version 2.3 > Modules
    +
    +

    Apache Module mod_session

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Session support
    Status:Extension
    Module Identifier:session_module
    Source File:mod_session.c
    +

    Summary

    + +

    Warning

    +

    The session modules make use of HTTP cookies, and as such can fall + victim to Cross Site Scripting attacks, or expose potentially private + information to clients. Please ensure that the relevant risks have + been taken into account before enabling the session functionality on + your server.

    +
    + +

    This module provides support for a server wide per user session + interface. Sessions can be used for keeping track of whether a user + has been logged in, or for other per user information that should + be kept available across requests.

    + +

    Sessions may be stored on the server, or may be stored on the + browser. Sessions may also be optionally encrypted for added security. + These features are divided into several modules in addition to + mod_session: mod_session_crypto, + mod_session_cookie and mod_session_dbd. + Depending on the server requirements, load the appropriate modules + into the server (either statically at compile time or dynamically + via the LoalModule directive).

    + +

    Sessions may be manipulated from other modules that depend on the + session, or the session may be read from and written to using + environment variables and HTTP headers, as appropriate.

    + +
    + +
    top
    +
    +

    What is a session?

    +

    At the core of the session interface is a table of key and value pairs + that are made accessible across browser requests.

    + +

    These pairs can be set any valid set of strings, as needed by the + application making use of the session.

    + +
    top
    +
    +

    Who can use a session?

    +

    The session interface is primarily developed for the use by other + server modules, such as mod_auth_form, however CGI + based applications can optionally be granted access to the contents + of the session via the HTTP_SESSION environment variable. Sessions + have the option to be modified and/or updated by inserting an HTTP + response header containing the new session parameters.

    + +
    top
    +
    +

    Keeping sessions on the server

    +

    Apache can be configured to keep track of per user sessions stored + on a particular server or group of servers. This functionality is + similar to the sessions available in typical application servers.

    + +

    If configured, sessions are tracked through the use of a session ID that + is stored inside a cookie, or extracted from the parameters embedded + within the URL query string, as found in a typical GET request.

    + +

    As the contents of the session are stored exclusively on the server, + there is an expectation of privacy of the contents of the session. This + does have performance and resource implications should a large number + of sessions be present, or where a large number of webservers have to + share sessions with one another.

    + +

    The mod_session_dbd module allows the storage of user + sessions within a SQL database via mod_dbd.

    + +
    top
    +
    +

    Keeping sessions on the browser

    +

    Where keeping track of a session on a server is too resource + intensive or inconvenient, the option exists to store the contents + of the session within a cookie on the client browser instead.

    + +

    This has the advantage that minimal resources are required on the + server to keep track of sessions, and multiple servers within a server + farm have no need to share session information.

    + +

    The contents of the session however are exposed to the client, with a + corresponding risk of a loss of privacy. The + mod_session_crypto module can be configured to encrypt the + contents of the session before writing the session to the client.

    + +

    The mod_session_cookie allows the storage of user + sessions on the browser within an HTTP cookie.

    + +
    top
    +
    +

    Basic Examples

    + +

    Creating a session is as simple as turning the session on, and deciding + where the session will be stored. In this example, the session will be + stored on the browser, in a cookie called session.

    + +

    Browser based session

    + Session On
    + SessionCookieName session path=/
    +

    + +

    The session is not useful unless it can be written to or read from. The + following example shows how values can be injected into the session through + the use of a predetermined HTTP response header called + X-Replace-Session.

    + +

    Writing to a session

    + Session On
    + SessionCookieName session path=/
    + SessionHeader X-Replace-Session
    +

    + +

    The header should contain name value pairs expressed in the same format + as a query string in a URL, as in the example below. Setting a key to the + empty string has the effect of removing that key from the session.

    + +

    CGI to write to a session

    + #!/bin/bash
    + echo "Content-Type: text/plain"
    + echo "X-Replace-Session: key1=foo&key2=&key3=bar"
    + echo
    + env
    +

    + +

    If configured, the session can be read back from the HTTP_SESSION + environment variable. By default, the session is kept private, so this + has to be explicitly turned on with the + SessionEnv directive.

    + +

    Read from a session

    + Session On
    + SessionEnv On
    + SessionCookieName session path=/
    + SessionHeader X-Replace-Session
    +

    + +

    Once read, the CGI variable HTTP_SESSION should contain + the value key1=foo&key3=bar.

