www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Following up on BZ 53530.. putting quotation marks around

Browse Source 
arbitrary-text, complex, and/or filesystem directive arguments.
More to do..


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1673582 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ken Coar
2015-04-14 23:35:26 +00:00
parent d0fef61ba3
commit a90c8fdafb
28 changed files with 340 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/manual/howto/auth.html.en
View File

@@ -213,13 +213,13 @@ module from each group.</p>
following directives, either placed in the file
<code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
placed in <code>httpd.conf</code> inside a &lt;Directory
/usr/local/apache/htdocs/secret&gt; section.</p>
"/usr/local/apache/htdocs/secret"&gt; section.</p>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user rbowen</pre>
@@ -315,8 +315,8 @@ person in</a></h2>
AuthName "By Invitation Only"
# Optional line:
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName</pre>
@@ -375,11 +375,11 @@ Require group GroupName</pre>
<p>To select a dbm file rather than a text file, for example:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider dbm
AuthDBMUserFile /www/passwords/passwd.dbm
AuthDBMUserFile "/www/passwords/passwd.dbm"
Require valid-user
&lt;/Directory&gt;</pre>
@@ -397,11 +397,11 @@ Require group GroupName</pre>
scheme that meets your needs. In the following example, both the
file and LDAP based authentication providers are being used.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
Require valid-user
&lt;/Directory&gt;</pre>
@@ -420,13 +420,13 @@ Require group GroupName</pre>
authorization methods can also be used. In this example both file group
authorization as well as LDAP group authorization is being used.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
AuthGroupFile /usr/local/apache/passwd/groups
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
Require ldap-group cn=mygroup,o=yourorg
&lt;/Directory&gt;</pre>

22
docs/manual/howto/auth.xml
View File

@@ -197,14 +197,14 @@ module from each group.</p>
following directives, either placed in the file
<code>/usr/local/apache/htdocs/secret/.htaccess</code>, or
placed in <code>httpd.conf</code> inside a &lt;Directory
/usr/local/apache/htdocs/secret&gt; section.</p>
"/usr/local/apache/htdocs/secret"&gt; section.</p>
<highlight language="config">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user rbowen
</highlight>
@@ -309,8 +309,8 @@ AuthType Basic
AuthName "By Invitation Only"
# Optional line:
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
</highlight>
@@ -370,11 +370,11 @@ Require group GroupName
<p>To select a dbm file rather than a text file, for example:</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider dbm
AuthDBMUserFile /www/passwords/passwd.dbm
AuthDBMUserFile "/www/passwords/passwd.dbm"
Require valid-user
&lt;/Directory&gt;
</highlight>
@@ -393,11 +393,11 @@ Require group GroupName
file and LDAP based authentication providers are being used.</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
Require valid-user
&lt;/Directory&gt;
@@ -417,13 +417,13 @@ Require group GroupName
authorization as well as LDAP group authorization is being used.</p>
<highlight language="config">
&lt;Directory /www/docs/private&gt;
&lt;Directory "/www/docs/private"&gt;
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
AuthLDAPURL ldap://ldaphost/o=yourorg
AuthGroupFile /usr/local/apache/passwd/groups
AuthGroupFile "/usr/local/apache/passwd/groups"
Require group GroupName
Require ldap-group cn=mygroup,o=yourorg
&lt;/Directory&gt;

28
docs/manual/howto/htaccess.html.en
View File

@@ -66,7 +66,7 @@ changes on a per-directory basis.</p>
if you would rather call the file <code>.config</code> then you
can put the following in your server configuration file:</p>
<pre class="prettyprint lang-config">AccessFileName .config</pre>
<pre class="prettyprint lang-config">AccessFileName ".config"</pre>
</div>
@@ -188,18 +188,18 @@ changes on a per-directory basis.</p>
<p>Note that it is completely equivalent to put a <code>.htaccess</code>
file in a directory <code>/www/htdocs/example</code> containing a
directive, and to put that same directive in a Directory section
<code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
<code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<div class="example"><h3>Contents of .htaccess file in
<code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example .exm</pre>
<code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example ".exm"</pre>
</div>
<div class="example"><h3>Section from your <code>httpd.conf</code>
file</h3><pre class="prettyprint lang-config">&lt;Directory /www/htdocs/example&gt;
AddType text/example .exm
file</h3><pre class="prettyprint lang-config">&lt;Directory "/www/htdocs/example"&gt;
AddType text/example ".exm"
&lt;/Directory&gt;</pre>
</div>
@@ -265,11 +265,11 @@ changes on a per-directory basis.</p>
prevent script execution while allowing anything else to be set in
<code>.htaccess</code> you can use:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/htdocs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/htdocs"&gt;
AllowOverride All
&lt;/Directory&gt;
&lt;Location /&gt;
&lt;Location "/"&gt;
Options +IncludesNoExec -ExecCGI<br />
&lt;/Location&gt;</pre>
@@ -300,8 +300,8 @@ changes on a per-directory basis.</p>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
AuthUserFile "/www/passwords/password.file"
AuthGroupFile "/www/passwords/group.file"
Require group admins</pre>
@@ -320,7 +320,7 @@ Require group admins</pre>
<code>.htaccess</code> file in the desired directory:</p>
<pre class="prettyprint lang-config">Options +Includes
AddType text/html shtml
AddType text/html "shtml"
AddHandler server-parsed shtml</pre>
@@ -340,13 +340,13 @@ the current directory, rather than being the original requested URI.
Consider the following examples:</p>
<pre class="prettyprint lang-config"># In httpd.conf
RewriteRule ^/images/(.+)\.jpg /images/$1.png
RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
# In .htaccess in root dir
RewriteRule ^images/(.+)\.jpg images/$1.png
RewriteRule "^images/(.+)\.jpg" "images/$1.png"
# In .htaccess in images/
RewriteRule ^(.+)\.jpg $1.png</pre>
RewriteRule "^(.+)\.jpg" "$1.png"</pre>
<p>In a <code>.htaccess</code> in your document directory, the leading
@@ -367,7 +367,7 @@ further details on using <code>mod_rewrite</code>.</p>
implemented with the following configuration:</p>
<pre class="prettyprint lang-config">Options +ExecCGI
AddHandler cgi-script cgi pl</pre>
AddHandler cgi-script "cgi" "pl"</pre>
<p>Alternately, if you wish to have all files in the given directory be

