Following up on BZ 53530.. putting quotation marks around

arbitrary-text, complex, and/or filesystem directive arguments. More to do.. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1673582 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2015-04-14 23:35:26 +00:00
parent d0fef61ba3
commit a90c8fdafb
28 changed files with 340 additions and 317 deletions
--- a/docs/manual/howto/auth.html.en
+++ b/docs/manual/howto/auth.html.en
@@ -213,13 +213,13 @@ module from each group.</p>
    following directives, either placed in the file
    <code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
    placed in <code>httpd.conf</code> inside a &lt;Directory
-    /usr/local/apache/htdocs/secret&gt; section.</p>
+    "/usr/local/apache/htdocs/secret"&gt; section.</p>
    <pre class="prettyprint lang-config">AuthType Basic
 AuthName "Restricted Files"
 # (Following line optional)
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
 Require user rbowen</pre>
@@ -315,8 +315,8 @@ person in</a></h2>
 AuthName "By Invitation Only"
 # Optional line:
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
-AuthGroupFile /usr/local/apache/passwd/groups
+AuthGroupFile "/usr/local/apache/passwd/groups"
 Require group GroupName</pre>
@@ -375,11 +375,11 @@ Require group GroupName</pre>
    <p>To select a dbm file rather than a text file, for example:</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider dbm
-    AuthDBMUserFile /www/passwords/passwd.dbm
+    AuthDBMUserFile "/www/passwords/passwd.dbm"
    Require valid-user
 &lt;/Directory&gt;</pre>
@@ -397,11 +397,11 @@ Require group GroupName</pre>
    scheme that meets your needs. In the following example, both the
    file and LDAP based authentication providers are being used.</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider file ldap
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    AuthLDAPURL ldap://ldaphost/o=yourorg
    Require valid-user
 &lt;/Directory&gt;</pre>
@@ -420,13 +420,13 @@ Require group GroupName</pre>
    authorization methods can also be used. In this example both file group
    authorization as well as LDAP group authorization is being used.</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    AuthLDAPURL ldap://ldaphost/o=yourorg
-    AuthGroupFile /usr/local/apache/passwd/groups
+    AuthGroupFile "/usr/local/apache/passwd/groups"
    Require group GroupName
    Require ldap-group cn=mygroup,o=yourorg
 &lt;/Directory&gt;</pre>
--- a/docs/manual/howto/auth.xml
+++ b/docs/manual/howto/auth.xml
@@ -197,14 +197,14 @@ module from each group.</p>
    following directives, either placed in the file
    <code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
    placed in <code>httpd.conf</code> inside a &lt;Directory
-    /usr/local/apache/htdocs/secret&gt; section.</p>
+    "/usr/local/apache/htdocs/secret"&gt; section.</p>
    <highlight language="config">
 AuthType Basic
 AuthName "Restricted Files"
 # (Following line optional)
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
 Require user rbowen
    </highlight>
@@ -309,8 +309,8 @@ AuthType Basic
 AuthName "By Invitation Only"
 # Optional line:
 AuthBasicProvider file
-AuthUserFile /usr/local/apache/passwd/passwords
+AuthUserFile "/usr/local/apache/passwd/passwords"
-AuthGroupFile /usr/local/apache/passwd/groups
+AuthGroupFile "/usr/local/apache/passwd/groups"
 Require group GroupName
    </highlight>
@@ -370,11 +370,11 @@ Require group GroupName
    <p>To select a dbm file rather than a text file, for example:</p>
    <highlight language="config">
-&lt;Directory /www/docs/private&gt;
+&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider dbm
-    AuthDBMUserFile /www/passwords/passwd.dbm
+    AuthDBMUserFile "/www/passwords/passwd.dbm"
    Require valid-user
 &lt;/Directory&gt;
    </highlight>
@@ -393,11 +393,11 @@ Require group GroupName
    file and LDAP based authentication providers are being used.</p>
    <highlight language="config">
-&lt;Directory /www/docs/private&gt;
+&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider file ldap
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    AuthLDAPURL ldap://ldaphost/o=yourorg
    Require valid-user
 &lt;/Directory&gt;
@@ -417,13 +417,13 @@ Require group GroupName
    authorization as well as LDAP group authorization is being used.</p>
    <highlight language="config">
-&lt;Directory /www/docs/private&gt;
+&lt;Directory "/www/docs/private"&gt;
    AuthName "Private"
    AuthType Basic
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    AuthLDAPURL ldap://ldaphost/o=yourorg
-    AuthGroupFile /usr/local/apache/passwd/groups
+    AuthGroupFile "/usr/local/apache/passwd/groups"
    Require group GroupName
    Require ldap-group cn=mygroup,o=yourorg
 &lt;/Directory&gt;
--- a/docs/manual/howto/htaccess.html.en
+++ b/docs/manual/howto/htaccess.html.en
@@ -66,7 +66,7 @@ changes on a per-directory basis.</p>
      if you would rather call the file <code>.config</code> then you
      can put the following in your server configuration file:</p>
-      <pre class="prettyprint lang-config">AccessFileName .config</pre>
+      <pre class="prettyprint lang-config">AccessFileName ".config"</pre>
    </div>
@@ -188,18 +188,18 @@ changes on a per-directory basis.</p>
    <p>Note that it is completely equivalent to put a <code>.htaccess</code>
    file in a directory <code>/www/htdocs/example</code> containing a
    directive, and to put that same directive in a Directory section
-    <code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
+    <code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
    configuration:</p>
    <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
    <div class="example"><h3>Contents of .htaccess file in
-    <code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example .exm</pre>
+    <code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example ".exm"</pre>
 </div>
    <div class="example"><h3>Section from your <code>httpd.conf</code>
-    file</h3><pre class="prettyprint lang-config">&lt;Directory /www/htdocs/example&gt;
+    file</h3><pre class="prettyprint lang-config">&lt;Directory "/www/htdocs/example"&gt;
-    AddType text/example .exm
+    AddType text/example ".exm"
 &lt;/Directory&gt;</pre>
 </div>
@@ -265,11 +265,11 @@ changes on a per-directory basis.</p>
    prevent script execution while allowing anything else to be set in
    <code>.htaccess</code> you can use:</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/htdocs&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/htdocs"&gt;
    AllowOverride All
 &lt;/Directory&gt;
-&lt;Location /&gt;
+&lt;Location "/"&gt;
    Options +IncludesNoExec -ExecCGI<br />
 &lt;/Location&gt;</pre>
@@ -300,8 +300,8 @@ changes on a per-directory basis.</p>
    <pre class="prettyprint lang-config">AuthType Basic
 AuthName "Password Required"
-AuthUserFile /www/passwords/password.file
+AuthUserFile "/www/passwords/password.file"
-AuthGroupFile /www/passwords/group.file
+AuthGroupFile "/www/passwords/group.file"
 Require group admins</pre>
@@ -320,7 +320,7 @@ Require group admins</pre>
    <code>.htaccess</code> file in the desired directory:</p>
    <pre class="prettyprint lang-config">Options +Includes
-AddType text/html shtml
+AddType text/html "shtml"
 AddHandler server-parsed shtml</pre>
@@ -340,13 +340,13 @@ the current directory, rather than being the original requested URI.