    + +
    top
    +
    +

    Session Privacy

    + +

    Using the "show cookies" feature of your browser, you would have seen + a clear text representation of the session. This could potentially be a + problem should the end user need to be kept unaware of the contents of + the session, or where a third party could gain unauthorised access to the + data within the session.

    + +

    The contents of the session can be optionally encrypted before being + placed on the browser using the mod_session_crypto + module.

    + +

    Browser based encrypted session

    + Session On
    + SessionCryptoPassphrase secret
    + SessionCookieName session path=/
    +

    + +

    The session will be automatically decrypted on load, and encrypted on + save by Apache, the underlying application using the session need have + no knowledge that encryption is taking place.

    + +

    Sessions stored on the server rather than on the browser can also be + encrypted as needed, offering privacy where potentially sensitive + information is being shared between webservers in a server farm using + the mod_session_dbd module.

    + +
    top
    +
    +

    Cookie Privacy

    + +

    The HTTP cookie mechanism also offers privacy features, such as the + ability to restrict cookie transport to SSL protected pages only, or + to prevent browser based javascript from gaining access to the contents + of the cookie.

    + +

    Warning

    +

    Some of the HTTP cookie privacy features are either non standard, or + are not implemented consistently across browsers. The session modules + allow you to set cookie parameters, but it makes no guarantee that privacy + will be respected by the browser. If security is a concern, use the + mod_session_crypto to encrypt the contents of the session, + or store the session on the server using the mod_session_dbd + module.

    +
    + +

    Standard cookie parameters can be specified after the name of the cookie, + as in the example below.

    + +

    Setting cookie parameters

    + Session On
    + SessionCryptoPassphrase secret
    + SessionCookieName session path=/private;domain=example.com;httponly;secure;
    +

    + +

    In cases where the Apache server forms the frontend for backend origin servers, + it is possible to have the session cookies removed from the incoming HTTP headers using + the SessionCookieRemove directive. + This keeps the contents of the session cookies from becoming accessible from the + backend server. +

    + +
    top
    +
    +

    Session Support for Authentication

    + +

    As is possible within many application servers, authentication modules can use + a session for storing the username and password after login. The + mod_auth_form saves the user's login name and password within + the session.

    + +

    Form based authentication

    + Session On
    + SessionCryptoPassphrase secret
    + SessionCookieName session path=/
    + AuthFormProvider file
    + AuthUserFile conf/passwd
    + AuthType form
    + AuthName realm
    + ...
    +

    + +

    See the mod_auth_form module for documentation and complete + examples.

    + +
    +
    top
    +

    Session Directive

    + + + + + + + + +
    Description:Enables a session for the current directory or location
    Syntax:Session On|Off
    Default:Session Off
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    The Session directive enables a session for the + directory or location container. Further directives control where the + session will be stored and how privacy is maintained.

    + +
    +
    top
    +

    SessionEnv Directive

    + + + + + + + + +
    Description:Control whether the contents of the session are written to the +HTTP_SESSION environment variable
    Syntax:SessionEnv On|Off
    Default:SessionEnv Off
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    If set to On, the SessionEnv directive + causes the contents of the session to be written to a CGI environment + variable called HTTP_SESSION.

    + +

    The string is written in the URL query format, for example:

    + +

    + key1=foo&key3=bar +

    + + +
    +
    top
    +

    SessionExclude Directive

    + + + + + + + + +
    Description:Define URL prefixes for which a session is ignored
    Syntax:SessionExclude path
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionExclude directive allows sessions to + be disabled specific URL prefixes only. This can be used to make a + website more efficient, by targeting a more precise URL space for which + a session should be maintained. By default, all URLs within the directory + or location are included in the session. The + SessionExclude directive takes + precedence over the + SessionInclude directive.

    + +

    Warning

    +

    This directive has a similar purpose to the path attribute + in HTTP cookies, but should not be confused with this attribute. This + directive does not set the path attribute, which must be + configured separately.

    + +
    +
    top
    +

    SessionHeader Directive

    + + + + + + + + +
    Description:Import session updates from a given HTTP response header
    Syntax:SessionHeader header
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionHeader directive defines the name of an + HTTP response header which, if present, will be parsed and written to the + current session.