44
docs/manual/howto/htaccess.xml
View File

@@ -77,7 +77,9 @@ changes on a per-directory basis.</p>
if you would rather call the file <code>.config</code> then you
can put the following in your server configuration file:</p>
<highlight language="config">AccessFileName .config</highlight>
<highlight language="config">
AccessFileName ".config"
</highlight>
</note>
<p>In general, <code>.htaccess</code> files use the same syntax as
@@ -209,21 +211,23 @@ changes on a per-directory basis.</p>
<p>Note that it is completely equivalent to put a <code>.htaccess</code>
file in a directory <code>/www/htdocs/example</code> containing a
directive, and to put that same directive in a Directory section
<code>&lt;Directory /www/htdocs/example&gt;</code> in your main server
<code>&lt;Directory "/www/htdocs/example"&gt;</code> in your main server
configuration:</p>
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<example><title>Contents of .htaccess file in
<code>/www/htdocs/example</code></title>
<highlight language="config">AddType text/example .exm</highlight>
<highlight language="config">
AddType text/example ".exm"
</highlight>
</example>
<example><title>Section from your <code>httpd.conf</code>
file</title>
<highlight language="config">
&lt;Directory /www/htdocs/example&gt;
AddType text/example .exm
&lt;Directory "/www/htdocs/example"&gt;
AddType text/example ".exm"
&lt;/Directory&gt;
</highlight>
</example>
@@ -237,7 +241,9 @@ changes on a per-directory basis.</p>
by setting the <directive module="core">AllowOverride</directive>
directive to <code>none</code>:</p>
<highlight language="config">AllowOverride None</highlight>
<highlight language="config">
AllowOverride None
</highlight>
</section>
<section id="how"><title>How directives are applied</title>
@@ -258,7 +264,9 @@ changes on a per-directory basis.</p>
<p>In the directory <code>/www/htdocs/example1</code> we have a
<code>.htaccess</code> file containing the following:</p>
<highlight language="config">Options +ExecCGI</highlight>
<highlight language="config">
Options +ExecCGI
</highlight>
<p>(Note: you must have "<code>AllowOverride Options</code>" in effect
to permit the use of the "<directive
@@ -268,7 +276,9 @@ changes on a per-directory basis.</p>
<p>In the directory <code>/www/htdocs/example1/example2</code> we have
a <code>.htaccess</code> file containing:</p>
<highlight language="config">Options Includes</highlight>
<highlight language="config">
Options Includes
</highlight>
<p>Because of this second <code>.htaccess</code> file, in the directory
<code>/www/htdocs/example1/example2</code>, CGI execution is not
@@ -292,11 +302,11 @@ changes on a per-directory basis.</p>
<code>.htaccess</code> you can use:</p>
<highlight language="config">
&lt;Directory /www/htdocs&gt;
&lt;Directory "/www/htdocs"&gt;
AllowOverride All
&lt;/Directory&gt;
&lt;Location /&gt;
&lt;Location "/"&gt;
Options +IncludesNoExec -ExecCGI<br />
&lt;/Location&gt;
</highlight>
@@ -330,8 +340,8 @@ changes on a per-directory basis.</p>
<highlight language="config">
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
AuthUserFile "/www/passwords/password.file"
AuthGroupFile "/www/passwords/group.file"
Require group admins
</highlight>
@@ -351,7 +361,7 @@ Require group admins
<highlight language="config">
Options +Includes
AddType text/html shtml
AddType text/html "shtml"
AddHandler server-parsed shtml
</highlight>
@@ -372,13 +382,13 @@ Consider the following examples:</p>
<highlight language="config">
# In httpd.conf
RewriteRule ^/images/(.+)\.jpg /images/$1.png
RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
# In .htaccess in root dir
RewriteRule ^images/(.+)\.jpg images/$1.png
RewriteRule "^images/(.+)\.jpg" "images/$1.png"
# In .htaccess in images/
RewriteRule ^(.+)\.jpg $1.png
RewriteRule "^(.+)\.jpg" "$1.png"
</highlight>
<p>In a <code>.htaccess</code> in your document directory, the leading
@@ -401,7 +411,7 @@ further details on using <code>mod_rewrite</code>.</p>
<highlight language="config">
Options +ExecCGI
AddHandler cgi-script cgi pl
AddHandler cgi-script "cgi" "pl"
</highlight>
<p>Alternately, if you wish to have all files in the given directory be

16
docs/manual/mod/mod_auth_basic.html.en
View File

@@ -111,7 +111,7 @@ username and password</td></tr>
<p>In this example, we pass a fixed username and password to a
backend server.</p>
<div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location /demo&gt;
<div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location "/demo"&gt;
AuthBasicFake demo demopass
&lt;/Location&gt;</pre>
</div>
@@ -122,8 +122,8 @@ username and password</td></tr>
directive. Like the FakeBasicAuth option, the password is set to the
fixed string "password".</p>
<div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email}
<div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
&lt;/Location&gt;</pre>
</div>
@@ -132,12 +132,12 @@ username and password</td></tr>
backend server. This can be used to gate into legacy systems that do
not support client certificates.</p>
<div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
<div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
&lt;/Location&gt;</pre>
</div>
<div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location /public&gt;
<div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location "/public"&gt;
AuthBasicFake off
&lt;/Location&gt;</pre>
</div>
@@ -161,12 +161,12 @@ username and password</td></tr>
The default <code>file</code> provider is implemented
by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
that the chosen provider module is present in the server.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /secure&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
&lt;/Location&gt;</pre>
</div>

16
docs/manual/mod/mod_auth_basic.xml
View File

@@ -60,12 +60,12 @@
that the chosen provider module is present in the server.</p>
<example><title>Example</title>
<highlight language="config">
&lt;Location /secure&gt;
&lt;Location "/secure"&gt;
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
&lt;/Location&gt;
</highlight>
@@ -136,7 +136,7 @@ username and password</description>
<example><title>Fixed Example</title>
<highlight language="config">
&lt;Location /demo&gt;
&lt;Location "/demo"&gt;
AuthBasicFake demo demopass
&lt;/Location&gt;
</highlight>
@@ -150,8 +150,8 @@ username and password</description>
<example><title>Certificate Example</title>
<highlight language="config">
&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email}
&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}"
&lt;/Location&gt;
</highlight>
</example>
@@ -163,15 +163,15 @@ username and password</description>
<example><title>Password Example</title>
<highlight language="config">
&lt;Location /secure&gt;
AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
&lt;Location "/secure"&gt;
AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}"
&lt;/Location&gt;
</highlight>
</example>
<example><title>Exclusion Example</title>
<highlight language="config">
&lt;Location /public&gt;
&lt;Location "/public"&gt;
AuthBasicFake off
&lt;/Location&gt;
</highlight>

6
docs/manual/mod/mod_auth_digest.html.en
View File

@@ -83,13 +83,13 @@
<p>Appropriate user (text) files can be created using the
<code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
<div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location /private/&gt;
<div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
&lt;/Location&gt;</pre>
</div>