 Consider the following examples:</p>
 <pre class="prettyprint lang-config"># In httpd.conf
-RewriteRule ^/images/(.+)\.jpg /images/$1.png
+RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
 # In .htaccess in root dir
-RewriteRule ^images/(.+)\.jpg images/$1.png
+RewriteRule "^images/(.+)\.jpg" "images/$1.png"
 # In .htaccess in images/
-RewriteRule ^(.+)\.jpg $1.png</pre>
+RewriteRule "^(.+)\.jpg" "$1.png"</pre>
 <p>In a <code>.htaccess</code> in your document directory, the leading
@@ -367,7 +367,7 @@ further details on using <code>mod_rewrite</code>.</p>
    implemented with the following configuration:</p>
    <pre class="prettyprint lang-config">Options +ExecCGI
-AddHandler cgi-script cgi pl</pre>
+AddHandler cgi-script "cgi" "pl"</pre>
    <p>Alternately, if you wish to have all files in the given directory be
--- a/docs/manual/howto/htaccess.xml
+++ b/docs/manual/howto/htaccess.xml
@@ -77,7 +77,9 @@ changes on a per-directory basis.</p>
      if you would rather call the file <code>.config</code> then you
      can put the following in your server configuration file:</p>
-      <highlight language="config">AccessFileName .config</highlight>
+      <highlight language="config">
 AccessFileName ".config"
      </highlight>
    </note>
    <p>In general, <code>.htaccess</code> files use the same syntax as
@@ -209,21 +211,23 @@ changes on a per-directory basis.</p>
    <p>Note that it is completely equivalent to put a <code>.htaccess</code>
    file in a directory <code>/www/htdocs/example</code> containing a
    directive, and to put that same directive in a Directory section
-    <code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
+    <code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
    configuration:</p>
    <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
    <example><title>Contents of .htaccess file in
    <code>/www/htdocs/example</code></title>
-    <highlight language="config">AddType text/example .exm</highlight>
+    <highlight language="config">
 AddType text/example ".exm"
    </highlight>
    </example>
    <example><title>Section from your <code>httpd.conf</code>
    file</title>
    <highlight language="config">
-&lt;Directory /www/htdocs/example&gt;
+&lt;Directory "/www/htdocs/example"&gt;
-    AddType text/example .exm
+    AddType text/example ".exm"
 &lt;/Directory&gt;
    </highlight>
    </example>
@@ -237,7 +241,9 @@ changes on a per-directory basis.</p>
    by setting the <directive module="core">AllowOverride</directive>
    directive to <code>none</code>:</p>
-    <highlight language="config">AllowOverride None</highlight>
+    <highlight language="config">
 AllowOverride None
    </highlight>
 </section>
 <section id="how"><title>How directives are applied</title>
@@ -258,7 +264,9 @@ changes on a per-directory basis.</p>
    <p>In the directory <code>/www/htdocs/example1</code> we have a
    <code>.htaccess</code> file containing the following:</p>
-    <highlight language="config">Options +ExecCGI</highlight>
+    <highlight language="config">
 Options +ExecCGI
    </highlight>
    <p>(Note: you must have "<code>AllowOverride Options</code>" in effect
    to permit the use of the "<directive
@@ -268,7 +276,9 @@ changes on a per-directory basis.</p>
    <p>In the directory <code>/www/htdocs/example1/example2</code> we have
    a <code>.htaccess</code> file containing:</p>
-    <highlight language="config">Options Includes</highlight>
+    <highlight language="config">
 Options Includes
    </highlight>
    <p>Because of this second <code>.htaccess</code> file, in the directory
    <code>/www/htdocs/example1/example2</code>, CGI execution is not
@@ -292,11 +302,11 @@ changes on a per-directory basis.</p>
    <code>.htaccess</code> you can use:</p>
    <highlight language="config">
-&lt;Directory /www/htdocs&gt;
+&lt;Directory "/www/htdocs"&gt;
    AllowOverride All
 &lt;/Directory&gt;
-&lt;Location /&gt;
+&lt;Location "/"&gt;
    Options +IncludesNoExec -ExecCGI<br />
 &lt;/Location&gt;
    </highlight>
@@ -330,8 +340,8 @@ changes on a per-directory basis.</p>
    <highlight language="config">
 AuthType Basic
 AuthName "Password Required"
-AuthUserFile /www/passwords/password.file
+AuthUserFile "/www/passwords/password.file"
-AuthGroupFile /www/passwords/group.file
+AuthGroupFile "/www/passwords/group.file"
 Require group admins
    </highlight>
@@ -351,7 +361,7 @@ Require group admins
    <highlight language="config">
 Options +Includes
-AddType text/html shtml
+AddType text/html "shtml"
 AddHandler server-parsed shtml
    </highlight>
@@ -372,13 +382,13 @@ Consider the following examples:</p>
 <highlight language="config">
 # In httpd.conf
-RewriteRule ^/images/(.+)\.jpg /images/$1.png
+RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
 # In .htaccess in root dir
-RewriteRule ^images/(.+)\.jpg images/$1.png
+RewriteRule "^images/(.+)\.jpg" "images/$1.png"
 # In .htaccess in images/
-RewriteRule ^(.+)\.jpg $1.png
+RewriteRule "^(.+)\.jpg" "$1.png"
 </highlight>
 <p>In a <code>.htaccess</code> in your document directory, the leading
@@ -401,7 +411,7 @@ further details on using <code>mod_rewrite</code>.</p>
    <highlight language="config">
 Options +ExecCGI
-AddHandler cgi-script cgi pl
+AddHandler cgi-script "cgi" "pl"
    </highlight>
    <p>Alternately, if you wish to have all files in the given directory be
--- a/docs/manual/mod/mod_auth_basic.html.en
+++ b/docs/manual/mod/mod_auth_basic.html.en
@@ -111,7 +111,7 @@ username and password</td></tr>
    <p>In this example, we pass a fixed username and password to a
    backend server.</p>
-    <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location /demo&gt;
+    <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location "/demo"&gt;
    AuthBasicFake demo demopass
 &lt;/Location&gt;</pre>
 </div>
@@ -122,8 +122,8 @@ username and password</td></tr>
    directive. Like the FakeBasicAuth option, the password is set to the
    fixed string "password".</p>
-    <div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
+    <div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email}
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
 &lt;/Location&gt;</pre>
 </div>
@@ -132,12 +132,12 @@ username and password</td></tr>
    backend server. This can be used to gate into legacy systems that do
    not support client certificates.</p>
-    <div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
+    <div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
 &lt;/Location&gt;</pre>
 </div>
-    <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location /public&gt;
+    <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location "/public"&gt;
    AuthBasicFake off
 &lt;/Location&gt;</pre>
 </div>
@@ -161,12 +161,12 @@ username and password</td></tr>
    The default <code>file</code> provider is implemented
    by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module.  Make sure
    that the chosen provider module is present in the server.</p>
-    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
+    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
    AuthType basic
    AuthName "private area"
    AuthBasicProvider  dbm
    AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
 &lt;/Location&gt;</pre>
 </div>
--- a/docs/manual/mod/mod_auth_basic.xml
+++ b/docs/manual/mod/mod_auth_basic.xml
@@ -60,12 +60,12 @@
    that the chosen provider module is present in the server.</p>
    <example><title>Example</title>
    <highlight language="config">
-&lt;Location /secure&gt;
+&lt;Location "/secure"&gt;
    AuthType basic
    AuthName "private area"
