www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-30 20:03:10 +03:00
Code Activity

Following up on BZ 53530.. putting quotation marks around

Browse Source 
arbitrary-text, complex, and/or filesystem directive arguments.
More to do..


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1673582 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ken Coar
2015-04-14 23:35:26 +00:00
parent d0fef61ba3
commit a90c8fdafb
28 changed files with 340 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/manual/howto/auth.html.en
View File

@ -213,13 +213,13 @@ module from each group.</p>
following directives, either placed in the file
<code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
placed in <code>httpd.conf</code> inside a &lt;Directory
/usr/local/apache/htdocs/secret&gt; section.</p>
"/usr/local/apache/htdocs/secret"&gt; section.</p>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user rbowen</pre>
@ -315,8 +315,8 @@ person in</a></h2>
AuthName "By Invitation Only"
# Optional line:
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName</pre>
@ -375,11 +375,11 @@ Require group GroupName</pre>
<p>To select a dbm file rather than a text file, for example:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider dbm
AuthDBMUserFile /www/passwords/passwd.dbm
AuthDBMUserFile "/www/passwords/passwd.dbm"
Require valid-user
&lt;/Directory&gt;</pre>
@ -397,11 +397,11 @@ Require group GroupName</pre>
scheme that meets your needs. In the following example, both the
file and LDAP based authentication providers are being used.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
Require valid-user
&lt;/Directory&gt;</pre>
@ -420,13 +420,13 @@ Require group GroupName</pre>
authorization methods can also be used. In this example both file group
authorization as well as LDAP group authorization is being used.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
AuthGroupFile /usr/local/apache/passwd/groups
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
Require ldap-group cn=mygroup,o=yourorg
&lt;/Directory&gt;</pre>

22
docs/manual/howto/auth.xml
View File

@ -197,14 +197,14 @@ module from each group.</p>
following directives, either placed in the file
<code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
placed in <code>httpd.conf</code> inside a &lt;Directory
/usr/local/apache/htdocs/secret&gt; section.</p>
"/usr/local/apache/htdocs/secret"&gt; section.</p>
<highlight language="config">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user rbowen
</highlight>
@ -309,8 +309,8 @@ AuthType Basic
AuthName "By Invitation Only"
# Optional line:
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
</highlight>
@ -370,11 +370,11 @@ Require group GroupName
<p>To select a dbm file rather than a text file, for example:</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider dbm
AuthDBMUserFile /www/passwords/passwd.dbm
AuthDBMUserFile "/www/passwords/passwd.dbm"
Require valid-user
&lt;/Directory&gt;
</highlight>
@ -393,11 +393,11 @@ Require group GroupName
file and LDAP based authentication providers are being used.</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
Require valid-user
&lt;/Directory&gt;
@ -417,13 +417,13 @@ Require group GroupName
authorization as well as LDAP group authorization is being used.</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
AuthGroupFile /usr/local/apache/passwd/groups
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
Require ldap-group cn=mygroup,o=yourorg
&lt;/Directory&gt;

28
docs/manual/howto/htaccess.html.en
View File

@ -66,7 +66,7 @@ changes on a per-directory basis.</p>
if you would rather call the file <code>.config</code> then you
can put the following in your server configuration file:</p>
<pre class="prettyprint lang-config">AccessFileName .config</pre>
<pre class="prettyprint lang-config">AccessFileName ".config"</pre>
</div>
@ -188,18 +188,18 @@ changes on a per-directory basis.</p>
<p>Note that it is completely equivalent to put a <code>.htaccess</code>
file in a directory <code>/www/htdocs/example</code> containing a
directive, and to put that same directive in a Directory section
<code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
<code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<div class="example"><h3>Contents of .htaccess file in
<code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example .exm</pre>
<code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example ".exm"</pre>
</div>
<div class="example"><h3>Section from your <code>httpd.conf</code>
file</h3><pre class="prettyprint lang-config">&lt;Directory /www/htdocs/example&gt;
AddType text/example .exm
file</h3><pre class="prettyprint lang-config">&lt;Directory "/www/htdocs/example"&gt;
AddType text/example ".exm"
&lt;/Directory&gt;</pre>
</div>
@ -265,11 +265,11 @@ changes on a per-directory basis.</p>
prevent script execution while allowing anything else to be set in
<code>.htaccess</code> you can use:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/htdocs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/htdocs"&gt;
AllowOverride All
&lt;/Directory&gt;
&lt;Location /&gt;
&lt;Location "/"&gt;
Options +IncludesNoExec -ExecCGI<br />
&lt;/Location&gt;</pre>
@ -300,8 +300,8 @@ changes on a per-directory basis.</p>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
AuthUserFile "/www/passwords/password.file"
AuthGroupFile "/www/passwords/group.file"
Require group admins</pre>
@ -320,7 +320,7 @@ Require group admins</pre>
<code>.htaccess</code> file in the desired directory:</p>
<pre class="prettyprint lang-config">Options +Includes
AddType text/html shtml
AddType text/html "shtml"
AddHandler server-parsed shtml</pre>
@ -340,13 +340,13 @@ the current directory, rather than being the original requested URI.
Consider the following examples:</p>
<pre class="prettyprint lang-config"># In httpd.conf
RewriteRule ^/images/(.+)\.jpg /images/$1.png
RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
# In .htaccess in root dir
RewriteRule ^images/(.+)\.jpg images/$1.png
RewriteRule "^images/(.+)\.jpg" "images/$1.png"
# In .htaccess in images/
RewriteRule ^(.+)\.jpg $1.png</pre>
RewriteRule "^(.+)\.jpg" "$1.png"</pre>
<p>In a <code>.htaccess</code> in your document directory, the leading
@ -367,7 +367,7 @@ further details on using <code>mod_rewrite</code>.</p>
implemented with the following configuration:</p>
<pre class="prettyprint lang-config">Options +ExecCGI
AddHandler cgi-script cgi pl</pre>
AddHandler cgi-script "cgi" "pl"</pre>
<p>Alternately, if you wish to have all files in the given directory be