    + +

    The header value is expected to be in the URL query format, for example:

    + +

    + key1=foo&key2=&key3=bar +

    + +

    Where a key is set to the empty string, that key will be removed from the + session.

    + + +
    +
    top
    +

    SessionInclude Directive

    + + + + + + + + +
    Description:Define URL prefixes for which a session is valid
    Syntax:SessionInclude path
    Default:all URLs
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionInclude directive allows sessions to + be made valid for specific URL prefixes only. This can be used to make a + website more efficient, by targeting a more precise URL space for which + a session should be maintained. By default, all URLs within the directory + or location are included in the session.

    + +

    Warning

    +

    This directive has a similar purpose to the path attribute + in HTTP cookies, but should not be confused with this attribute. This + directive does not set the path attribute, which must be + configured separately.

    + +
    +
    top
    +

    SessionMaxAge Directive

    + + + + + + + + +
    Description:Define a maximum age in seconds for a session
    Syntax:SessionMaxAge maxage
    Default:SessionMaxAge 0
    Context:directory
    Status:Extension
    Module:mod_session
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionMaxAge directive defines a time limit + for which a session will remain valid. When a session is saved, this time + limit is reset and an existing session can be continued. If a session + becomes older than this limit without a request to the server to refresh + the session, the session will time out and be removed. Where a session is + used to stored user login details, this has the effect of logging the user + out automatically after the given time.

    + +

    Setting the maxage to zero disables session expiry.

    + +
    +
    +
    +

    Available Languages:  en 

    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_session.xml.meta b/docs/manual/mod/mod_session.xml.meta new file mode 100644 index 00000000000..8174287b4da --- /dev/null +++ b/docs/manual/mod/mod_session.xml.meta @@ -0,0 +1,11 @@ + + + + mod_session + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/mod_session_cookie.html b/docs/manual/mod/mod_session_cookie.html new file mode 100644 index 00000000000..0fc3e74f533 --- /dev/null +++ b/docs/manual/mod/mod_session_cookie.html @@ -0,0 +1,3 @@ +URI: mod_session_cookie.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 diff --git a/docs/manual/mod/mod_session_cookie.html.en b/docs/manual/mod/mod_session_cookie.html.en new file mode 100644 index 00000000000..29af571e847 --- /dev/null +++ b/docs/manual/mod/mod_session_cookie.html.en @@ -0,0 +1,174 @@ + + + +mod_session_cookie - Apache HTTP Server + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.3

    +
    +
    <-
    +
    +Apache > HTTP Server > Documentation > Version 2.3 > Modules
    +
    +

    Apache Module mod_session_cookie

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Cookie based session support
    Status:Extension
    Module Identifier:session_cookie_module
    Source File:mod_session_cookie.c
    +

    Summary

    + +

    Warning

    +

    The session modules make use of HTTP cookies, and as such can fall + victim to Cross Site Scripting attacks, or expose potentially private + information to clients. Please ensure that the relevant risks have + been taken into account before enabling the session functionality on + your server.

    +
    + +

    This submodule of mod_session provides support for the + storage of user sessions on the remote browser within HTTP cookies.

    + +

    Using cookies to store a session removes the need for the server or + a group of servers to store the session locally, or collaborate to share + a session, and can be useful for high traffic environments where a + server based session might be too resource intensive.

    + +

    If session privacy is required, the mod_session_crypto + module can be used to encrypt the contents of the session before writing + the session to the client.

    + +

    For more details on the session interface, see the documentation for + the mod_session module.

    + +
    + +
    top
    +
    +

    Basic Examples

    + +

    To create a simple session and store it in a cookie called + session, configure the session as follows:

    + +

    Browser based session

    + Session On
    + SessionCookieName session path=/
    +

    + +

    For more examples on how the session can be configured to be read + from and written to by a CGI application, see the + mod_session examples section.

    + +

    For documentation on how the session can be used to store username + and password details, see the mod_auth_form module.