    AuthBasicProvider  dbm
    AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
 &lt;/Location&gt;
    </highlight>
@@ -136,7 +136,7 @@ username and password</description>
    <example><title>Fixed Example</title>
    <highlight language="config">
-&lt;Location /demo&gt;
+&lt;Location "/demo"&gt;
    AuthBasicFake demo demopass
 &lt;/Location&gt;
    </highlight>
@@ -150,8 +150,8 @@ username and password</description>
    <example><title>Certificate Example</title>
    <highlight language="config">
-&lt;Location /secure&gt;
+&lt;Location "/secure"&gt;
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email}
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
 &lt;/Location&gt;
    </highlight>
    </example>
@@ -163,15 +163,15 @@ username and password</description>
    <example><title>Password Example</title>
    <highlight language="config">
-&lt;Location /secure&gt;
+&lt;Location "/secure"&gt;
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
+    AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
 &lt;/Location&gt;
    </highlight>
    </example>
    <example><title>Exclusion Example</title>
    <highlight language="config">
-&lt;Location /public&gt;
+&lt;Location "/public"&gt;
    AuthBasicFake off
 &lt;/Location&gt;
    </highlight>
--- a/docs/manual/mod/mod_auth_digest.html.en
+++ b/docs/manual/mod/mod_auth_digest.html.en
@@ -83,13 +83,13 @@
    <p>Appropriate user (text) files can be created using the
    <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
-    <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location /private/&gt;
+    <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;
    AuthType Digest
    AuthName "private area"
-    AuthDigestDomain /private/ http://mirror.my.dom/private2/
+    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
    AuthDigestProvider file
-    AuthUserFile /web/auth/.digest_pw
+    AuthUserFile "/web/auth/.digest_pw"
    Require valid-user
 &lt;/Location&gt;</pre>
 </div>
--- a/docs/manual/mod/mod_auth_digest.xml
+++ b/docs/manual/mod/mod_auth_digest.xml
@@ -64,13 +64,13 @@
    <example><title>Example:</title>
    <highlight language="config">
-&lt;Location /private/&gt;
+&lt;Location "/private/"&gt;
    AuthType Digest
    AuthName "private area"
-    AuthDigestDomain /private/ http://mirror.my.dom/private2/
+    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
    AuthDigestProvider file
-    AuthUserFile /web/auth/.digest_pw
+    AuthUserFile "/web/auth/.digest_pw"
    Require valid-user
 &lt;/Location&gt;
      </highlight>
--- a/docs/manual/mod/mod_auth_form.html.en
+++ b/docs/manual/mod/mod_auth_form.html.en
@@ -108,10 +108,10 @@
      the user will be redirected to the form login page.</p>
      <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret</pre>
@@ -159,12 +159,12 @@ SessionCryptoPassphrase secret</pre>
      The action of the form should point at this handler, which is configured within
      Apache httpd as follows:</p>
-      <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location /dologin.html&gt;
+      <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location "/dologin.html"&gt;
    SetHandler form-login-handler
-    AuthFormLoginRequiredLocation http://example.com/login.html
+    AuthFormLoginRequiredLocation "http://example.com/login.html"
-    AuthFormLoginSuccessLocation http://example.com/success.html
+    AuthFormLoginSuccessLocation "http://example.com/success.html"
    AuthFormProvider file
-    AuthUserFile conf/passwd
+    AuthUserFile "conf/passwd"
    AuthType form
    AuthName realm
    Session On
@@ -221,11 +221,11 @@ SessionCryptoPassphrase secret</pre>
      containing the login form, as follows:</p>
      <div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file
-ErrorDocument 401 /login.shtml
+ErrorDocument 401 "/login.shtml"
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret</pre>
@@ -291,7 +291,7 @@ SessionCryptoPassphrase secret</pre>
      technology.</p>
      <div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config">        AuthFormProvider file
-        ErrorDocument 401 /cgi-bin/login.cgi
+        ErrorDocument 401 "/cgi-bin/login.cgi"
        ...</pre>
 </div>
@@ -312,7 +312,7 @@ SessionCryptoPassphrase secret</pre>
      <div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
 AuthName realm
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret</pre>
@@ -327,7 +327,7 @@ SessionCryptoPassphrase secret</pre>
      </p>
      <div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionMaxAge 1
 SessionCookieName session path=/
@@ -515,7 +515,7 @@ parser has been added in 2.4.4.</td></tr>
    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /logout&gt;
    SetHandler form-logout-handler
-    AuthFormLogoutLocation http://example.com/loggedout.html
+    AuthFormLogoutLocation "http://example.com/loggedout.html"
    Session on
    #...
 &lt;/Location&gt;</pre>
@@ -613,7 +613,7 @@ parser has been added in 2.4.4.</td></tr>
    AuthName "private area"
    AuthFormProvider  dbm
    AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
    #...
 &lt;/Location&gt;</pre>
--- a/docs/manual/mod/mod_auth_form.xml
+++ b/docs/manual/mod/mod_auth_form.xml
@@ -76,10 +76,10 @@
      <example><title>Basic example</title>
      <highlight language="config">
 AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -133,12 +133,12 @@ SessionCryptoPassphrase secret
      <example><title>Form login handler example</title>
      <highlight language="config">
-&lt;Location /dologin.html&gt;
+&lt;Location "/dologin.html"&gt;
    SetHandler form-login-handler
-    AuthFormLoginRequiredLocation http://example.com/login.html
+    AuthFormLoginRequiredLocation "http://example.com/login.html"
-    AuthFormLoginSuccessLocation http://example.com/success.html
+    AuthFormLoginSuccessLocation "http://example.com/success.html"
    AuthFormProvider file
-    AuthUserFile conf/passwd
+    AuthUserFile "conf/passwd"
    AuthType form
    AuthName realm
    Session On
@@ -201,11 +201,11 @@ SessionCryptoPassphrase secret
      <example><title>Basic inline example</title>
      <highlight language="config">
 AuthFormProvider file
-ErrorDocument 401 /login.shtml
+ErrorDocument 401 "/login.shtml"
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
 AuthName realm
-AuthFormLoginRequiredLocation http://example.com/login.html
+AuthFormLoginRequiredLocation "http://example.com/login.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -280,7 +280,7 @@ SessionCryptoPassphrase secret
      <example><title>CGI example</title>
      <highlight language="config">
        AuthFormProvider file
-        ErrorDocument 401 /cgi-bin/login.cgi
+        ErrorDocument 401 "/cgi-bin/login.cgi"
        ...
        </highlight>
      </example>
@@ -304,7 +304,7 @@ SessionCryptoPassphrase secret
      <highlight language="config">
 SetHandler form-logout-handler
 AuthName realm
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionCookieName session path=/
 SessionCryptoPassphrase secret
@@ -322,7 +322,7 @@ SessionCryptoPassphrase secret
      <example><title>Basic session expiry example</title>
      <highlight language="config">
 SetHandler form-logout-handler
-AuthFormLogoutLocation http://example.com/loggedout.html
+AuthFormLogoutLocation "http://example.com/loggedout.html"
 Session On
 SessionMaxAge 1
 SessionCookieName session path=/
@@ -363,7 +363,7 @@ SessionCryptoPassphrase secret
    AuthName "private area"
    AuthFormProvider  dbm
    AuthDBMType        SDBM
-    AuthDBMUserFile    /www/etc/dbmpasswd
+    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
    #...