44
docs/manual/howto/htaccess.xml
View File

@ -77,7 +77,9 @@ changes on a per-directory basis.</p>
if you would rather call the file <code>.config</code> then you
can put the following in your server configuration file:</p>
<highlight language="config">AccessFileName .config</highlight>
<highlight language="config">
AccessFileName ".config"
</highlight>
</note>
<p>In general, <code>.htaccess</code> files use the same syntax as
@ -209,21 +211,23 @@ changes on a per-directory basis.</p>
<p>Note that it is completely equivalent to put a <code>.htaccess</code>
file in a directory <code>/www/htdocs/example</code> containing a
directive, and to put that same directive in a Directory section
<code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
<code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<example><title>Contents of .htaccess file in
<code>/www/htdocs/example</code></title>
<highlight language="config">AddType text/example .exm</highlight>
<highlight language="config">
AddType text/example ".exm"
</highlight>
</example>
<example><title>Section from your <code>httpd.conf</code>
file</title>
<highlight language="config">
&lt;Directory /www/htdocs/example&gt;
AddType text/example .exm
&lt;Directory "/www/htdocs/example"&gt;
AddType text/example ".exm"
&lt;/Directory&gt;
</highlight>
</example>
@ -237,7 +241,9 @@ changes on a per-directory basis.</p>
by setting the <directive module="core">AllowOverride</directive>
directive to <code>none</code>:</p>
<highlight language="config">AllowOverride None</highlight>
<highlight language="config">
AllowOverride None
</highlight>
</section>
<section id="how"><title>How directives are applied</title>
@ -258,7 +264,9 @@ changes on a per-directory basis.</p>
<p>In the directory <code>/www/htdocs/example1</code> we have a
<code>.htaccess</code> file containing the following:</p>
<highlight language="config">Options +ExecCGI</highlight>
<highlight language="config">
Options +ExecCGI
</highlight>
<p>(Note: you must have "<code>AllowOverride Options</code>" in effect
to permit the use of the "<directive
@ -268,7 +276,9 @@ changes on a per-directory basis.</p>
<p>In the directory <code>/www/htdocs/example1/example2</code> we have
a <code>.htaccess</code> file containing:</p>
<highlight language="config">Options Includes</highlight>
<highlight language="config">
Options Includes
</highlight>
<p>Because of this second <code>.htaccess</code> file, in the directory
<code>/www/htdocs/example1/example2</code>, CGI execution is not
@ -292,11 +302,11 @@ changes on a per-directory basis.</p>
<code>.htaccess</code> you can use:</p>
<highlight language="config">
&lt;Directory /www/htdocs&gt;
&lt;Directory "/www/htdocs"&gt;
AllowOverride All
&lt;/Directory&gt;
&lt;Location /&gt;
&lt;Location "/"&gt;
Options +IncludesNoExec -ExecCGI<br />
&lt;/Location&gt;
</highlight>
@ -330,8 +340,8 @@ changes on a per-directory basis.</p>
<highlight language="config">
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
AuthUserFile "/www/passwords/password.file"
AuthGroupFile "/www/passwords/group.file"
Require group admins
</highlight>
@ -351,7 +361,7 @@ Require group admins
<highlight language="config">
Options +Includes
AddType text/html shtml
AddType text/html "shtml"
AddHandler server-parsed shtml
</highlight>
@ -372,13 +382,13 @@ Consider the following examples:</p>
<highlight language="config">
# In httpd.conf
RewriteRule ^/images/(.+)\.jpg /images/$1.png
RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
# In .htaccess in root dir
RewriteRule ^images/(.+)\.jpg images/$1.png
RewriteRule "^images/(.+)\.jpg" "images/$1.png"
# In .htaccess in images/
RewriteRule ^(.+)\.jpg $1.png
RewriteRule "^(.+)\.jpg" "$1.png"
</highlight>
<p>In a <code>.htaccess</code> in your document directory, the leading
@ -401,7 +411,7 @@ further details on using <code>mod_rewrite</code>.</p>
<highlight language="config">
Options +ExecCGI
AddHandler cgi-script cgi pl
AddHandler cgi-script "cgi" "pl"
</highlight>
<p>Alternately, if you wish to have all files in the given directory be