6
docs/manual/mod/mod_auth_digest.xml
View File

@@ -64,13 +64,13 @@
<example><title>Example:</title>
<highlight language="config">
&lt;Location /private/&gt;
&lt;Location "/private/"&gt;
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
&lt;/Location&gt;
</highlight>

28
docs/manual/mod/mod_auth_form.html.en
View File

@@ -108,10 +108,10 @@
the user will be redirected to the form login page.</p>
<div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@@ -159,12 +159,12 @@ SessionCryptoPassphrase secret</pre>
The action of the form should point at this handler, which is configured within
Apache httpd as follows:</p>
<div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location /dologin.html&gt;
<div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location "/dologin.html"&gt;
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginSuccessLocation http://example.com/success.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
AuthFormLoginSuccessLocation "http://example.com/success.html"
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
Session On
@@ -221,11 +221,11 @@ SessionCryptoPassphrase secret</pre>
containing the login form, as follows:</p>
<div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file
ErrorDocument 401 /login.shtml
AuthUserFile conf/passwd
ErrorDocument 401 "/login.shtml"
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@@ -291,7 +291,7 @@ SessionCryptoPassphrase secret</pre>
technology.</p>
<div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config"> AuthFormProvider file
ErrorDocument 401 /cgi-bin/login.cgi
ErrorDocument 401 "/cgi-bin/login.cgi"
...</pre>
</div>
@@ -312,7 +312,7 @@ SessionCryptoPassphrase secret</pre>
<div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
AuthName realm
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret</pre>
@@ -327,7 +327,7 @@ SessionCryptoPassphrase secret</pre>
</p>
<div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionMaxAge 1
SessionCookieName session path=/
@@ -515,7 +515,7 @@ parser has been added in 2.4.4.</td></tr>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /logout&gt;
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session on
#...
&lt;/Location&gt;</pre>
@@ -613,7 +613,7 @@ parser has been added in 2.4.4.</td></tr>
AuthName "private area"
AuthFormProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
#...
&lt;/Location&gt;</pre>

28
docs/manual/mod/mod_auth_form.xml
View File

@@ -76,10 +76,10 @@
<example><title>Basic example</title>
<highlight language="config">
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@@ -133,12 +133,12 @@ SessionCryptoPassphrase secret
<example><title>Form login handler example</title>
<highlight language="config">
&lt;Location /dologin.html&gt;
&lt;Location "/dologin.html"&gt;
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginSuccessLocation http://example.com/success.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
AuthFormLoginSuccessLocation "http://example.com/success.html"
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
Session On
@@ -201,11 +201,11 @@ SessionCryptoPassphrase secret
<example><title>Basic inline example</title>
<highlight language="config">
AuthFormProvider file
ErrorDocument 401 /login.shtml
AuthUserFile conf/passwd
ErrorDocument 401 "/login.shtml"
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginRequiredLocation "http://example.com/login.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@@ -280,7 +280,7 @@ SessionCryptoPassphrase secret
<example><title>CGI example</title>
<highlight language="config">
AuthFormProvider file
ErrorDocument 401 /cgi-bin/login.cgi
ErrorDocument 401 "/cgi-bin/login.cgi"
...
</highlight>
</example>
@@ -304,7 +304,7 @@ SessionCryptoPassphrase secret
<highlight language="config">
SetHandler form-logout-handler
AuthName realm
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
@@ -322,7 +322,7 @@ SessionCryptoPassphrase secret
<example><title>Basic session expiry example</title>
<highlight language="config">
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session On
SessionMaxAge 1
SessionCookieName session path=/
@@ -363,7 +363,7 @@ SessionCryptoPassphrase secret
AuthName "private area"
AuthFormProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
AuthDBMUserFile "/www/etc/dbmpasswd"
Require valid-user
#...
&lt;/Location&gt;
@@ -636,7 +636,7 @@ parser has been added in 2.4.4.</compatibility>
<highlight language="config">
&lt;Location /logout&gt;
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
AuthFormLogoutLocation "http://example.com/loggedout.html"
Session on
#...
&lt;/Location&gt;

4
docs/manual/mod/mod_authn_anon.html.en
View File

@@ -93,11 +93,11 @@
(<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
</ul>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory /var/www/html/private&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory "/var/www/html/private"&gt;
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd
AuthUserFile "/path/to/your/.htpasswd"
Anonymous_NoUserID off
Anonymous_MustGiveEmail on

4
docs/manual/mod/mod_authn_anon.xml
View File

@@ -81,11 +81,11 @@
<example><title>Example</title>
<highlight language="config">
&lt;Directory /var/www/html/private&gt;
&lt;Directory "/var/www/html/private"&gt;
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd
AuthUserFile "/path/to/your/.htpasswd"
Anonymous_NoUserID off
Anonymous_MustGiveEmail on

24
docs/manual/mod/mod_authn_core.html.en
View File

@@ -70,15 +70,15 @@
<div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config"># Check here first
&lt;AuthnProviderAlias file file1&gt;
AuthUserFile /www/conf/passwords1
AuthUserFile "/www/conf/passwords1"
&lt;/AuthnProviderAlias&gt;
# Then check here
&lt;AuthnProviderAlias file file2&gt;
AuthUserFile /www/conf/passwords2
AuthUserFile "/www/conf/passwords2"
&lt;/AuthnProviderAlias&gt;
&lt;Directory /var/web/pages/secure&gt;
&lt;Directory "/var/web/pages/secure"&gt;
AuthBasicProvider file1 file2
AuthType Basic
@@ -93,18 +93,18 @@
hosts:</p>
<div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config">&lt;AuthnProviderAlias ldap ldap-alias1&gt;
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthnProviderAlias&gt;
&lt;AuthnProviderAlias ldap ldap-other-alias&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthnProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Order deny,allow
Allow from all
@@ -220,15 +220,15 @@ the specified alias</td></tr>
in the following example, clients may access the
<code>/www/docs/public</code> directory without authenticating:</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require valid-user
&lt;/Directory&gt;
&lt;Directory /www/docs/public&gt;
&lt;Directory "/www/docs/public"&gt;
AuthType None
Require all granted
&lt;/Directory&gt;</pre>