 &lt;/Location&gt;
@@ -636,7 +636,7 @@ parser has been added in 2.4.4.</compatibility>
    <highlight language="config">
 &lt;Location /logout&gt;
    SetHandler form-logout-handler
-    AuthFormLogoutLocation http://example.com/loggedout.html
+    AuthFormLogoutLocation "http://example.com/loggedout.html"
    Session on
    #...
 &lt;/Location&gt;
--- a/docs/manual/mod/mod_authn_anon.html.en
+++ b/docs/manual/mod/mod_authn_anon.html.en
@@ -93,11 +93,11 @@
      (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
    </ul>
-    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory /var/www/html/private&gt;
+    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory "/var/www/html/private"&gt;
    AuthName "Use 'anonymous' &amp; Email address for guest entry"
    AuthType Basic
    AuthBasicProvider file anon
-    AuthUserFile /path/to/your/.htpasswd
+    AuthUserFile "/path/to/your/.htpasswd"
    Anonymous_NoUserID off
    Anonymous_MustGiveEmail on
--- a/docs/manual/mod/mod_authn_anon.xml
+++ b/docs/manual/mod/mod_authn_anon.xml
@@ -81,11 +81,11 @@
    <example><title>Example</title>
    <highlight language="config">
-&lt;Directory /var/www/html/private&gt;
+&lt;Directory "/var/www/html/private"&gt;
    AuthName "Use 'anonymous' &amp; Email address for guest entry"
    AuthType Basic
    AuthBasicProvider file anon
-    AuthUserFile /path/to/your/.htpasswd
+    AuthUserFile "/path/to/your/.htpasswd"
    Anonymous_NoUserID off
    Anonymous_MustGiveEmail on
--- a/docs/manual/mod/mod_authn_core.html.en
+++ b/docs/manual/mod/mod_authn_core.html.en
@@ -70,15 +70,15 @@
        <div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config"># Check here first
 &lt;AuthnProviderAlias file file1&gt;
-    AuthUserFile /www/conf/passwords1
+    AuthUserFile "/www/conf/passwords1"
 &lt;/AuthnProviderAlias&gt;
 # Then check here
 &lt;AuthnProviderAlias file file2&gt;   
-    AuthUserFile /www/conf/passwords2
+    AuthUserFile "/www/conf/passwords2"
 &lt;/AuthnProviderAlias&gt;
-&lt;Directory /var/web/pages/secure&gt;
+&lt;Directory "/var/web/pages/secure"&gt;
    AuthBasicProvider file1 file2
    AuthType Basic
@@ -93,18 +93,18 @@
        hosts:</p>
        <div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config">&lt;AuthnProviderAlias ldap ldap-alias1&gt;
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
    AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 &lt;/AuthnProviderAlias&gt;
 &lt;AuthnProviderAlias ldap ldap-other-alias&gt;
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
    AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 &lt;/AuthnProviderAlias&gt;
-Alias /secure /webpages/secure
+Alias "/secure" "/webpages/secure"
-&lt;Directory /webpages/secure&gt;
+&lt;Directory "/webpages/secure"&gt;
    Order deny,allow
    Allow from all
@@ -220,15 +220,15 @@ the specified alias</td></tr>
    in the following example, clients may access the
    <code>/www/docs/public</code> directory without authenticating:</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
    AuthType Basic
    AuthName Documents
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    Require valid-user
 &lt;/Directory&gt;
-&lt;Directory /www/docs/public&gt;
+&lt;Directory "/www/docs/public"&gt;
    AuthType None
    Require all granted
 &lt;/Directory&gt;</pre>
--- a/docs/manual/mod/mod_authn_core.xml
+++ b/docs/manual/mod/mod_authn_core.xml
@@ -57,15 +57,15 @@
        <highlight language="config">
 # Check here first
 &lt;AuthnProviderAlias file file1&gt;
-    AuthUserFile /www/conf/passwords1
+    AuthUserFile "/www/conf/passwords1"
 &lt;/AuthnProviderAlias&gt;
 # Then check here
 &lt;AuthnProviderAlias file file2&gt;   
-    AuthUserFile /www/conf/passwords2
+    AuthUserFile "/www/conf/passwords2"
 &lt;/AuthnProviderAlias&gt;
-&lt;Directory /var/web/pages/secure&gt;
+&lt;Directory "/var/web/pages/secure"&gt;
    AuthBasicProvider file1 file2
    AuthType Basic
@@ -83,18 +83,18 @@
        <example><title>Checking multiple LDAP servers</title>
        <highlight language="config">
 &lt;AuthnProviderAlias ldap ldap-alias1&gt;
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
    AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 &lt;/AuthnProviderAlias&gt;
 &lt;AuthnProviderAlias ldap ldap-other-alias&gt;
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
    AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 &lt;/AuthnProviderAlias&gt;
-Alias /secure /webpages/secure
+Alias "/secure" "/webpages/secure"
-&lt;Directory /webpages/secure&gt;
+&lt;Directory "/webpages/secure"&gt;
    Order deny,allow
    Allow from all
@@ -194,15 +194,15 @@ authentication</description>
    <code>/www/docs/public</code> directory without authenticating:</p>
    <highlight language="config">
-&lt;Directory /www/docs&gt;
+&lt;Directory "/www/docs"&gt;
    AuthType Basic
    AuthName Documents
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    Require valid-user
 &lt;/Directory&gt;
-&lt;Directory /www/docs/public&gt;
+&lt;Directory "/www/docs/public"&gt;
    AuthType None
    Require all granted
 &lt;/Directory&gt;
--- a/docs/manual/mod/mod_authnz_ldap.html.en
+++ b/docs/manual/mod/mod_authnz_ldap.html.en
@@ -482,7 +482,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
    <p>The following directive would grant access to anyone with
    the attribute employeeType = active</p>
-    <pre class="prettyprint lang-config">Require ldap-attribute employeeType=active</pre>
+    <pre class="prettyprint lang-config">Require ldap-attribute "employeeType=active"</pre>
    <p>Multiple attribute/value pairs can be specified on the same line
@@ -496,7 +496,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
    <p>The following directive would grant access to anyone with
    the city attribute equal to "San Jose" or status equal to "Active"</p>
-    <pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" status=active</pre>
+    <pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" "status=active"</pre>
@@ -511,7 +511,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
    <p>The following directive would grant access to anyone having a cell phone
    and is in the marketing department</p>
-    <pre class="prettyprint lang-config">Require ldap-filter &amp;(cell=*)(department=marketing)</pre>
+    <pre class="prettyprint lang-config">Require ldap-filter "&amp;(cell=*)(department=marketing)"</pre>
    <p>The difference between the <code>Require ldap-filter</code> directive and the
@@ -526,8 +526,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
    must be taken to ensure that LDAP filters are escaped correctly to guard against
    LDAP injection. The ldap function can be used for this purpose.</p>
-<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