16
docs/manual/mod/mod_auth_basic.html.en
View File

@ -111,7 +111,7 @@ username and password</td></tr>
<p>In this example, we pass a fixed username and password to a
backend server.</p>
<div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location /demo&gt;
<div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location "/demo"&gt;
AuthBasicFake demo demopass
&lt;/Location&gt;</pre>
</div>
@ -122,8 +122,8 @@ username and password</td></tr>
directive. Like the FakeBasicAuth option, the password is set to the
fixed string "password".</p>
<div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email}
<div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
&lt;/Location&gt;</pre>
</div>
@ -132,12 +132,12 @@ username and password</td></tr>
backend server. This can be used to gate into legacy systems that do
not support client certificates.</p>
<div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
<div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
&lt;/Location&gt;</pre>
</div>
<div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location /public&gt;
<div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location "/public"&gt;
AuthBasicFake off
&lt;/Location&gt;</pre>
</div>
@ -161,12 +161,12 @@ username and password</td></tr>
The default <code>file</code> provider is implemented
by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
that the chosen provider module is present in the server.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
&lt;/Location&gt;</pre>
</div>

16
docs/manual/mod/mod_auth_basic.xml
View File

@ -60,12 +60,12 @@
that the chosen provider module is present in the server.</p>
<example><title>Example</title>
<highlight language="config">
&lt;Location /secure&gt;
&lt;Location "/secure"&gt;
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
&lt;/Location&gt;
</highlight>
@ -136,7 +136,7 @@ username and password</description>
<example><title>Fixed Example</title>
<highlight language="config">
&lt;Location /demo&gt;
&lt;Location "/demo"&gt;
AuthBasicFake demo demopass
&lt;/Location&gt;
</highlight>
@ -150,8 +150,8 @@ username and password</description>
<example><title>Certificate Example</title>
<highlight language="config">
&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email}
&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
&lt;/Location&gt;
</highlight>
</example>
@ -163,15 +163,15 @@ username and password</description>
<example><title>Password Example</title>
<highlight language="config">
&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
&lt;/Location&gt;
</highlight>
</example>
<example><title>Exclusion Example</title>
<highlight language="config">
&lt;Location /public&gt;
&lt;Location "/public"&gt;
AuthBasicFake off
&lt;/Location&gt;
</highlight>

6
docs/manual/mod/mod_auth_digest.html.en
View File

@ -83,13 +83,13 @@
<p>Appropriate user (text) files can be created using the
<code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
<div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location /private/&gt;
<div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
&lt;/Location&gt;</pre>
</div>

6
docs/manual/mod/mod_auth_digest.xml
View File

@ -64,13 +64,13 @@
<example><title>Example:</title>
<highlight language="config">
&lt;Location /private/&gt;
&lt;Location "/private/"&gt;
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
&lt;/Location&gt;
</highlight>

28
docs/manual/mod/mod_auth_form.html.en
View File

@ -108,10 +108,10 @@
the user will be redirected to the form login page.</p>
<div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@ -159,12 +159,12 @@ SessionCryptoPassphrase secret</pre>
The action of the form should point at this handler, which is configured within
Apache httpd as follows:</p>
<div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location /dologin.html&gt;
<div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location "/dologin.html"&gt;
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginSuccessLocation http://example.com/success.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
AuthFormLoginSuccessLocation "http://example.com/success.html"
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
Session On
@ -221,11 +221,11 @@ SessionCryptoPassphrase secret</pre>
containing the login form, as follows:</p>
<div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file
ErrorDocument 401 /login.shtml
AuthUserFile conf/passwd
ErrorDocument 401 "/login.shtml"
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@ -291,7 +291,7 @@ SessionCryptoPassphrase secret</pre>
technology.</p>
<div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config"> AuthFormProvider file
ErrorDocument 401 /cgi-bin/login.cgi
ErrorDocument 401 "/cgi-bin/login.cgi"
...</pre>
</div>
@ -312,7 +312,7 @@ SessionCryptoPassphrase secret</pre>
<div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
AuthName realm
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@ -327,7 +327,7 @@ SessionCryptoPassphrase secret</pre>
</p>
<div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionMaxAge 1
SessionCookieName session path=/
@ -515,7 +515,7 @@ parser has been added in 2.4.4.</td></tr>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /logout&gt;
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session on
#...
&lt;/Location&gt;</pre>
@ -613,7 +613,7 @@ parser has been added in 2.4.4.</td></tr>
AuthName "private area"
AuthFormProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
#...
&lt;/Location&gt;</pre>

28
docs/manual/mod/mod_auth_form.xml
View File

@ -76,10 +76,10 @@
<example><title>Basic example</title>
<highlight language="config">
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@ -133,12 +133,12 @@ SessionCryptoPassphrase secret
<example><title>Form login handler example</title>
<highlight language="config">
&lt;Location /dologin.html&gt;
&lt;Location "/dologin.html"&gt;
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginSuccessLocation http://example.com/success.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
AuthFormLoginSuccessLocation "http://example.com/success.html"
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
Session On
@ -201,11 +201,11 @@ SessionCryptoPassphrase secret
<example><title>Basic inline example</title>
<highlight language="config">
AuthFormProvider file
ErrorDocument 401 /login.shtml
AuthUserFile conf/passwd
ErrorDocument 401 "/login.shtml"
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@ -280,7 +280,7 @@ SessionCryptoPassphrase secret
<example><title>CGI example</title>
<highlight language="config">
AuthFormProvider file
ErrorDocument 401 /cgi-bin/login.cgi
ErrorDocument 401 "/cgi-bin/login.cgi"
...
</highlight>
</example>
@ -304,7 +304,7 @@ SessionCryptoPassphrase secret
<highlight language="config">
SetHandler form-logout-handler
AuthName realm
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@ -322,7 +322,7 @@ SessionCryptoPassphrase secret
<example><title>Basic session expiry example</title>
<highlight language="config">
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionMaxAge 1
SessionCookieName session path=/
@ -363,7 +363,7 @@ SessionCryptoPassphrase secret
AuthName "private area"
AuthFormProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
#...
&lt;/Location&gt;
@ -636,7 +636,7 @@ parser has been added in 2.4.4.</compatibility>
<highlight language="config">
&lt;Location /logout&gt;
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session on
#...
&lt;/Location&gt;