24
docs/manual/mod/mod_authn_core.xml
View File

@@ -57,15 +57,15 @@
<highlight language="config">
# Check here first
&lt;AuthnProviderAlias file file1&gt;
AuthUserFile /www/conf/passwords1
AuthUserFile "/www/conf/passwords1"
&lt;/AuthnProviderAlias&gt;
# Then check here
&lt;AuthnProviderAlias file file2&gt;
AuthUserFile /www/conf/passwords2
AuthUserFile "/www/conf/passwords2"
&lt;/AuthnProviderAlias&gt;
&lt;Directory /var/web/pages/secure&gt;
&lt;Directory "/var/web/pages/secure"&gt;
AuthBasicProvider file1 file2
AuthType Basic
@@ -83,18 +83,18 @@
<example><title>Checking multiple LDAP servers</title>
<highlight language="config">
&lt;AuthnProviderAlias ldap ldap-alias1&gt;
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthnProviderAlias&gt;
&lt;AuthnProviderAlias ldap ldap-other-alias&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthnProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Order deny,allow
Allow from all
@@ -194,15 +194,15 @@ authentication</description>
<code>/www/docs/public</code> directory without authenticating:</p>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require valid-user
&lt;/Directory&gt;
&lt;Directory /www/docs/public&gt;
&lt;Directory "/www/docs/public"&gt;
AuthType None
Require all granted
&lt;/Directory&gt;

14
docs/manual/mod/mod_authnz_ldap.html.en
View File

@@ -482,7 +482,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone with
the attribute employeeType = active</p>
<pre class="prettyprint lang-config">Require ldap-attribute employeeType=active</pre>
<pre class="prettyprint lang-config">Require ldap-attribute "employeeType=active"</pre>
<p>Multiple attribute/value pairs can be specified on the same line
@@ -496,7 +496,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone with
the city attribute equal to "San Jose" or status equal to "Active"</p>
<pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" status=active</pre>
<pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" "status=active"</pre>
@@ -511,7 +511,7 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to anyone having a cell phone
and is in the marketing department</p>
<pre class="prettyprint lang-config">Require ldap-filter &amp;(cell=*)(department=marketing)</pre>
<pre class="prettyprint lang-config">Require ldap-filter "&amp;(cell=*)(department=marketing)"</pre>
<p>The difference between the <code>Require ldap-filter</code> directive and the
@@ -526,8 +526,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
must be taken to ensure that LDAP filters are escaped correctly to guard against
LDAP injection. The ldap function can be used for this purpose.</p>
<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
&lt;/LocationMatch&gt;</pre>
@@ -543,8 +543,8 @@ AuthLDAPMaxSubGroupDepth 1</pre>
<p>The following directive would grant access to URLs that match the given objects in the
LDAP server:</p>
<pre class="prettyprint lang-config">&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
<pre class="prettyprint lang-config">&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
&lt;/LocationMatch&gt;</pre>

32
docs/manual/mod/mod_authnz_ldap.xml
View File

@@ -364,7 +364,9 @@ Require ldap-user "Joe Manager"
<p>If the <code>uid</code> attribute was used instead of the
<code>cn</code> attribute in the URL above, the above three lines
could be condensed to</p>
<highlight language="config">Require ldap-user bjenson fuser jmanager</highlight>
<highlight language="config">
Require ldap-user bjenson fuser jmanager
</highlight>
</section>
<section id="reqgroup"><title>Require ldap-group</title>
@@ -383,7 +385,9 @@ uniqueMember: cn=Fred User, o=Example
<p>The following directive would grant access to both Fred and
Barbara:</p>
<highlight language="config">Require ldap-group cn=Administrators, o=Example</highlight>
<highlight language="config">
Require ldap-group cn=Administrators, o=Example
</highlight>
<p>Members can also be found within sub-groups of a specified LDAP group
if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>
@@ -448,7 +452,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to a specific
DN:</p>
<highlight language="config">Require ldap-dn cn=Barbara Jenson, o=Example</highlight>
<highlight language="config">
Require ldap-dn cn=Barbara Jenson, o=Example
</highlight>
<p>Behavior of this directive is modified by the <directive
module="mod_authnz_ldap">AuthLDAPCompareDNOnServer</directive>
@@ -465,7 +471,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone with
the attribute employeeType = active</p>
<highlight language="config">Require ldap-attribute employeeType=active</highlight>
<highlight language="config">
Require ldap-attribute "employeeType=active"
</highlight>
<p>Multiple attribute/value pairs can be specified on the same line
separated by spaces or they can be specified in multiple
@@ -478,7 +486,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone with
the city attribute equal to "San Jose" or status equal to "Active"</p>
<highlight language="config">Require ldap-attribute city="San Jose" status=active</highlight>
<highlight language="config">
Require ldap-attribute city="San Jose" "status=active"
</highlight>
</section>
@@ -492,7 +502,9 @@ AuthLDAPMaxSubGroupDepth 1
<p>The following directive would grant access to anyone having a cell phone
and is in the marketing department</p>
<highlight language="config">Require ldap-filter &amp;(cell=*)(department=marketing)</highlight>
<highlight language="config">
Require ldap-filter "&amp;(cell=*)(department=marketing)"
</highlight>
<p>The difference between the <code>Require ldap-filter</code> directive and the
<code>Require ldap-attribute</code> directive is that <code>ldap-filter</code>
@@ -507,8 +519,8 @@ AuthLDAPMaxSubGroupDepth 1
LDAP injection. The ldap function can be used for this purpose.</p>
<highlight language="config">
&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)
&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)"
&lt;/LocationMatch&gt;
</highlight>
@@ -525,8 +537,8 @@ AuthLDAPMaxSubGroupDepth 1
LDAP server:</p>
<highlight language="config">
&lt;LocationMatch ^/dav/(?&lt;SITENAME&gt;[^/]+)/&gt;
Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
&lt;LocationMatch "^/dav/(?&lt;SITENAME&gt;[^/]+)/"&gt;
Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)"
&lt;/LocationMatch&gt;
</highlight>