    + +
    +
    top
    +

    SessionCookieName Directive

    + + + + + + + + +
    Description:Name and attributes for the RFC2109 cookie storing the session
    Syntax:SessionCookieName name attributes
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_cookie
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCookieName directive specifies the name and + optional attributes of an RFC2109 compliant cookie inside which the session will + be stored. RFC2109 cookies are set using the Set-Cookie HTTP header. +

    + +

    An optional list of cookie attributes can be specified, as per the example below. + These attributes are inserted into the cookie as is, and are not interpreted by + Apache. Ensure that your attributes are defined correctly as per the cookie specification. +

    + +

    Cookie with attributes

    + Session On
    + SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;
    +

    + + +
    +
    top
    +

    SessionCookieName2 Directive

    + + + + + + + + +
    Description:Name and attributes for the RFC2965 cookie storing the session
    Syntax:SessionCookieName2 name attributes
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_cookie
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCookieName2 directive specifies the name and + optional attributes of an RFC2965 compliant cookie inside which the session will + be stored. RFC2965 cookies are set using the Set-Cookie2 HTTP header. +

    + +

    An optional list of cookie attributes can be specified, as per the example below. + These attributes are inserted into the cookie as is, and are not interpreted by + Apache. Ensure that your attributes are defined correctly as per the cookie specification. +

    + +

    Cookie2 with attributes

    + Session On
    + SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
    +

    + + +
    +
    top
    +

    SessionCookieRemove Directive

    + + + + + + + + +
    Description:Control for whether session cookies should be removed from incoming HTTP headers
    Syntax:SessionCookieRemove On|Off
    Default:SessionCookieRemove Off
    Context:directory
    Status:Extension
    Module:mod_session_cookie
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCookieRemove flag controls whether the cookies + containing the session will be removed from the headers during request processing.

    + +

    In a reverse proxy situation where the Apache server acts as a server frontend for + a backend origin server, revealing the contents of the session cookie to the backend + could be a potential privacy violation. When set to on, the session cookie will be + removed from the incoming HTTP headers.

    + + +
    +
    +
    +

    Available Languages:  en 

    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_session_cookie.xml.meta b/docs/manual/mod/mod_session_cookie.xml.meta new file mode 100644 index 00000000000..aecee93d5aa --- /dev/null +++ b/docs/manual/mod/mod_session_cookie.xml.meta @@ -0,0 +1,11 @@ + + + + mod_session_cookie + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/mod_session_crypto.html b/docs/manual/mod/mod_session_crypto.html new file mode 100644 index 00000000000..03b9bdc47f8 --- /dev/null +++ b/docs/manual/mod/mod_session_crypto.html @@ -0,0 +1,3 @@ +URI: mod_session_crypto.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 diff --git a/docs/manual/mod/mod_session_crypto.html.en b/docs/manual/mod/mod_session_crypto.html.en new file mode 100644 index 00000000000..68c8efff213 --- /dev/null +++ b/docs/manual/mod/mod_session_crypto.html.en @@ -0,0 +1,221 @@ + + + +mod_session_crypto - Apache HTTP Server + + + + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.3

    +
    +
    <-
    +
    +Apache > HTTP Server > Documentation > Version 2.3 > Modules
    +
    +

    Apache Module mod_session_crypto

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Session encryption support
    Status:Extension
    Module Identifier:session_crypto_module
    Source File:mod_session_crypto.c
    +

    Summary

    + +

    Warning

    +

    The session modules make use of HTTP cookies, and as such can fall + victim to Cross Site Scripting attacks, or expose potentially private + information to clients. Please ensure that the relevant risks have + been taken into account before enabling the session functionality on + your server.

    +
    + +

    This submodule of mod_session provides support for the + encryption of user sessions before being written to a local database, or + written to a remove browser via an HTTP cookie.

    + +

    This can help provide privacy to user sessions where the contents of + the session should be kept private from the user, or where protection is + needed against the effects of cross site scripting attacks.

    + +

    For more details on the session interface, see the documentation for + the mod_session module.

    + +
    + +
    top
    +
    +

    Basic Usage

    + +

    To create a simple encrypted session and store it in a cookie called + session, configure the session as follows:

    + +

    Browser based encrypted session

    + Session On
    + SessionCookieName session path=/
    + SessionCryptoPassphrase secret +

    + +

    The session will be encrypted with the given key. Different servers can + be configured to share sessions by ensuring the same encryption key is used + on each server.

    + +

    If the encryption key is changed, sessions will be invalidated + automatically.

    + +

    For documentation on how the session can be used to store username + and password details, see the mod_auth_form module.