4
docs/manual/mod/mod_authn_anon.html.en
View File

@ -93,11 +93,11 @@
(<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
</ul>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory /var/www/html/private&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory "/var/www/html/private"&gt;
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd
AuthUserFile "/path/to/your/.htpasswd"
Anonymous_NoUserID off
Anonymous_MustGiveEmail on

4
docs/manual/mod/mod_authn_anon.xml
View File

@ -81,11 +81,11 @@
<example><title>Example</title>
<highlight language="config">
&lt;Directory /var/www/html/private&gt;
&lt;Directory "/var/www/html/private"&gt;
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd
AuthUserFile "/path/to/your/.htpasswd"
Anonymous_NoUserID off
Anonymous_MustGiveEmail on

24
docs/manual/mod/mod_authn_core.html.en
View File

@ -70,15 +70,15 @@
<div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config"># Check here first
&lt;AuthnProviderAlias file file1&gt;
AuthUserFile /www/conf/passwords1
AuthUserFile "/www/conf/passwords1"
&lt;/AuthnProviderAlias&gt;
# Then check here
&lt;AuthnProviderAlias file file2&gt;
AuthUserFile /www/conf/passwords2
AuthUserFile "/www/conf/passwords2"
&lt;/AuthnProviderAlias&gt;
&lt;Directory /var/web/pages/secure&gt;
&lt;Directory "/var/web/pages/secure"&gt;
AuthBasicProvider file1 file2
AuthType Basic
@ -93,18 +93,18 @@
hosts:</p>
<div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config">&lt;AuthnProviderAlias ldap ldap-alias1&gt;
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthnProviderAlias&gt;
&lt;AuthnProviderAlias ldap ldap-other-alias&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthnProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Order deny,allow
Allow from all
@ -220,15 +220,15 @@ the specified alias</td></tr>
in the following example, clients may access the
<code>/www/docs/public</code> directory without authenticating:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require valid-user
&lt;/Directory&gt;
&lt;Directory /www/docs/public&gt;
&lt;Directory "/www/docs/public"&gt;
AuthType None
Require all granted
&lt;/Directory&gt;</pre>

24
docs/manual/mod/mod_authn_core.xml
View File

@ -57,15 +57,15 @@
<highlight language="config">
# Check here first
&lt;AuthnProviderAlias file file1&gt;
AuthUserFile /www/conf/passwords1
AuthUserFile "/www/conf/passwords1"
&lt;/AuthnProviderAlias&gt;
# Then check here
&lt;AuthnProviderAlias file file2&gt;
AuthUserFile /www/conf/passwords2
AuthUserFile "/www/conf/passwords2"
&lt;/AuthnProviderAlias&gt;
&lt;Directory /var/web/pages/secure&gt;
&lt;Directory "/var/web/pages/secure"&gt;
AuthBasicProvider file1 file2
AuthType Basic
@ -83,18 +83,18 @@
<example><title>Checking multiple LDAP servers</title>
<highlight language="config">
&lt;AuthnProviderAlias ldap ldap-alias1&gt;
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthnProviderAlias&gt;
&lt;AuthnProviderAlias ldap ldap-other-alias&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthnProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Order deny,allow
Allow from all
@ -194,15 +194,15 @@ authentication</description>
<code>/www/docs/public</code> directory without authenticating:</p>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require valid-user
&lt;/Directory&gt;
&lt;Directory /www/docs/public&gt;
&lt;Directory "/www/docs/public"&gt;
AuthType None
Require all granted
&lt;/Directory&gt;

14
docs/manual/mod/mod_authnz_ldap.html.en
View File

@ -482,7 +482,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone with
the attribute employeeType = active</p>
<pre class="prettyprint lang-config">Require ldap-attribute employeeType=active</pre>
<pre class="prettyprint lang-config">Require ldap-attribute "employeeType=active"</pre>
<p>Multiple attribute/value pairs can be specified on the same line
@ -496,7 +496,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone with
the city attribute equal to "San Jose" or status equal to "Active"</p>
<pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" status=active</pre>
<pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" "status=active"</pre>
@ -511,7 +511,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone having a cell phone
and is in the marketing department</p>
<pre class="prettyprint lang-config">Require ldap-filter &amp;(cell=*)(department=marketing)</pre>
<pre class="prettyprint lang-config">Require ldap-filter "&amp;(cell=*)(department=marketing)"</pre>
<p>The difference between the <code>Require ldap-filter</code> directive and the
@ -526,8 +526,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
must be taken to ensure that LDAP filters are escaped correctly to guard against
LDAP injection. The ldap function can be used for this purpose.</p>
<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
&lt;/LocationMatch&gt;</pre>
@ -543,8 +543,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to URLs that match the given objects in the
LDAP server:</p>
<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
&lt;/LocationMatch&gt;</pre>