40
docs/manual/mod/mod_authz_core.html.en
View File

@@ -83,13 +83,13 @@
not belong to either the <code>temps</code> group or the
LDAP group <code>Temporary Employees</code>.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/mydocs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/mydocs"&gt;
&lt;RequireAll&gt;
&lt;RequireAny&gt;
Require user superadmin
&lt;RequireAll&gt;
Require group admins
Require ldap-group cn=Administrators,o=Airius
Require ldap-group "cn=Administrators,o=Airius"
&lt;RequireAny&gt;
Require group sales
Require ldap-attribute dept="sales"
@@ -98,7 +98,7 @@
&lt;/RequireAny&gt;
&lt;RequireNone&gt;
Require group temps
Require ldap-group cn=Temporary Employees,o=Airius
Require ldap-group "cn=Temporary Employees,o=Airius"
&lt;/RequireNone&gt;
&lt;/RequireAll&gt;
&lt;/Directory&gt;</pre>
@@ -125,8 +125,8 @@
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
<pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
&lt;Directory /docroot&gt;
<pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
&lt;Directory "/docroot"&gt;
Require env let_me_in
&lt;/Directory&gt;</pre>
@@ -235,20 +235,20 @@
multiple ldap hosts:
</p>
<pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
AuthLDAPBindDN cn=youruser,o=ctx
<pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthzProviderAlias&gt;
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthzProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Require all granted
AuthBasicProvider file
@@ -312,20 +312,20 @@ sections.</td></tr>
preceding sections. Thus only users belong to the group
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require group alpha
&lt;/Directory&gt;
&lt;Directory /www/docs/ab&gt;
&lt;Directory "/www/docs/ab"&gt;
AuthMerging Or
Require group beta
&lt;/Directory&gt;
&lt;Directory /www/docs/ab/gamma&gt;
&lt;Directory "/www/docs/ab/gamma"&gt;
Require group gamma
&lt;/Directory&gt;</pre>
@@ -454,8 +454,8 @@ an authorization provider.</td></tr>
<pre class="prettyprint lang-config">AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
AuthUserFile "/web/users"
AuthGroupFile "/web/groups"
Require group admin</pre>
@@ -479,7 +479,7 @@ Require group admin</pre>
and <code>beta</code> groups are authorized, except for those who
are also in the <code>reject</code> group.</p>
<pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
<pre class="prettyprint lang-config">&lt;Directory "/www/docs"&gt;
&lt;RequireAll&gt;
Require group alpha beta
Require not group reject

40
docs/manual/mod/mod_authz_core.xml
View File

@@ -63,13 +63,13 @@
LDAP group <code>Temporary Employees</code>.</p>
<highlight language="config">
&lt;Directory /www/mydocs&gt;
&lt;Directory "/www/mydocs"&gt;
&lt;RequireAll&gt;
&lt;RequireAny&gt;
Require user superadmin
&lt;RequireAll&gt;
Require group admins
Require ldap-group cn=Administrators,o=Airius
Require ldap-group "cn=Administrators,o=Airius"
&lt;RequireAny&gt;
Require group sales
Require ldap-attribute dept="sales"
@@ -78,7 +78,7 @@
&lt;/RequireAny&gt;
&lt;RequireNone&gt;
Require group temps
Require ldap-group cn=Temporary Employees,o=Airius
Require ldap-group "cn=Temporary Employees,o=Airius"
&lt;/RequireNone&gt;
&lt;/RequireAll&gt;
&lt;/Directory&gt;
@@ -107,8 +107,8 @@
other HTTP request header fields.</p>
<highlight language="config">
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
&lt;Directory /docroot&gt;
SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in
&lt;Directory "/docroot"&gt;
Require env let_me_in
&lt;/Directory&gt;
</highlight>
@@ -227,20 +227,20 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
</p>
<highlight language="config">
&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
AuthLDAPBindDN cn=youruser,o=ctx
&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;
AuthLDAPBindDN "cn=youruser,o=ctx"
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
AuthLDAPURL "ldap://ldap.host/o=ctx"
&lt;/AuthzProviderAlias&gt;
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev&gt;
AuthLDAPBindDN cn=yourotheruser,o=dev
&lt;AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"&gt;
AuthLDAPBindDN "cn=yourotheruser,o=dev"
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
&lt;/AuthzProviderAlias&gt;
Alias /secure /webpages/secure
&lt;Directory /webpages/secure&gt;
Alias "/secure" "/webpages/secure"
&lt;Directory "/webpages/secure"&gt;
Require all granted
AuthBasicProvider file
@@ -337,8 +337,8 @@ an authorization provider.</description>
AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
AuthUserFile "/web/users"
AuthGroupFile "/web/groups"
Require group admin
</highlight>
@@ -363,7 +363,7 @@ Require group admin
are also in the <code>reject</code> group.</p>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
&lt;RequireAll&gt;
Require group alpha beta
Require not group reject
@@ -561,20 +561,20 @@ sections.</description>
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</note>
<highlight language="config">
&lt;Directory /www/docs&gt;
&lt;Directory "/www/docs"&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthUserFile "/usr/local/apache/passwd/passwords"
Require group alpha
&lt;/Directory&gt;
&lt;Directory /www/docs/ab&gt;
&lt;Directory "/www/docs/ab"&gt;
AuthMerging Or
Require group beta
&lt;/Directory&gt;
&lt;Directory /www/docs/ab/gamma&gt;
&lt;Directory "/www/docs/ab/gamma"&gt;
Require group gamma
&lt;/Directory&gt;
</highlight>

16
docs/manual/mod/mod_authz_dbm.html.en
View File

@@ -88,16 +88,16 @@
<div class="section">
<h2><a name="examples" id="examples">Example usage</a></h2>
<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
instead of <code>group</code>:</em>
</p>
<pre class="prettyprint lang-config">&lt;Directory "/foo/bar"&gt;
AuthType Basic
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require dbm-group admin
AuthBasicProvider dbm
AuthDBMUserFile "site/data/users"
AuthDBMGroupFile "site/data/users"
Require dbm-group admin
&lt;/Directory&gt;</pre>
</div>
@@ -139,8 +139,8 @@ of user groups for authorization</td></tr>
accomplished by first setting the group and password files to
point to the same DBM:</p>
<pre class="prettyprint lang-config">AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase</pre>
<pre class="prettyprint lang-config">AuthDBMGroupFile "/www/userbase"
AuthDBMUserFile "/www/userbase"</pre>
<p>The key for the single DBM is the username. The value consists

16
docs/manual/mod/mod_authz_dbm.xml
View File

@@ -73,17 +73,17 @@
<section id="examples">
<title>Example usage</title>
<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
instead of <code>group</code>:</em>
</p>
<highlight language="config">
&lt;Directory "/foo/bar"&gt;
AuthType Basic
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider dbm
AuthDBMUserFile site/data/users
AuthDBMGroupFile site/data/users
Require dbm-group admin
AuthBasicProvider dbm
AuthDBMUserFile "site/data/users"
AuthDBMGroupFile "site/data/users"
Require dbm-group admin
&lt;/Directory&gt;
</highlight>
</section>
@@ -126,8 +126,8 @@ of user groups for authorization</description>
point to the same DBM:</p>
<highlight language="config">
AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase
AuthDBMGroupFile "/www/userbase"
AuthDBMUserFile "/www/userbase"
</highlight>
<p>The key for the single DBM is the username. The value consists