+<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
-  Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
+  Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
 &lt;/LocationMatch&gt;</pre>
@@ -543,8 +543,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
    <p>The following directive would grant access to URLs that match the given objects in the
    LDAP server:</p>
-<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
+<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
-Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
+Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
 &lt;/LocationMatch&gt;</pre>
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -364,7 +364,9 @@ Require ldap-user "Joe Manager"
    <p>If the <code>uid</code> attribute was used instead of the
    <code>cn</code> attribute in the URL above, the above three lines
    could be condensed to</p>
-<highlight language="config">Require ldap-user bjenson fuser jmanager</highlight>
+<highlight language="config">
 Require ldap-user bjenson fuser jmanager
 </highlight>
 </section>
 <section id="reqgroup"><title>Require ldap-group</title>
@@ -383,7 +385,9 @@ uniqueMember: cn=Fred User, o=Example
    <p>The following directive would grant access to both Fred and
    Barbara:</p>
-<highlight language="config">Require ldap-group cn=Administrators, o=Example</highlight>
+<highlight language="config">
 Require ldap-group cn=Administrators, o=Example
 </highlight>
    <p>Members can also be found within sub-groups of a specified LDAP group
    if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>
@@ -448,7 +452,9 @@ AuthLDAPMaxSubGroupDepth 1
    <p>The following directive would grant access to a specific
    DN:</p>
-<highlight language="config">Require ldap-dn cn=Barbara Jenson, o=Example</highlight>
+<highlight language="config">
 Require ldap-dn cn=Barbara Jenson, o=Example
 </highlight>
    <p>Behavior of this directive is modified by the <directive
    module="mod_authnz_ldap">AuthLDAPCompareDNOnServer</directive>
@@ -465,7 +471,9 @@ AuthLDAPMaxSubGroupDepth 1
    <p>The following directive would grant access to anyone with
    the attribute employeeType = active</p>
-    <highlight language="config">Require ldap-attribute employeeType=active</highlight>
+    <highlight language="config">
 Require ldap-attribute "employeeType=active"
 </highlight>
    <p>Multiple attribute/value pairs can be specified on the same line
    separated by spaces or they can be specified in multiple
@@ -478,7 +486,9 @@ AuthLDAPMaxSubGroupDepth 1
    <p>The following directive would grant access to anyone with
    the city attribute equal to "San Jose" or status equal to "Active"</p>
-    <highlight language="config">Require ldap-attribute city="San Jose" status=active</highlight>
+    <highlight language="config">
 Require ldap-attribute city="San Jose" "status=active"
 </highlight>
 </section>
@@ -492,7 +502,9 @@ AuthLDAPMaxSubGroupDepth 1
    <p>The following directive would grant access to anyone having a cell phone
    and is in the marketing department</p>
-    <highlight language="config">Require ldap-filter &amp;(cell=*)(department=marketing)</highlight>
+    <highlight language="config">
 Require ldap-filter "&amp;(cell=*)(department=marketing)"
 </highlight>
    <p>The difference between the <code>Require ldap-filter</code> directive and the
    <code>Require ldap-attribute</code> directive is that <code>ldap-filter</code>
@@ -507,8 +519,8 @@ AuthLDAPMaxSubGroupDepth 1
    LDAP injection. The ldap function can be used for this purpose.</p>
 <highlight language="config">
-&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
+&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
-  Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
+  Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
 &lt;/LocationMatch&gt;
 </highlight>
@@ -525,8 +537,8 @@ AuthLDAPMaxSubGroupDepth 1
    LDAP server:</p>
 <highlight language="config">
-&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
+&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
-Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
+Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
 &lt;/LocationMatch&gt;
 </highlight>
--- a/docs/manual/mod/mod_authz_core.html.en
+++ b/docs/manual/mod/mod_authz_core.html.en
@@ -83,13 +83,13 @@
    not belong to either the <code>temps</code> group or the
    LDAP group <code>Temporary Employees</code>.</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/mydocs&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/mydocs"&gt;
    &lt;RequireAll&gt;
        &lt;RequireAny&gt;
            Require user superadmin
            &lt;RequireAll&gt;
                Require group admins
-                Require ldap-group cn=Administrators,o=Airius
+                Require ldap-group "cn=Administrators,o=Airius"
                &lt;RequireAny&gt;
                    Require group sales
                    Require ldap-attribute dept="sales"
@@ -98,7 +98,7 @@
        &lt;/RequireAny&gt;
        &lt;RequireNone&gt;
            Require group temps
-            Require ldap-group cn=Temporary Employees,o=Airius
+            Require ldap-group "cn=Temporary Employees,o=Airius"
        &lt;/RequireNone&gt;
    &lt;/RequireAll&gt;
 &lt;/Directory&gt;</pre>
@@ -125,8 +125,8 @@
    <code>User-Agent</code> (browser type), <code>Referer</code>, or
    other HTTP request header fields.</p>
-    <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+    <pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
-&lt;Directory /docroot&gt;
+&lt;Directory "/docroot"&gt;
    Require env let_me_in
 &lt;/Directory&gt;</pre>
@@ -235,20 +235,20 @@
        multiple ldap hosts:
        </p>
-        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
+        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
    AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 &lt;/AuthzProviderAlias&gt;
-&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
+&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
    AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 &lt;/AuthzProviderAlias&gt;
-Alias /secure /webpages/secure
+Alias "/secure" "/webpages/secure"
-&lt;Directory /webpages/secure&gt;
+&lt;Directory "/webpages/secure"&gt;
    Require all granted
    AuthBasicProvider file
@@ -312,20 +312,20 @@ sections.</td></tr>
    preceding sections.  Thus only users belong to the group
    <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
    AuthType Basic
    AuthName Documents
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    Require group alpha
 &lt;/Directory&gt;
-&lt;Directory /www/docs/ab&gt;
+&lt;Directory "/www/docs/ab"&gt;
    AuthMerging Or
    Require group beta
 &lt;/Directory&gt;
-&lt;Directory /www/docs/ab/gamma&gt;