32
docs/manual/mod/mod_authnz_ldap.xml
View File

@ -364,7 +364,9 @@ Require ldap-user "Joe Manager"
<p>If the <code>uid</code> attribute was used instead of the
<code>cn</code> attribute in the URL above, the above three lines
could be condensed to</p>
<highlight language="config">Require ldap-user bjenson fuser jmanager</highlight>
<highlight language="config">
Require ldap-user bjenson fuser jmanager
</highlight>
</section>
<section id="reqgroup"><title>Require ldap-group</title>
@ -383,7 +385,9 @@ uniqueMember: cn=Fred User, o=Example
<p>The following directive would grant access to both Fred and
Barbara:</p>
<highlight language="config">Require ldap-group cn=Administrators, o=Example</highlight>
<highlight language="config">
Require ldap-group cn=Administrators, o=Example
</highlight>
<p>Members can also be found within sub-groups of a specified LDAP group
if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>
@ -448,7 +452,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to a specific
DN:</p>
<highlight language="config">Require ldap-dn cn=Barbara Jenson, o=Example</highlight>
<highlight language="config">
Require ldap-dn cn=Barbara Jenson, o=Example
</highlight>
<p>Behavior of this directive is modified by the <directive
module="mod_authnz_ldap">AuthLDAPCompareDNOnServer</directive>
@ -465,7 +471,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone with
the attribute employeeType = active</p>
<highlight language="config">Require ldap-attribute employeeType=active</highlight>
<highlight language="config">
Require ldap-attribute "employeeType=active"
</highlight>
<p>Multiple attribute/value pairs can be specified on the same line
separated by spaces or they can be specified in multiple
@ -478,7 +486,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone with
the city attribute equal to "San Jose" or status equal to "Active"</p>
<highlight language="config">Require ldap-attribute city="San Jose" status=active</highlight>
<highlight language="config">
Require ldap-attribute city="San Jose" "status=active"
</highlight>
</section>
@ -492,7 +502,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone having a cell phone
and is in the marketing department</p>
<highlight language="config">Require ldap-filter &amp;(cell=*)(department=marketing)</highlight>
<highlight language="config">
Require ldap-filter "&amp;(cell=*)(department=marketing)"
</highlight>
<p>The difference between the <code>Require ldap-filter</code> directive and the
<code>Require ldap-attribute</code> directive is that <code>ldap-filter</code>
@ -507,8 +519,8 @@ AuthLDAPMaxSubGroupDepth 1
LDAP injection. The ldap function can be used for this purpose.</p>
<highlight language="config">
&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
&lt;/LocationMatch&gt;
</highlight>
@ -525,8 +537,8 @@ AuthLDAPMaxSubGroupDepth 1
LDAP server:</p>
<highlight language="config">
&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
&lt;/LocationMatch&gt;
</highlight>

40
docs/manual/mod/mod_authz_core.html.en
View File

@ -83,13 +83,13 @@
not belong to either the <code>temps</code> group or the
LDAP group <code>Temporary Employees</code>.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/mydocs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/mydocs"&gt;
&lt;RequireAll&gt;
&lt;RequireAny&gt;
Require user superadmin
&lt;RequireAll&gt;
Require group admins
Require ldap-group cn=Administrators,o=Airius
Require ldap-group "cn=Administrators,o=Airius"
&lt;RequireAny&gt;
Require group sales
Require ldap-attribute dept="sales"
@ -98,7 +98,7 @@
&lt;/RequireAny&gt;
&lt;RequireNone&gt;
Require group temps
Require ldap-group cn=Temporary Employees,o=Airius
Require ldap-group "cn=Temporary Employees,o=Airius"
&lt;/RequireNone&gt;
&lt;/RequireAll&gt;
&lt;/Directory&gt;</pre>
@ -125,8 +125,8 @@
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
<pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
&lt;Directory /docroot&gt;
<pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
&lt;Directory "/docroot"&gt;
Require env let_me_in
&lt;/Directory&gt;</pre>
@ -235,20 +235,20 @@
multiple ldap hosts:
</p>
<pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
AuthLDAPBindDN cn=youruser,o=ctx
<pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthzProviderAlias&gt;
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthzProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Require all granted
AuthBasicProvider file
@ -312,20 +312,20 @@ sections.</td></tr>
preceding sections. Thus only users belong to the group
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require group alpha
&lt;/Directory&gt;
&lt;Directory /www/docs/ab&gt;
&lt;Directory "/www/docs/ab"&gt;
AuthMerging Or
Require group beta
&lt;/Directory&gt;
&lt;Directory /www/docs/ab/gamma&gt;
&lt;Directory "/www/docs/ab/gamma"&gt;
Require group gamma
&lt;/Directory&gt;</pre>
@ -454,8 +454,8 @@ an authorization provider.</td></tr>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
AuthUserFile "/web/users"
AuthGroupFile "/web/groups"
Require group admin</pre>
@ -479,7 +479,7 @@ Require group admin</pre>
and <code>beta</code> groups are authorized, except for those who
are also in the <code>reject</code> group.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
&lt;RequireAll&gt;
Require group alpha beta
Require not group reject