16
docs/manual/mod/mod_authz_owner.html.en
View File

@@ -96,11 +96,11 @@
files in <code>/home/smith/public_html/private</code> unless they
were owned by <code>jones</code> instead of <code>smith</code>.</p>
<pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/private&gt;
<pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/private"&gt;
AuthType Basic
AuthName MyPrivateFiles
AuthName "MyPrivateFiles"
AuthBasicProvider dbm
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
Require file-owner
&lt;/Directory&gt;</pre>
@@ -118,15 +118,15 @@
authorized to access the <code>project-foo</code> directories of
each other.</p>
<pre class="prettyprint lang-config">&lt;Directory /home/*/public_html/project-foo&gt;
<pre class="prettyprint lang-config">&lt;Directory "/home/*/public_html/project-foo"&gt;
AuthType Basic
AuthName "Project Foo Files"
AuthBasicProvider dbm
# combined user/group database
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
Satisfy All
Require file-group
&lt;/Directory&gt;</pre>

16
docs/manual/mod/mod_authz_owner.xml
View File

@@ -85,11 +85,11 @@
were owned by <code>jones</code> instead of <code>smith</code>.</p>
<highlight language="config">
&lt;Directory /home/*/public_html/private&gt;
&lt;Directory "/home/*/public_html/private"&gt;
AuthType Basic
AuthName MyPrivateFiles
AuthName "MyPrivateFiles"
AuthBasicProvider dbm
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
Require file-owner
&lt;/Directory&gt;
</highlight>
@@ -109,15 +109,15 @@
each other.</p>
<highlight language="config">
&lt;Directory /home/*/public_html/project-foo&gt;
&lt;Directory "/home/*/public_html/project-foo"&gt;
AuthType Basic
AuthName "Project Foo Files"
AuthBasicProvider dbm
# combined user/group database
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all"
AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all"
Satisfy All
Require file-group
&lt;/Directory&gt;

20
docs/manual/mod/mod_dav.html.en
View File

@@ -78,7 +78,7 @@
file using the <code class="directive"><a href="../mod/mod_dav_fs.html#davlockdb">DavLockDB</a></code>
directive:</p>
<pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock</pre>
<pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"</pre>
<p>The directory containing the lock database file must be
@@ -93,15 +93,15 @@
directive. The "normal" <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> directive has no effect on DAV
requests.</p>
<div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock
<div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"
&lt;Directory /usr/local/apache2/htdocs/foo&gt;
&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
Require all granted
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
AuthName "DAV"
AuthUserFile "user.passwd"
&lt;LimitExcept GET POST OPTIONS&gt;
Require user admin
@@ -159,9 +159,9 @@
will run the script, and one of which will allow it to be
downloaded and manipulated with DAV.</p>
<pre class="prettyprint lang-config">Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
&lt;Location /php-source&gt;
<pre class="prettyprint lang-config">Alias "/phparea" "/home/gstein/php_files"
Alias "/php-source" "/home/gstein/php_files"
&lt;Location "/php-source"&gt;
Dav On
ForceType text/plain
&lt;/Location&gt;</pre>
@@ -185,7 +185,7 @@ Alias /php-source /home/gstein/php_files
<p>Use the <code class="directive">Dav</code> directive to enable the
WebDAV HTTP methods for the given container:</p>
<pre class="prettyprint lang-config">&lt;Location /foo&gt;
<pre class="prettyprint lang-config">&lt;Location "/foo"&gt;
Dav On
&lt;/Location&gt;</pre>
@@ -240,7 +240,7 @@ a DAV resource</td></tr>
(like 600 seconds) to reduce the chance of the client losing
the lock due to network latency.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location /MSWord&gt;
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/MSWord"&gt;
DavMinTimeout 600
&lt;/Location&gt;</pre>
</div>

26
docs/manual/mod/mod_dav.xml
View File

@@ -45,7 +45,9 @@
<p>To enable <module>mod_dav</module>, add the following to a
container in your <code>httpd.conf</code> file:</p>
<highlight language="config">Dav On</highlight>
<highlight language="config">
Dav On
</highlight>
<p>This enables the DAV file system provider, which is implemented
by the <module>mod_dav_fs</module> module. Therefore, that module
@@ -58,12 +60,12 @@
directive:</p>
<highlight language="config">
DavLockDB /usr/local/apache2/var/DavLock
DavLockDB "/usr/local/apache2/var/DavLock"
</highlight>
<p>The directory containing the lock database file must be
writable by the <directive module="mod_unixd">User</directive>
and <directive module="mod_unixd" >Group</directive> under which
and <directive module="mod_unixd">Group</directive> under which
Apache is running.</p>
<p>You may wish to add a <directive module="core" type="section"
@@ -78,15 +80,15 @@
<example><title>Full Example</title>
<highlight language="config">
DavLockDB /usr/local/apache2/var/DavLock
DavLockDB "/usr/local/apache2/var/DavLock"
&lt;Directory /usr/local/apache2/htdocs/foo&gt;
&lt;Directory "/usr/local/apache2/htdocs/foo"&gt;
Require all granted
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
AuthName "DAV"
AuthUserFile "user.passwd"
&lt;LimitExcept GET POST OPTIONS&gt;
Require user admin
@@ -149,9 +151,9 @@ DavLockDB /usr/local/apache2/var/DavLock
downloaded and manipulated with DAV.</p>
<highlight language="config">
Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
&lt;Location /php-source&gt;
Alias "/phparea" "/home/gstein/php_files"
Alias "/php-source" "/home/gstein/php_files"
&lt;Location "/php-source"&gt;
Dav On
ForceType text/plain
&lt;/Location&gt;
@@ -175,7 +177,7 @@ Alias /php-source /home/gstein/php_files
WebDAV HTTP methods for the given container:</p>
<highlight language="config">
&lt;Location /foo&gt;
&lt;Location "/foo"&gt;
Dav On
&lt;/Location&gt;
</highlight>
@@ -218,7 +220,7 @@ a DAV resource</description>
<example><title>Example</title>
<highlight language="config">
&lt;Location /MSWord&gt;
&lt;Location "/MSWord"&gt;
DavMinTimeout 600
&lt;/Location&gt;
</highlight>

4
docs/manual/mod/mod_session.html.en
View File

@@ -273,9 +273,9 @@ SessionCookieName session path=/private;domain=example.com;httponly;secure;</pre
SessionCryptoPassphrase secret
SessionCookieName session path=/
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthName "realm"
#...</pre>
</div>

4
docs/manual/mod/mod_session.xml
View File

@@ -261,9 +261,9 @@ Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/
AuthFormProvider file
AuthUserFile conf/passwd
AuthUserFile "conf/passwd"
AuthType form
AuthName realm
AuthName "realm"
#...
</highlight>
</example>