    + +
    +
    top
    +

    SessionCryptoCertificateFile Directive

    + + + + + + + + +
    Description:The certificate used to encrypt and decrypt the session
    Syntax:SessionCryptoCertificateFile file
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoCertificateFile directive specifies the name + of a certificate to be used to encrypt the contents of the session before writing + the session, or decrypting the content of the session after reading the session.

    + +

    Changing the certificate on a server has the effect of invalidating all existing + sessions.

    + +

    Experimental

    +

    This directive is dependent on experimental support for assymetrical encryption + support currently available in prerelease versions of OpenSSL, and will only be + available on platforms that support it.

    +
    + + +
    +
    top
    +

    SessionCryptoCertificateKeyFile Directive

    + + + + + + + + +
    Description:The certificate key used to encrypt and decrypt the session
    Syntax:SessionCryptoCertificateKeyFile file
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoCertificateKeyFile directive specifies the name + of a certificate key to be used alongside a certificate to encrypt the contents of the + session before writing the session, or decrypting the content of the session after reading + the session.

    + +

    Changing the certificate or key on a server has the effect of invalidating all existing + sessions.

    + +

    Experimental

    +

    This directive is dependent on experimental support for asymmetrical encryption + support currently available in prerelease versions of OpenSSL, and will only be + available on platforms that support it.

    +
    + + +
    +
    top
    +

    SessionCryptoCipher Directive

    + + + + + + + + +
    Description:The name of the cipher to use during encryption / decryption
    Syntax:SessionCryptoCipher cipher
    Default:AES256
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoCipher directive specifies the name + of the cipher to use during encryption. The ciphers available will depend on the + underlying encryption toolkit on the server platform.

    + +
    +
    top
    +

    SessionCryptoDigest Directive

    + + + + + + + + +
    Description:The name of the digest to use during encryption / decryption
    Syntax:SessionCryptoDigest cipher
    Default:SHA
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoDigest directive specifies the name + of the digest to use during encryption. The list of digests available will depend + on the underlying encryption toolkit on the server platform.

    + +
    +
    top
    +

    SessionCryptoEngine Directive

    + + + + + + + + +
    Description:The name of the engine to use during encryption / decryption
    Syntax:SessionCryptoEngine engine
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoEngine directive specifies the name + of the engine to use during encryption, depending on the capabilities of the + underlying encryption toolkit on the server platform.

    + +
    +
    top
    +

    SessionCryptoPassphrase Directive

    + + + + + + + + +
    Description:The key used to encrypt the session
    Syntax:SessionCryptoPassphrase secret
    Default:none
    Context:directory
    Status:Extension
    Module:mod_session_crypto
    Compatibility:Available in Apache 2.3.0 and later
    +

    The SessionCryptoPassphrase directive specifies the key + to be used to encrypt the contents of the session before writing the session, or + decrypting the contents of the session after reading the session.

    + +

    Keys are more secure when they are long, and consist of truly random characters. + Changing the key on a server has the effect of invalidating all existing sessions.