+&lt;Directory "/www/docs/ab/gamma"&gt;
    Require group gamma
 &lt;/Directory&gt;</pre>
@@ -454,8 +454,8 @@ an authorization provider.</td></tr>
    <pre class="prettyprint lang-config">AuthType Basic
 AuthName "Restricted Resource"
 AuthBasicProvider file
-AuthUserFile /web/users
+AuthUserFile "/web/users"
-AuthGroupFile /web/groups
+AuthGroupFile "/web/groups"
 Require group admin</pre>
@@ -479,7 +479,7 @@ Require group admin</pre>
    and <code>beta</code> groups are authorized, except for those who
    are also in the <code>reject</code> group.</p>
-    <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
+    <pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
    &lt;RequireAll&gt;
        Require group alpha beta
        Require not group reject
--- a/docs/manual/mod/mod_authz_core.xml
+++ b/docs/manual/mod/mod_authz_core.xml
@@ -63,13 +63,13 @@
    LDAP group <code>Temporary Employees</code>.</p>
    <highlight language="config">
-&lt;Directory /www/mydocs&gt;
+&lt;Directory "/www/mydocs"&gt;
    &lt;RequireAll&gt;
        &lt;RequireAny&gt;
            Require user superadmin
            &lt;RequireAll&gt;
                Require group admins
-                Require ldap-group cn=Administrators,o=Airius
+                Require ldap-group "cn=Administrators,o=Airius"
                &lt;RequireAny&gt;
                    Require group sales
                    Require ldap-attribute dept="sales"
@@ -78,7 +78,7 @@
        &lt;/RequireAny&gt;
        &lt;RequireNone&gt;
            Require group temps
-            Require ldap-group cn=Temporary Employees,o=Airius
+            Require ldap-group "cn=Temporary Employees,o=Airius"
        &lt;/RequireNone&gt;
    &lt;/RequireAll&gt;
 &lt;/Directory&gt;
@@ -107,8 +107,8 @@
    other HTTP request header fields.</p>
    <highlight language="config">
-SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
-&lt;Directory /docroot&gt;
+&lt;Directory "/docroot"&gt;
    Require env let_me_in
 &lt;/Directory&gt;
    </highlight>
@@ -227,20 +227,20 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
        </p>
        <highlight language="config">
-&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
+&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
-    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindDN "cn=youruser,o=ctx"
    AuthLDAPBindPassword yourpassword
-    AuthLDAPURL ldap://ldap.host/o=ctx
+    AuthLDAPURL "ldap://ldap.host/o=ctx"
 &lt;/AuthzProviderAlias&gt;
-&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
+&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
-    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindDN "cn=yourotheruser,o=dev"
    AuthLDAPBindPassword yourotherpassword
-    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+    AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
 &lt;/AuthzProviderAlias&gt;
-Alias /secure /webpages/secure
+Alias "/secure" "/webpages/secure"
-&lt;Directory /webpages/secure&gt;
+&lt;Directory "/webpages/secure"&gt;
    Require all granted
    AuthBasicProvider file
@@ -337,8 +337,8 @@ an authorization provider.</description>
 AuthType Basic
 AuthName "Restricted Resource"
 AuthBasicProvider file
-AuthUserFile /web/users
+AuthUserFile "/web/users"
-AuthGroupFile /web/groups
+AuthGroupFile "/web/groups"
 Require group admin
    </highlight>
@@ -363,7 +363,7 @@ Require group admin
    are also in the <code>reject</code> group.</p>
    <highlight language="config">
-&lt;Directory /www/docs&gt;
+&lt;Directory "/www/docs"&gt;
    &lt;RequireAll&gt;
        Require group alpha beta
        Require not group reject
@@ -561,20 +561,20 @@ sections.</description>
    <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</note>
    <highlight language="config">
-&lt;Directory /www/docs&gt;
+&lt;Directory "/www/docs"&gt;
    AuthType Basic
    AuthName Documents
    AuthBasicProvider file
-    AuthUserFile /usr/local/apache/passwd/passwords
+    AuthUserFile "/usr/local/apache/passwd/passwords"
    Require group alpha
 &lt;/Directory&gt;
-&lt;Directory /www/docs/ab&gt;
+&lt;Directory "/www/docs/ab"&gt;
    AuthMerging Or
    Require group beta
 &lt;/Directory&gt;
-&lt;Directory /www/docs/ab/gamma&gt;
+&lt;Directory "/www/docs/ab/gamma"&gt;
    Require group gamma
 &lt;/Directory&gt;
    </highlight>
--- a/docs/manual/mod/mod_authz_dbm.html.en
+++ b/docs/manual/mod/mod_authz_dbm.html.en
@@ -95,8 +95,8 @@ instead of <code>group</code>:</em>
  AuthType Basic
  AuthName "Secure Area"
  AuthBasicProvider dbm
-  AuthDBMUserFile site/data/users 
+  AuthDBMUserFile "site/data/users"
-  AuthDBMGroupFile site/data/users 
+  AuthDBMGroupFile "site/data/users"
  Require dbm-group admin
 &lt;/Directory&gt;</pre>
@@ -139,8 +139,8 @@ of user groups for authorization</td></tr>
    accomplished by first setting the group and password files to
    point to the same DBM:</p>
-    <pre class="prettyprint lang-config">AuthDBMGroupFile /www/userbase
+    <pre class="prettyprint lang-config">AuthDBMGroupFile "/www/userbase"
-AuthDBMUserFile /www/userbase</pre>
+AuthDBMUserFile "/www/userbase"</pre>
    <p>The key for the single DBM is the username. The value consists
--- a/docs/manual/mod/mod_authz_dbm.xml
+++ b/docs/manual/mod/mod_authz_dbm.xml
@@ -81,8 +81,8 @@ instead of <code>group</code>:</em>
  AuthType Basic
  AuthName "Secure Area"
  AuthBasicProvider dbm
-  AuthDBMUserFile site/data/users 
+  AuthDBMUserFile "site/data/users"
-  AuthDBMGroupFile site/data/users 
+  AuthDBMGroupFile "site/data/users"
  Require dbm-group admin
 &lt;/Directory&gt;
 </highlight>
@@ -126,8 +126,8 @@ of user groups for authorization</description>
    point to the same DBM:</p>
    <highlight language="config">
-AuthDBMGroupFile /www/userbase
+AuthDBMGroupFile "/www/userbase"
-AuthDBMUserFile /www/userbase
+AuthDBMUserFile "/www/userbase"
    </highlight>
    <p>The key for the single DBM is the username. The value consists
--- a/docs/manual/mod/mod_authz_owner.html.en
+++ b/docs/manual/mod/mod_authz_owner.html.en
@@ -96,11 +96,11 @@
      files in <code>/home/smith/public_html/private</code> unless they
      were owned by <code>jones</code> instead of <code>smith</code>.</p>
-      <pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/private&gt;
+      <pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/private"&gt;
    AuthType Basic
-    AuthName MyPrivateFiles
+    AuthName "MyPrivateFiles"
    AuthBasicProvider dbm
-    AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
    Require file-owner
 &lt;/Directory&gt;</pre>
@@ -118,14 +118,14 @@
      authorized to access the <code>project-foo</code> directories of
      each other.</p>
-      <pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/project-foo&gt;