70
docs/manual/ssl/ssl_howto.html.en
View File

@@ -49,8 +49,8 @@ following directives.</p>
&lt;VirtualHost *:443&gt;
ServerName www.example.com
SSLEngine on
SSLCertificateFile /path/to/www.example.com.cert
SSLCertificateKeyFile /path/to/www.example.com.key
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
&lt;/VirtualHost&gt;</pre>
@@ -93,7 +93,7 @@ URL?</a></h3>
<pre class="prettyprint lang-config"># be liberal in general
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
&lt;Location /strong/area&gt;
&lt;Location "/strong/area"&gt;
# but https://hostname/strong/area/ and below
# requires strong ciphers
SSLCipherSuite HIGH:!aNULL:!MD5
@@ -118,7 +118,7 @@ the server.</p>
<p>Because the client can obtain the certificate revocation status from
the server, without requiring an extra connection from the client to the
Certificate Authority, OCSP Stapling is the preferred way for the
revocation status to be obtained. Other benefits of eliminating the
revocation status to be obtained. Other benefits of eliminating the
communication between clients and the Certificate Authority are that the
client browsing history is not exposed to the Certificate Authority and
obtaining status is more reliable by not depending on potentially heavily
@@ -138,7 +138,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)"</pre>
<p>These directives are placed at global scope (i.e., not within a virtual
host definition) wherever other global SSL configuration directives are
placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal
placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal
open source builds of httpd, <code>/etc/apache2/mods-enabled/ssl.conf</code>
for the Ubuntu or Debian-bundled httpd, etc.</p>
@@ -146,7 +146,7 @@ for the Ubuntu or Debian-bundled httpd, etc.</p>
<code class="module"><a href="../mod/mod_socache_shmcb.html">mod_socache_shmcb</a></code> (from the <code>shmcb</code> prefix on the
directive's argument). This module is usually enabled already for
<code class="directive">SSLSessionCache</code> or on behalf of some module other than
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. If you enabled an SSL session cache using a
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. If you enabled an SSL session cache using a
mechanism other than <code class="module"><a href="../mod/mod_socache_shmcb.html">mod_socache_shmcb</a></code>, use that alternative
mechanism for <code class="directive">SSLStaplingCache</code> as well. For example:</p>
@@ -159,7 +159,7 @@ is sent by your server:</p>
<pre>$ openssl s_client -connect www.example.com:443 -status -servername www.example.com
...
OCSP response:
OCSP response:
======================================
OCSP Response Data:
OCSP Response Status: successful (0x0)
@@ -169,15 +169,15 @@ OCSP Response Data:
...</pre>
<p>The following sections highlight the most common situations which require
further modification to the configuration. Refer also to the
further modification to the configuration. Refer also to the
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> reference manual.</p>
<h3>If more than a few SSL certificates are used for the server</h3>
<p>OCSP responses are stored in the SSL stapling cache. While the responses
are typically a few hundred to a few thousand bytes in size, mod_ssl
supports OCSP responses up to around 10K bytes in size. With more than a
few certificates, the stapling cache size (32768 bytes in the example above)
are typically a few hundred to a few thousand bytes in size, mod_ssl
supports OCSP responses up to around 10K bytes in size. With more than a
few certificates, the stapling cache size (32768 bytes in the example above)
may need to be increased. Error message AH01929 will be logged in case of
an error storing a response.</p>
@@ -185,7 +185,7 @@ an error storing a response.</p>
<h3>If the certificate does not point to an OCSP responder, or if a
different address must be used</h3>
<p>Refer to the
<p>Refer to the
<code class="directive"><a href="../mod/mod_ssl.html#sslstaplingforceurl">SSLStaplingForceURL</a></code> directive.</p>
<p>You can confirm that a server certificate points to an OCSP responder
@@ -227,7 +227,7 @@ directives.</p>
<pre>AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!</pre>
<p>In order to support OCSP Stapling when a particular server certificate is
used, the certificate chain for that certificate must be configured. If it
used, the certificate chain for that certificate must be configured. If it
was not configured as part of enabling SSL, the AH02217 error will be issued
when stapling is enabled, and an OCSP response will not be provided for clients
using the certificate.</p>
@@ -264,7 +264,7 @@ Intranet website, for clients coming from the Internet?</a></li>
# signed by our CA certificate in ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
SSLCACertificateFile "conf/ssl.crt/ca.crt"</pre>
@@ -277,9 +277,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt</pre>
<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>:</p>
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
&lt;Location /secure/area&gt;
&lt;Location "/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 1
&lt;/Location&gt;</pre>
@@ -303,10 +303,10 @@ SSLVerifyDepth 1
clients allowed, as follows:</p>
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@@ -314,7 +314,7 @@ SSLCACertificatePath conf/ssl.crt
AuthName "Snake Oil Authentication"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
AuthUserFile "/usr/local/apache2/conf/httpd.passwd"
Require valid-user
&lt;/Directory&gt;</pre>
@@ -332,10 +332,10 @@ SSLCACertificatePath conf/ssl.crt
<pre class="prettyprint lang-config">SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@@ -358,42 +358,42 @@ plain HTTP access for clients on the Intranet.</a></h3>
This configuration should remain outside of your HTTPS virtual host, so
that it applies to both HTTPS and HTTP.</p>
<pre class="prettyprint lang-config">SSLCACertificateFile conf/ssl.crt/company-ca.crt
<pre class="prettyprint lang-config">SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
&lt;Directory /usr/local/apache2/htdocs&gt;
&lt;Directory "/usr/local/apache2/htdocs"&gt;
# Outside the subarea only Intranet access is granted
Require ip 192.168.1.0/24
&lt;/Directory&gt;
&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
# Inside the subarea any Intranet access is allowed
# but from the Internet only HTTPS + Strong-Cipher + Password
# or the alternative HTTPS + Strong-Cipher + Client-Certificate
# If HTTPS is used, make sure a strong cipher is used.
# Additionally allow client certs as alternative to basic auth.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +FakeBasicAuth +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
# Force clients from the Internet to use HTTPS
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond %{HTTPS} !=on
RewriteRule . - [F]
RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
RewriteCond "%{HTTPS}" "!=on"
RewriteRule "." "-" [F]
# Allow Network Access and/or Basic Auth
Satisfy any
# Network Access Control
Require ip 192.168.1.0/24
# HTTP Basic Authentication
AuthType basic
AuthName "Protected Intranet Area"
AuthBasicProvider file
AuthUserFile conf/protected.passwd
AuthUserFile "conf/protected.passwd"
Require valid-user
&lt;/Directory&gt;</pre>