    + + +
    +
    +
    +

    Available Languages:  en 

    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_session_crypto.xml.meta b/docs/manual/mod/mod_session_crypto.xml.meta new file mode 100644 index 00000000000..2fdfdbd2b49 --- /dev/null +++ b/docs/manual/mod/mod_session_crypto.xml.meta @@ -0,0 +1,11 @@ + + + + mod_session_crypto + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index da315dc0e3b..a81021b5f54 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -676,129 +676,145 @@ is accessed by an incompatible browser ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response header -SetEnv env-variable valuesvdhBSets environment variables -SetEnvIf attribute +Session On|Off Off dEEnables a session for the current directory or location +SessionCookieName name attributesdEName and attributes for the RFC2109 cookie storing the session +SessionCookieName2 name attributesdEName and attributes for the RFC2965 cookie storing the session +SessionCookieRemove On|Off Off dEControl for whether session cookies should be removed from incoming HTTP headers +SessionCryptoCertificateFile filedEThe certificate used to encrypt and decrypt the session +SessionCryptoCertificateKeyFile filedEThe certificate key used to encrypt and decrypt the session +SessionCryptoCipher cipherdEThe name of the cipher to use during encryption / decryption +SessionCryptoDigest cipherdEThe name of the digest to use during encryption / decryption +SessionCryptoEngine enginedEThe name of the engine to use during encryption / decryption +SessionCryptoPassphrase secretdEThe key used to encrypt the session +SessionEnv On|Off Off dEControl whether the contents of the session are written to the +HTTP_SESSION environment variable +SessionExclude pathdEDefine URL prefixes for which a session is ignored +SessionHeader headerdEImport session updates from a given HTTP response header +SessionInclude pathdEDefine URL prefixes for which a session is valid +SessionMaxAge maxage 0 dEDefine a maximum age in seconds for a session +SetEnv env-variable valuesvdhBSets environment variables +SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request -SetEnvIfNoCase attribute regex +SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request without respect to case -SetHandler handler-name|NonesvdhCForces all matching files to be processed by a +SetHandler handler-name|NonesvdhCForces all matching files to be processed by a handler -SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST +SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST input -SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the +SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the server -SSIEnableAccess on|off off dhBEnable the -A flag during conditional flow control processing. -SSIEndTag tag "-->" svBString that ends an include element -SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI +SSIEnableAccess on|off off dhBEnable the -A flag during conditional flow control processing. +SSIEndTag tag "-->" svBString that ends an include element +SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI error -SSIStartTag tag "<!--#" svBString that starts an include element -SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are +SSIStartTag tag "<!--#" svBString that starts an include element +SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are displayed -SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed -SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed +SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Client Auth -SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Client Auth -SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for defining acceptable CA names -SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for defining acceptable CA names -SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Client Auth -SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Client Auth -SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates -SSLCertificateFile file-pathsvEServer PEM-encoded X.509 Certificate file -SSLCertificateKeyFile file-pathsvEServer PEM-encoded Private Key file -SSLCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL +SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates +SSLCertificateFile file-pathsvEServer PEM-encoded X.509 Certificate file +SSLCertificateKeyFile file-pathsvEServer PEM-encoded Private Key file +SSLCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL handshake -SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator -SSLEngine on|off|optional off svESSL Engine Operation Switch -SSLHonorCiperOrder flagsvEOption to prefer the server's cipher preference order -SSLMutex type none sESemaphore for internal mutual exclusion of +SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator +SSLEngine on|off|optional off svESSL Engine Operation Switch +SSLHonorCiperOrder flagsvEOption to prefer the server's cipher preference order +SSLMutex type none sESemaphore for internal mutual exclusion of operations -SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation -SSLOCSPEnable flagsvEEnable OCSP validation of the client certificate chain -SSLOCSPOverrideResponder flagsvEForce use of the default responder URI for OCSP validation -SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options -SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private +SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation +SSLOCSPEnable flagsvEEnable OCSP validation of the client certificate chain +SSLOCSPOverrideResponder flagsvEForce use of the default responder URI for OCSP validation +SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options +SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private keys -SSLProtocol [+|-]protocol ... all svEConfigure usable SSL protocol versions -SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLProtocol [+|-]protocol ... all svEConfigure usable SSL protocol versions +SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL +SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL proxy handshake -SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch -SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy -SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy -SSLProxyProtocol [+|-]protocol ... all svEConfigure usable SSL protocol flavors for proxy usage -SSLProxyVerify level none svdhEType of remote server