40
docs/manual/mod/mod_authz_core.xml
View File

@ -63,13 +63,13 @@
LDAP group <code>Temporary Employees</code>.</p>
<highlight language="config">
&lt;Directory /www/mydocs&gt;
&lt;Directory "/www/mydocs"&gt;
&lt;RequireAll&gt;
&lt;RequireAny&gt;
Require user superadmin
&lt;RequireAll&gt;
Require group admins
Require ldap-group cn=Administrators,o=Airius
Require ldap-group "cn=Administrators,o=Airius"
&lt;RequireAny&gt;
Require group sales
Require ldap-attribute dept="sales"
@ -78,7 +78,7 @@
&lt;/RequireAny&gt;
&lt;RequireNone&gt;
Require group temps
Require ldap-group cn=Temporary Employees,o=Airius
Require ldap-group "cn=Temporary Employees,o=Airius"
&lt;/RequireNone&gt;
&lt;/RequireAll&gt;
&lt;/Directory&gt;
@ -107,8 +107,8 @@
other HTTP request header fields.</p>
<highlight language="config">
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
&lt;Directory /docroot&gt;
SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
&lt;Directory "/docroot"&gt;
Require env let_me_in
&lt;/Directory&gt;
</highlight>
@ -227,20 +227,20 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
</p>
<highlight language="config">
&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
AuthLDAPBindDN cn=youruser,o=ctx
&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthzProviderAlias&gt;
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthzProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Require all granted
AuthBasicProvider file
@ -337,8 +337,8 @@ an authorization provider.</description>
AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
AuthUserFile "/web/users"
AuthGroupFile "/web/groups"
Require group admin
</highlight>
@ -363,7 +363,7 @@ Require group admin
are also in the <code>reject</code> group.</p>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
&lt;RequireAll&gt;
Require group alpha beta
Require not group reject
@ -561,20 +561,20 @@ sections.</description>
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</note>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require group alpha
&lt;/Directory&gt;
&lt;Directory /www/docs/ab&gt;
&lt;Directory "/www/docs/ab"&gt;
AuthMerging Or
Require group beta
&lt;/Directory&gt;
&lt;Directory /www/docs/ab/gamma&gt;
&lt;Directory "/www/docs/ab/gamma"&gt;
Require group gamma
&lt;/Directory&gt;
</highlight>

8
docs/manual/mod/mod_authz_dbm.html.en
View File

@ -95,8 +95,8 @@ instead of <code>group</code>:</em>
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
AuthDBMUserFile "site/data/users"
AuthDBMGroupFile "site/data/users"
Require dbm-group admin
&lt;/Directory&gt;</pre>
@ -139,8 +139,8 @@ of user groups for authorization</td></tr>
accomplished by first setting the group and password files to
point to the same DBM:</p>
<pre class="prettyprint lang-config">AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase</pre>
<pre class="prettyprint lang-config">AuthDBMGroupFile "/www/userbase"
AuthDBMUserFile "/www/userbase"</pre>
<p>The key for the single DBM is the username. The value consists

8
docs/manual/mod/mod_authz_dbm.xml
View File

@ -81,8 +81,8 @@ instead of <code>group</code>:</em>
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
AuthDBMUserFile "site/data/users"
AuthDBMGroupFile "site/data/users"
Require dbm-group admin
&lt;/Directory&gt;
</highlight>
@ -126,8 +126,8 @@ of user groups for authorization</description>
point to the same DBM:</p>
<highlight language="config">
AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase
AuthDBMGroupFile "/www/userbase"
AuthDBMUserFile "/www/userbase"
</highlight>
<p>The key for the single DBM is the username. The value consists

12
docs/manual/mod/mod_authz_owner.html.en
View File

@ -96,11 +96,11 @@
files in <code>/home/smith/public_html/private</code> unless they
were owned by <code>jones</code> instead of <code>smith</code>.</p>
<pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/private"&gt;
AuthType Basic
AuthName MyPrivateFiles
AuthName "MyPrivateFiles"
AuthBasicProvider dbm
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
Require file-owner
&lt;/Directory&gt;</pre>
@ -118,14 +118,14 @@
authorized to access the <code>project-foo</code> directories of
each other.</p>
<pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/project-foo&gt;
<pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/project-foo"&gt;
AuthType Basic
AuthName "Project Foo Files"
AuthBasicProvider dbm
# combined user/group database
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
Satisfy All
Require file-group

12
docs/manual/mod/mod_authz_owner.xml
View File

@ -85,11 +85,11 @@
were owned by <code>jones</code> instead of <code>smith</code>.</p>
<highlight language="config">
&lt;Directory /home/*/public_html/private&gt;
&lt;Directory "/home/*/public_html/private"&gt;
AuthType Basic
AuthName MyPrivateFiles
AuthName "MyPrivateFiles"
AuthBasicProvider dbm
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
Require file-owner
&lt;/Directory&gt;
</highlight>
@ -109,14 +109,14 @@
each other.</p>
<highlight language="config">
&lt;Directory /home/*/public_html/project-foo&gt;
&lt;Directory "/home/*/public_html/project-foo"&gt;
AuthType Basic
AuthName "Project Foo Files"
AuthBasicProvider dbm
# combined user/group database
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
Satisfy All
Require file-group