71
docs/manual/ssl/ssl_howto.xml
View File

@@ -44,8 +44,8 @@ Listen 443
&lt;VirtualHost *:443&gt;
ServerName www.example.com
SSLEngine on
SSLCertificateFile /path/to/www.example.com.cert
SSLCertificateKeyFile /path/to/www.example.com.key
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
&lt;/VirtualHost&gt;
</highlight>
@@ -92,7 +92,7 @@ URL?</title>
# be liberal in general
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
&lt;Location /strong/area&gt;
&lt;Location "/strong/area"&gt;
# but https://hostname/strong/area/ and below
# requires strong ciphers
SSLCipherSuite HIGH:!aNULL:!MD5
@@ -118,7 +118,7 @@ the server.</p>
<p>Because the client can obtain the certificate revocation status from
the server, without requiring an extra connection from the client to the
Certificate Authority, OCSP Stapling is the preferred way for the
revocation status to be obtained. Other benefits of eliminating the
revocation status to be obtained. Other benefits of eliminating the
communication between clients and the Certificate Authority are that the
client browsing history is not exposed to the Certificate Authority and
obtaining status is more reliable by not depending on potentially heavily
@@ -139,7 +139,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)"
<p>These directives are placed at global scope (i.e., not within a virtual
host definition) wherever other global SSL configuration directives are
placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal
placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal
open source builds of httpd, <code>/etc/apache2/mods-enabled/ssl.conf</code>
for the Ubuntu or Debian-bundled httpd, etc.</p>
@@ -147,7 +147,7 @@ for the Ubuntu or Debian-bundled httpd, etc.</p>
<module>mod_socache_shmcb</module> (from the <code>shmcb</code> prefix on the
directive's argument). This module is usually enabled already for
<directive>SSLSessionCache</directive> or on behalf of some module other than
<module>mod_ssl</module>. If you enabled an SSL session cache using a
<module>mod_ssl</module>. If you enabled an SSL session cache using a
mechanism other than <module>mod_socache_shmcb</module>, use that alternative
mechanism for <directive>SSLStaplingCache</directive> as well. For example:</p>
@@ -162,7 +162,7 @@ is sent by your server:</p>
<pre>
$ openssl s_client -connect www.example.com:443 -status -servername www.example.com
...
OCSP response:
OCSP response:
======================================
OCSP Response Data:
OCSP Response Status: successful (0x0)
@@ -173,15 +173,15 @@ OCSP Response Data:
</pre>
<p>The following sections highlight the most common situations which require
further modification to the configuration. Refer also to the
further modification to the configuration. Refer also to the
<module>mod_ssl</module> reference manual.</p>
<section>
<title>If more than a few SSL certificates are used for the server</title>
<p>OCSP responses are stored in the SSL stapling cache. While the responses
are typically a few hundred to a few thousand bytes in size, mod_ssl
supports OCSP responses up to around 10K bytes in size. With more than a
few certificates, the stapling cache size (32768 bytes in the example above)
are typically a few hundred to a few thousand bytes in size, mod_ssl
supports OCSP responses up to around 10K bytes in size. With more than a
few certificates, the stapling cache size (32768 bytes in the example above)
may need to be increased. Error message AH01929 will be logged in case of
an error storing a response.</p>
</section>
@@ -189,7 +189,7 @@ an error storing a response.</p>
<section>
<title>If the certificate does not point to an OCSP responder, or if a
different address must be used</title>
<p>Refer to the
<p>Refer to the
<directive module="mod_ssl">SSLStaplingForceURL</directive> directive.</p>
<p>You can confirm that a server certificate points to an OCSP responder
@@ -235,7 +235,7 @@ directives.</p>
AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
</pre>
<p>In order to support OCSP Stapling when a particular server certificate is
used, the certificate chain for that certificate must be configured. If it
used, the certificate chain for that certificate must be configured. If it
was not configured as part of enabling SSL, the AH02217 error will be issued
when stapling is enabled, and an OCSP response will not be provided for clients
using the certificate.</p>
@@ -274,7 +274,7 @@ Intranet website, for clients coming from the Internet?</a></li>
# signed by our CA certificate in ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
</highlight>
</section>
@@ -288,9 +288,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
&lt;Location /secure/area&gt;
&lt;Location "/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 1
&lt;/Location&gt;
@@ -315,10 +315,10 @@ SSLVerifyDepth 1
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@@ -326,7 +326,7 @@ SSLCACertificatePath conf/ssl.crt
AuthName "Snake Oil Authentication"
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
AuthUserFile "/usr/local/apache2/conf/httpd.passwd"
Require valid-user
&lt;/Directory&gt;
</highlight>
@@ -348,10 +348,10 @@ SSLCACertificatePath conf/ssl.crt
<highlight language="config">
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile "conf/ssl.crt/ca.crt"
SSLCACertificatePath "conf/ssl.crt"
&lt;Directory /usr/local/apache2/htdocs/secure/area&gt;
&lt;Directory "/usr/local/apache2/htdocs/secure/area"&gt;
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
@@ -375,42 +375,42 @@ plain HTTP access for clients on the Intranet.</title>
that it applies to both HTTPS and HTTP.</p>
<highlight language="config">
SSLCACertificateFile conf/ssl.crt/company-ca.crt
SSLCACertificateFile "conf/ssl.crt/company-ca.crt"
&lt;Directory /usr/local/apache2/htdocs&gt;
&lt;Directory "/usr/local/apache2/htdocs"&gt;
# Outside the subarea only Intranet access is granted
Require ip 192.168.1.0/24
&lt;/Directory&gt;
&lt;Directory /usr/local/apache2/htdocs/subarea&gt;
&lt;Directory "/usr/local/apache2/htdocs/subarea"&gt;
# Inside the subarea any Intranet access is allowed
# but from the Internet only HTTPS + Strong-Cipher + Password
# or the alternative HTTPS + Strong-Cipher + Client-Certificate
# If HTTPS is used, make sure a strong cipher is used.
# Additionally allow client certs as alternative to basic auth.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +FakeBasicAuth +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
# Force clients from the Internet to use HTTPS
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond %{HTTPS} !=on
RewriteRule . - [F]
RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$"
RewriteCond "%{HTTPS}" "!=on"
RewriteRule "." "-" [F]
# Allow Network Access and/or Basic Auth
Satisfy any
# Network Access Control
Require ip 192.168.1.0/24
# HTTP Basic Authentication
AuthType basic
AuthName "Protected Intranet Area"
AuthBasicProvider file
AuthUserFile conf/protected.passwd
AuthUserFile "conf/protected.passwd"
Require valid-user
&lt;/Directory&gt;
</highlight>
@@ -430,4 +430,3 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt
</section>
</manualpage>