+      <pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/project-foo"&gt;
    AuthType Basic
    AuthName "Project Foo Files"
    AuthBasicProvider dbm
    # combined user/group database
-    AuthDBMUserFile  /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile  "/usr/local/apache2/etc/.htdbm-all"
-    AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
    Satisfy All
    Require file-group
--- a/docs/manual/mod/mod_authz_owner.xml
+++ b/docs/manual/mod/mod_authz_owner.xml
@@ -85,11 +85,11 @@
      were owned by <code>jones</code> instead of <code>smith</code>.</p>
      <highlight language="config">
-&lt;Directory /home/*/public_html/private&gt;
+&lt;Directory "/home/*/public_html/private"&gt;
    AuthType Basic
-    AuthName MyPrivateFiles
+    AuthName "MyPrivateFiles"
    AuthBasicProvider dbm
-    AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
    Require file-owner
 &lt;/Directory&gt;
      </highlight>
@@ -109,14 +109,14 @@
      each other.</p>
      <highlight language="config">
-&lt;Directory /home/*/public_html/project-foo&gt;
+&lt;Directory "/home/*/public_html/project-foo"&gt;
    AuthType Basic
    AuthName "Project Foo Files"
    AuthBasicProvider dbm
    # combined user/group database
-    AuthDBMUserFile  /usr/local/apache2/etc/.htdbm-all
+    AuthDBMUserFile  "/usr/local/apache2/etc/.htdbm-all"
-    AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
+    AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
    Satisfy All
    Require file-group
--- a/docs/manual/mod/mod_dav.html.en
+++ b/docs/manual/mod/mod_dav.html.en
@@ -78,7 +78,7 @@
    file using the <code class="directive"><a href="../mod/mod_dav_fs.html#davlockdb">DavLockDB</a></code>
    directive:</p>
-    <pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock</pre>
+    <pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"</pre>
    <p>The directory containing the lock database file must be
@@ -93,15 +93,15 @@
    directive. The "normal" <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> directive has no effect on DAV
    requests.</p>
-    <div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock
+    <div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"
-&lt;Directory /usr/local/apache2/htdocs/foo&gt;
+&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
    Require all granted
    Dav On
    AuthType Basic
-    AuthName DAV
+    AuthName "DAV"
-    AuthUserFile user.passwd
+    AuthUserFile "user.passwd"
    &lt;LimitExcept GET POST OPTIONS&gt;
        Require user admin
@@ -159,9 +159,9 @@
    will run the script, and one of which will allow it to be
    downloaded and manipulated with DAV.</p>
-<pre class="prettyprint lang-config">Alias /phparea /home/gstein/php_files
+<pre class="prettyprint lang-config">Alias "/phparea" "/home/gstein/php_files"
-Alias /php-source /home/gstein/php_files
+Alias "/php-source" "/home/gstein/php_files"
-&lt;Location /php-source&gt;
+&lt;Location "/php-source"&gt;
    Dav On
    ForceType text/plain
 &lt;/Location&gt;</pre>
@@ -185,7 +185,7 @@ Alias /php-source /home/gstein/php_files
    <p>Use the <code class="directive">Dav</code> directive to enable the
    WebDAV HTTP methods for the given container:</p>
-    <pre class="prettyprint lang-config">&lt;Location /foo&gt;
+    <pre class="prettyprint lang-config">&lt;Location "/foo"&gt;
    Dav On
 &lt;/Location&gt;</pre>
@@ -240,7 +240,7 @@ a DAV resource</td></tr>
    (like 600 seconds) to reduce the chance of the client losing
    the lock due to network latency.</p>
-    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /MSWord&gt;
+    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/MSWord"&gt;
    DavMinTimeout 600
 &lt;/Location&gt;</pre>
 </div>
--- a/docs/manual/mod/mod_dav.xml
+++ b/docs/manual/mod/mod_dav.xml
@@ -45,7 +45,9 @@
    <p>To enable <module>mod_dav</module>, add the following to a
    container in your <code>httpd.conf</code> file:</p>
-    <highlight language="config">Dav On</highlight>
+    <highlight language="config">
 Dav On
    </highlight>
    <p>This enables the DAV file system provider, which is implemented
    by the <module>mod_dav_fs</module> module. Therefore, that module
@@ -58,12 +60,12 @@
    directive:</p>
    <highlight language="config">
-      DavLockDB /usr/local/apache2/var/DavLock
+      DavLockDB "/usr/local/apache2/var/DavLock"
    </highlight>
    <p>The directory containing the lock database file must be
    writable by the <directive module="mod_unixd">User</directive>
-    and <directive module="mod_unixd" >Group</directive> under which
+    and <directive module="mod_unixd">Group</directive> under which
    Apache is running.</p>
    <p>You may wish to add a <directive module="core" type="section"
@@ -78,15 +80,15 @@
    <example><title>Full Example</title>
    <highlight language="config">
-DavLockDB /usr/local/apache2/var/DavLock
+DavLockDB "/usr/local/apache2/var/DavLock"
-&lt;Directory /usr/local/apache2/htdocs/foo&gt;
+&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
    Require all granted
    Dav On
    AuthType Basic
-    AuthName DAV
+    AuthName "DAV"
-    AuthUserFile user.passwd
+    AuthUserFile "user.passwd"
    &lt;LimitExcept GET POST OPTIONS&gt;
        Require user admin
@@ -149,9 +151,9 @@ DavLockDB /usr/local/apache2/var/DavLock
    downloaded and manipulated with DAV.</p>
 <highlight language="config">
-Alias /phparea /home/gstein/php_files
+Alias "/phparea" "/home/gstein/php_files"
-Alias /php-source /home/gstein/php_files
+Alias "/php-source" "/home/gstein/php_files"
-&lt;Location /php-source&gt;
+&lt;Location "/php-source"&gt;
    Dav On
    ForceType text/plain
 &lt;/Location&gt;
@@ -175,7 +177,7 @@ Alias /php-source /home/gstein/php_files
    WebDAV HTTP methods for the given container:</p>
    <highlight language="config">
-&lt;Location /foo&gt;
+&lt;Location "/foo"&gt;
    Dav On
 &lt;/Location&gt;
    </highlight>
@@ -218,7 +220,7 @@ a DAV resource</description>
    <example><title>Example</title>
    <highlight language="config">
-&lt;Location /MSWord&gt;
+&lt;Location "/MSWord"&gt;
    DavMinTimeout 600
 &lt;/Location&gt;
    </highlight>
--- a/docs/manual/mod/mod_session.html.en
+++ b/docs/manual/mod/mod_session.html.en
@@ -273,9 +273,9 @@ SessionCookieName session path=/private;domain=example.com;httponly;secure;</pre
 SessionCryptoPassphrase secret
 SessionCookieName session path=/
 AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
-AuthName realm
+AuthName "realm"
 #...</pre>
 </div>
--- a/docs/manual/mod/mod_session.xml
+++ b/docs/manual/mod/mod_session.xml
@@ -261,9 +261,9 @@ Session On
 SessionCryptoPassphrase secret
 SessionCookieName session path=/
 AuthFormProvider file
-AuthUserFile conf/passwd
+AuthUserFile "conf/passwd"
 AuthType form
-AuthName realm
+AuthName "realm"
 #...