20
docs/manual/mod/mod_dav.html.en
View File

@ -78,7 +78,7 @@
file using the <code class="directive"><a href="../mod/mod_dav_fs.html#davlockdb">DavLockDB</a></code>
directive:</p>
<pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock</pre>
<pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"</pre>
<p>The directory containing the lock database file must be
@ -93,15 +93,15 @@
directive. The "normal" <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> directive has no effect on DAV
requests.</p>
<div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock
<div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"
&lt;Directory /usr/local/apache2/htdocs/foo&gt;
&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
Require all granted
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
AuthName "DAV"
AuthUserFile "user.passwd"
&lt;LimitExcept GET POST OPTIONS&gt;
Require user admin
@ -159,9 +159,9 @@
will run the script, and one of which will allow it to be
downloaded and manipulated with DAV.</p>
<pre class="prettyprint lang-config">Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
&lt;Location /php-source&gt;
<pre class="prettyprint lang-config">Alias "/phparea" "/home/gstein/php_files"
Alias "/php-source" "/home/gstein/php_files"
&lt;Location "/php-source"&gt;
Dav On
ForceType text/plain
&lt;/Location&gt;</pre>
@ -185,7 +185,7 @@ Alias /php-source /home/gstein/php_files
<p>Use the <code class="directive">Dav</code> directive to enable the
WebDAV HTTP methods for the given container:</p>
<pre class="prettyprint lang-config">&lt;Location /foo&gt;
<pre class="prettyprint lang-config">&lt;Location "/foo"&gt;
Dav On
&lt;/Location&gt;</pre>
@ -240,7 +240,7 @@ a DAV resource</td></tr>
(like 600 seconds) to reduce the chance of the client losing
the lock due to network latency.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /MSWord&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/MSWord"&gt;
DavMinTimeout 600
&lt;/Location&gt;</pre>
</div>

24
docs/manual/mod/mod_dav.xml
View File

@ -45,7 +45,9 @@
<p>To enable <module>mod_dav</module>, add the following to a
container in your <code>httpd.conf</code> file:</p>
<highlight language="config">Dav On</highlight>
<highlight language="config">
Dav On
</highlight>
<p>This enables the DAV file system provider, which is implemented
by the <module>mod_dav_fs</module> module. Therefore, that module
@ -58,7 +60,7 @@
directive:</p>
<highlight language="config">
DavLockDB /usr/local/apache2/var/DavLock
DavLockDB "/usr/local/apache2/var/DavLock"
</highlight>
<p>The directory containing the lock database file must be
@ -78,15 +80,15 @@
<example><title>Full Example</title>
<highlight language="config">
DavLockDB /usr/local/apache2/var/DavLock
DavLockDB "/usr/local/apache2/var/DavLock"
&lt;Directory /usr/local/apache2/htdocs/foo&gt;
&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
Require all granted
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
AuthName "DAV"
AuthUserFile "user.passwd"
&lt;LimitExcept GET POST OPTIONS&gt;
Require user admin
@ -149,9 +151,9 @@ DavLockDB /usr/local/apache2/var/DavLock
downloaded and manipulated with DAV.</p>
<highlight language="config">
Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
&lt;Location /php-source&gt;
Alias "/phparea" "/home/gstein/php_files"
Alias "/php-source" "/home/gstein/php_files"
&lt;Location "/php-source"&gt;
Dav On
ForceType text/plain
&lt;/Location&gt;
@ -175,7 +177,7 @@ Alias /php-source /home/gstein/php_files
WebDAV HTTP methods for the given container:</p>
<highlight language="config">
&lt;Location /foo&gt;
&lt;Location "/foo"&gt;
Dav On
&lt;/Location&gt;
</highlight>
@ -218,7 +220,7 @@ a DAV resource</description>
<example><title>Example</title>
<highlight language="config">
&lt;Location /MSWord&gt;
&lt;Location "/MSWord"&gt;
DavMinTimeout 600
&lt;/Location&gt;
</highlight>

4
docs/manual/mod/mod_session.html.en
View File

@ -273,9 +273,9 @@ SessionCookieName session path=/private;domain=example.com;httponly;secure;</pre
SessionCryptoPassphrase secret
SessionCookieName session path=/
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthName "realm"
#...</pre>
</div>

4
docs/manual/mod/mod_session.xml
View File

@ -261,9 +261,9 @@ Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthName "realm"
#...
</highlight>
</example>