Certificate verification -SSLProxyVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Remote Server +SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch +SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy +SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy +SSLProxyProtocol [+|-]protocol ... all svEConfigure usable SSL protocol flavors for proxy usage +SSLProxyVerify level none svdhEType of remote server Certificate verification +SSLProxyVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Remote Server Certificate verification -SSLRandomSeed context source -[bytes]sEPseudo Random Number Generator (PRNG) seeding +SSLRandomSeed context source +[bytes]sEPseudo Random Number Generator (PRNG) seeding source -SSLRequire expressiondhEAllow access only when an arbitrarily complex +SSLRequire expressiondhEAllow access only when an arbitrarily complex boolean expression is true -SSLRequireSSLdhEDeny access when SSL is not used for the +SSLRequireSSLdhEDeny access when SSL is not used for the HTTP request -SSLSessionCache type none sEType of the global/inter-process SSL Session +SSLSessionCache type none sEType of the global/inter-process SSL Session Cache -SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires +SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires in the Session Cache -SSLUserName varnamesdhEVariable name to determine user name -SSLVerifyClient level none svdhEType of Client Certificate verification -SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client +SSLUserName varnamesdhEVariable name to determine user name +SSLVerifyClient level none svdhEType of Client Certificate verification +SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client Certificate verification -StartServers numbersMNumber of child server processes created at startup -StartThreads numbersMNumber of threads created on startup -Substitute s/pattern/substitution/[infq]dhXPattern to filter the response content -SuexecUserGroup User GroupsvEUser and group permissions for CGI programs -ThreadLimit numbersMSets the upper limit on the configurable number of threads +StartServers numbersMNumber of child server processes created at startup +StartThreads numbersMNumber of threads created on startup +Substitute s/pattern/substitution/[infq]dhXPattern to filter the response content +SuexecUserGroup User GroupsvEUser and group permissions for CGI programs +ThreadLimit numbersMSets the upper limit on the configurable number of threads per child process -ThreadsPerChild numbersMNumber of threads created by each child process -ThreadStackSize sizesMThe size in bytes of the stack used by threads handling +ThreadsPerChild numbersMNumber of threads created by each child process +ThreadStackSize sizesMThe size in bytes of the stack used by threads handling client connections -TimeOut seconds 300 svCAmount of time the server will wait for +TimeOut seconds 300 svCAmount of time the server will wait for certain events before failing a request -TraceEnable [on|off|extended] on sCDetermines the behaviour on TRACE +TraceEnable [on|off|extended] on sCDetermines the behaviour on TRACE requests -TransferLog file|pipesvBSpecify location of a log file -TypesConfig file-path conf/mime.types sBThe location of the mime.types file -UnsetEnv env-variable [env-variable] -...svdhBRemoves variables from the environment -UseCanonicalName On|Off|DNS Off svdCConfigures how the server determines its own name and +TransferLog file|pipesvBSpecify location of a log file +TypesConfig file-path conf/mime.types sBThe location of the mime.types file +UnsetEnv env-variable [env-variable] +...svdhBRemoves variables from the environment +UseCanonicalName On|Off|DNS Off svdCConfigures how the server determines its own name and port -UseCanonicalPhysicalPort On|Off Off svdCConfigures how the server determines its own name and +UseCanonicalPhysicalPort On|Off Off svdCConfigures how the server determines its own name and port -User unix-userid #-1 sMThe userid under which the server will answer +User unix-userid #-1 sMThe userid under which the server will answer requests -UserDir directory-filename [directory-filename] ... -svBLocation of the user-specific directories -VirtualDocumentRoot interpolated-directory|none none svEDynamically configure the location of the document root +UserDir directory-filename [directory-filename] ... +svBLocation of the user-specific directories +VirtualDocumentRoot interpolated-directory|none none svEDynamically configure the location of the document root for a given virtual host -VirtualDocumentRootIP interpolated-directory|none none svEDynamically configure the location of the document root +VirtualDocumentRootIP interpolated-directory|none none svEDynamically configure the location of the document root for a given virtual host -<VirtualHost +<VirtualHost addr[:port] [addr[:port]] - ...> ... </VirtualHost>sCContains directives that apply only to a specific + ...> ... </VirtualHost>sCContains directives that apply only to a specific hostname or IP address -VirtualScriptAlias interpolated-directory|none none svEDynamically configure the location of the CGI directory for +VirtualScriptAlias interpolated-directory|none none svEDynamically configure the location of the CGI directory for a given virtual host -VirtualScriptAliasIP interpolated-directory|none none svEDynamically configure the location of the cgi directory for +VirtualScriptAliasIP interpolated-directory|none none svEDynamically configure the location of the cgi directory for a given virtual host -Win32DisableAcceptExsMUse accept() rather than AcceptEx() to accept network connections -XBitHack on|off|full off svdhBParse SSI directives in files with the execute bit +Win32DisableAcceptExsMUse accept() rather than AcceptEx() to accept network connections +XBitHack on|off|full off svdhBParse SSI directives in files with the execute bit set
    diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en index 0cfc422aa41..d4a03448861 100644 --- a/docs/manual/sitemap.html.en +++ b/docs/manual/sitemap.html.en @@ -229,6 +229,9 @@ Server on HPUX
  • Apache Module mod_proxy_ftp
  • Apache Module mod_proxy_http
  • Apache Module mod_rewrite
    • +
  • Apache Module mod_session
    • +
  • Apache Module mod_session_cookie
    • +
  • Apache Module mod_session_crypto
  • Apache Module mod_setenvif
  • Apache Module mod_so
  • Apache Module mod_speling