        </highlight>
      </example>
--- a/docs/manual/ssl/ssl_howto.html.en
+++ b/docs/manual/ssl/ssl_howto.html.en
@@ -49,8 +49,8 @@ following directives.</p>
 &lt;VirtualHost *:443&gt;
    ServerName www.example.com
    SSLEngine on
-    SSLCertificateFile /path/to/www.example.com.cert
+    SSLCertificateFile "/path/to/www.example.com.cert"
-    SSLCertificateKeyFile /path/to/www.example.com.key
+    SSLCertificateKeyFile "/path/to/www.example.com.key"
 &lt;/VirtualHost&gt;</pre>
@@ -93,7 +93,7 @@ URL?</a></h3>
    <pre class="prettyprint lang-config"># be liberal in general
 SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-&lt;Location /strong/area&gt;
+&lt;Location "/strong/area"&gt;
 # but https://hostname/strong/area/ and below
 # requires strong ciphers
 SSLCipherSuite HIGH:!aNULL:!MD5
@@ -264,7 +264,7 @@ Intranet website, for clients coming from the Internet?</a></li>
 # signed by our CA certificate in ca.crt
 SSLVerifyClient require
 SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
+SSLCACertificateFile "conf/ssl.crt/ca.crt"</pre>
@@ -277,9 +277,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
    <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>:</p>
    <pre class="prettyprint lang-config">SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-&lt;Location /secure/area&gt;
+&lt;Location "/secure/area"&gt;
 SSLVerifyClient require
 SSLVerifyDepth 1
 &lt;/Location&gt;</pre>
@@ -303,10 +303,10 @@ SSLVerifyDepth 1
    clients allowed, as follows:</p>
    <pre class="prettyprint lang-config">SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificatePath "conf/ssl.crt"
-&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
+&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
    SSLVerifyClient      require
    SSLVerifyDepth       5
    SSLOptions           +FakeBasicAuth
@@ -314,7 +314,7 @@ SSLCACertificatePath conf/ssl.crt
    AuthName             "Snake Oil Authentication"
    AuthType             Basic
    AuthBasicProvider    file
-    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    AuthUserFile         "/usr/local/apache2/conf/httpd.passwd"
    Require              valid-user
 &lt;/Directory&gt;</pre>
@@ -332,10 +332,10 @@ SSLCACertificatePath conf/ssl.crt
    <pre class="prettyprint lang-config">SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificatePath "conf/ssl.crt"
-&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
+&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
  SSLVerifyClient      require
  SSLVerifyDepth       5
  SSLOptions           +FakeBasicAuth
@@ -358,14 +358,14 @@ plain HTTP access for clients on the Intranet.</a></h3>
   This configuration should remain outside of your HTTPS virtual host, so
   that it applies to both HTTPS and HTTP.</p>
-    <pre class="prettyprint lang-config">SSLCACertificateFile conf/ssl.crt/company-ca.crt
+    <pre class="prettyprint lang-config">SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
-&lt;Directory /usr/local/apache2/htdocs&gt;
+&lt;Directory "/usr/local/apache2/htdocs"&gt;
    #   Outside the subarea only Intranet access is granted
    Require              ip 192.168.1.0/24
 &lt;/Directory&gt;
-&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
+&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
    #   Inside the subarea any Intranet access is allowed
    #   but from the Internet only HTTPS + Strong-Cipher + Password
    #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
@@ -379,9 +379,9 @@ plain HTTP access for clients on the Intranet.</a></h3>
    #   Force clients from the Internet to use HTTPS
    RewriteEngine        on
-    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
+    RewriteCond          "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
-    RewriteCond          %{HTTPS} !=on
+    RewriteCond          "%{HTTPS}" "!=on"
-    RewriteRule          . - [F]
+    RewriteRule          "." "-" [F]
    #   Allow Network Access and/or Basic Auth
    Satisfy              any
@@ -393,7 +393,7 @@ plain HTTP access for clients on the Intranet.</a></h3>
    AuthType             basic
    AuthName             "Protected Intranet Area"
    AuthBasicProvider    file
-    AuthUserFile         conf/protected.passwd
+    AuthUserFile         "conf/protected.passwd"
    Require              valid-user
 &lt;/Directory&gt;</pre>
--- a/docs/manual/ssl/ssl_howto.xml
+++ b/docs/manual/ssl/ssl_howto.xml
@@ -44,8 +44,8 @@ Listen 443
 &lt;VirtualHost *:443&gt;
    ServerName www.example.com
    SSLEngine on
-    SSLCertificateFile /path/to/www.example.com.cert
+    SSLCertificateFile "/path/to/www.example.com.cert"
-    SSLCertificateKeyFile /path/to/www.example.com.key
+    SSLCertificateKeyFile "/path/to/www.example.com.key"
 &lt;/VirtualHost&gt;
 </highlight>
@@ -92,7 +92,7 @@ URL?</title>
 # be liberal in general
 SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
-&lt;Location /strong/area&gt;
+&lt;Location "/strong/area"&gt;
 # but https://hostname/strong/area/ and below
 # requires strong ciphers
 SSLCipherSuite HIGH:!aNULL:!MD5
@@ -274,7 +274,7 @@ Intranet website, for clients coming from the Internet?</a></li>
 # signed by our CA certificate in ca.crt
 SSLVerifyClient require
 SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
    </highlight>
 </section>
@@ -288,9 +288,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt
    <highlight language="config">
 SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-&lt;Location /secure/area&gt;
+&lt;Location "/secure/area"&gt;
 SSLVerifyClient require
 SSLVerifyDepth 1
 &lt;/Location&gt;
@@ -315,10 +315,10 @@ SSLVerifyDepth 1
    <highlight language="config">
 SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificatePath "conf/ssl.crt"
-&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
+&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
    SSLVerifyClient      require
    SSLVerifyDepth       5
    SSLOptions           +FakeBasicAuth
@@ -326,7 +326,7 @@ SSLCACertificatePath conf/ssl.crt
    AuthName             "Snake Oil Authentication"
    AuthType             Basic
    AuthBasicProvider    file
-    AuthUserFile         /usr/local/apache2/conf/httpd.passwd
+    AuthUserFile         "/usr/local/apache2/conf/httpd.passwd"
    Require              valid-user
 &lt;/Directory&gt;
    </highlight>
@@ -348,10 +348,10 @@ SSLCACertificatePath conf/ssl.crt
    <highlight language="config">
 SSLVerifyClient      none
-SSLCACertificateFile conf/ssl.crt/ca.crt
+SSLCACertificateFile "conf/ssl.crt/ca.crt"
-SSLCACertificatePath conf/ssl.crt
+SSLCACertificatePath "conf/ssl.crt"
-&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
+&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
  SSLVerifyClient      require
  SSLVerifyDepth       5
  SSLOptions           +FakeBasicAuth
@@ -375,14 +375,14 @@ plain HTTP access for clients on the Intranet.</title>
   that it applies to both HTTPS and HTTP.</p>
    <highlight language="config">
-SSLCACertificateFile conf/ssl.crt/company-ca.crt
+SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
-&lt;Directory /usr/local/apache2/htdocs&gt;
+&lt;Directory "/usr/local/apache2/htdocs"&gt;
    #   Outside the subarea only Intranet access is granted
    Require              ip 192.168.1.0/24
 &lt;/Directory&gt;
-&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
+&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
    #   Inside the subarea any Intranet access is allowed
    #   but from the Internet only HTTPS + Strong-Cipher + Password
    #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
@@ -396,9 +396,9 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
    #   Force clients from the Internet to use HTTPS
    RewriteEngine        on
-    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
+    RewriteCond          "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
-    RewriteCond          %{HTTPS} !=on
+    RewriteCond          "%{HTTPS}" "!=on"
-    RewriteRule          . - [F]
+    RewriteRule          "." "-" [F]
    #   Allow Network Access and/or Basic Auth
    Satisfy              any
@@ -410,7 +410,7 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
    AuthType             basic
    AuthName             "Protected Intranet Area"
    AuthBasicProvider    file
-    AuthUserFile         conf/protected.passwd
+    AuthUserFile         "conf/protected.passwd"
    Require              valid-user
 &lt;/Directory&gt;
    </highlight>
@@ -430,4 +430,3 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
 </section>
 </manualpage>