40
docs/manual/ssl/ssl_howto.html.en
View File

@ -49,8 +49,8 @@ following directives.</p>
&lt;VirtualHost *:443&gt;
ServerName www.example.com
SSLEngine on
SSLCertificateFile /path/to/www.example.com.cert
SSLCertificateKeyFile /path/to/www.example.com.key
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
&lt;/VirtualHost&gt;</pre>
@ -93,7 +93,7 @@ URL?</a></h3>
<pre class="prettyprint lang-config"># be liberal in general
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
&lt;Location /strong/area&gt;
&lt;Location "/strong/area"&gt;
# but https://hostname/strong/area/ and below
# requires strong ciphers
SSLCipherSuite HIGH:!aNULL:!MD5
@ -264,7 +264,7 @@ Intranet website, for clients coming from the Internet?</a></li>
# signed by our CA certificate in ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
SSLCACertificateFile "conf/ssl.crt/ca.crt"</pre>
@ -277,9 +277,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>:</p>
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
&lt;Location /secure/area&gt;
&lt;Location "/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 1
&lt;/Location&gt;</pre>
@ -303,10 +303,10 @@ SSLVerifyDepth 1
clients allowed, as follows:</p>
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@ -314,7 +314,7 @@ SSLCACertificatePath conf/ssl.crt
AuthName "Snake Oil Authentication"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
AuthUserFile "/usr/local/apache2/conf/httpd.passwd"
Require valid-user
&lt;/Directory&gt;</pre>
@ -332,10 +332,10 @@ SSLCACertificatePath conf/ssl.crt
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@ -358,14 +358,14 @@ plain HTTP access for clients on the Intranet.</a></h3>
This configuration should remain outside of your HTTPS virtual host, so
that it applies to both HTTPS and HTTP.</p>
<pre class="prettyprint lang-config">SSLCACertificateFile conf/ssl.crt/company-ca.crt
<pre class="prettyprint lang-config">SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
&lt;Directory /usr/local/apache2/htdocs&gt;
&lt;Directory "/usr/local/apache2/htdocs"&gt;
# Outside the subarea only Intranet access is granted
Require ip 192.168.1.0/24
&lt;/Directory&gt;
&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
# Inside the subarea any Intranet access is allowed
# but from the Internet only HTTPS + Strong-Cipher + Password
# or the alternative HTTPS + Strong-Cipher + Client-Certificate
@ -379,9 +379,9 @@ plain HTTP access for clients on the Intranet.</a></h3>
# Force clients from the Internet to use HTTPS
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond %{HTTPS} !=on
RewriteRule . - [F]
RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
RewriteCond "%{HTTPS}" "!=on"
RewriteRule "." "-" [F]
# Allow Network Access and/or Basic Auth
Satisfy any
@ -393,7 +393,7 @@ plain HTTP access for clients on the Intranet.</a></h3>
AuthType basic
AuthName "Protected Intranet Area"
AuthBasicProvider file
AuthUserFile conf/protected.passwd
AuthUserFile "conf/protected.passwd"
Require valid-user
&lt;/Directory&gt;</pre>

41
docs/manual/ssl/ssl_howto.xml
View File

@ -44,8 +44,8 @@ Listen 443
&lt;VirtualHost *:443&gt;
ServerName www.example.com
SSLEngine on
SSLCertificateFile /path/to/www.example.com.cert
SSLCertificateKeyFile /path/to/www.example.com.key
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
&lt;/VirtualHost&gt;
</highlight>
@ -92,7 +92,7 @@ URL?</title>
# be liberal in general
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
&lt;Location /strong/area&gt;
&lt;Location "/strong/area"&gt;
# but https://hostname/strong/area/ and below
# requires strong ciphers
SSLCipherSuite HIGH:!aNULL:!MD5
@ -274,7 +274,7 @@ Intranet website, for clients coming from the Internet?</a></li>
# signed by our CA certificate in ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
</highlight>
</section>
@ -288,9 +288,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
&lt;Location /secure/area&gt;
&lt;Location "/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 1
&lt;/Location&gt;
@ -315,10 +315,10 @@ SSLVerifyDepth 1
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@ -326,7 +326,7 @@ SSLCACertificatePath conf/ssl.crt
AuthName "Snake Oil Authentication"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
AuthUserFile "/usr/local/apache2/conf/httpd.passwd"
Require valid-user
&lt;/Directory&gt;
</highlight>
@ -348,10 +348,10 @@ SSLCACertificatePath conf/ssl.crt
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@ -375,14 +375,14 @@ plain HTTP access for clients on the Intranet.</title>
that it applies to both HTTPS and HTTP.</p>
<highlight language="config">
SSLCACertificateFile conf/ssl.crt/company-ca.crt
SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
&lt;Directory /usr/local/apache2/htdocs&gt;
&lt;Directory "/usr/local/apache2/htdocs"&gt;
# Outside the subarea only Intranet access is granted
Require ip 192.168.1.0/24
&lt;/Directory&gt;
&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
# Inside the subarea any Intranet access is allowed
# but from the Internet only HTTPS + Strong-Cipher + Password
# or the alternative HTTPS + Strong-Cipher + Client-Certificate
@ -396,9 +396,9 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
# Force clients from the Internet to use HTTPS
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond %{HTTPS} !=on
RewriteRule . - [F]
RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
RewriteCond "%{HTTPS}" "!=on"
RewriteRule "." "-" [F]
# Allow Network Access and/or Basic Auth
Satisfy any
@ -410,7 +410,7 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
AuthType basic
AuthName "Protected Intranet Area"
AuthBasicProvider file
AuthUserFile conf/protected.passwd
AuthUserFile "conf/protected.passwd"
Require valid-user
&lt;/Directory&gt;
</highlight>
@ -430,4 +430,3 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
</section>
</manualpage>