diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 04e389f163..28fdf53603 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -45,7 +45,6 @@
  • AllowCONNECT
  • AllowOverride
  • Anonymous
    • -
  • Anonymous_Authoritative
  • Anonymous_LogEmail
  • Anonymous_MustGiveEmail
  • Anonymous_NoUserID
    • @@ -56,14 +55,15 @@
  • AuthDBMGroupFile
  • AuthDBMType
  • AuthDBMUserFile
    • +
  • AuthDefaultAuthoritative
  • AuthDigestAlgorithm
  • AuthDigestDomain
    • -
  • AuthDigestFile
    • -
  • AuthDigestGroupFile
  • AuthDigestNcCheck
  • AuthDigestNonceFormat
  • AuthDigestNonceLifetime
    • +
  • AuthDigestProvider
  • AuthDigestQop
    • +
  • AuthDigestShmemSize
  • AuthGroupFile
  • AuthLDAPAuthoritative
  • AuthLDAPBindDN
    • @@ -82,7 +82,9 @@
  • AuthUserFile
  • AuthzDBMAuthoritative
  • AuthzDBMType
    • +
  • AuthzDefaultAuthoritative
  • AuthzGroupFileAuthoritative
    • +
  • AuthzUserAuthoritative
  • BrowserMatch
  • BrowserMatchNoCase
  • CacheDefaultExpire
    • diff --git a/docs/manual/mod/index.html.en b/docs/manual/mod/index.html.en index bc4d923d66..044c866b3d 100644 --- a/docs/manual/mod/index.html.en +++ b/docs/manual/mod/index.html.en @@ -39,11 +39,14 @@ for HTTP Basic authentication.
    mod_authn_anon
    Allows "anonymous" user access to authenticated areas
    mod_authn_dbm
    User authentication using DBM files
    +
    mod_authn_default
    Authentication fallback module
    mod_authn_file
    User authentication using text files
    mod_authz_dbm
    Group authorization using DBM files
    +
    mod_authz_default
    Authorization fallback module
    mod_authz_groupfile
    Group authorization using plaintext files
    mod_authz_host
    Group authorizations based on host (name or IP address)
    +
    mod_authz_user
    User Authorization
    mod_autoindex
    Generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command
    diff --git a/docs/manual/mod/mod_auth_basic.html.en b/docs/manual/mod/mod_auth_basic.html.en index f8b9aca002..efb424b8c8 100644 --- a/docs/manual/mod/mod_auth_basic.html.en +++ b/docs/manual/mod/mod_auth_basic.html.en @@ -10,30 +10,27 @@ auth_basic_moduleSource File: mod_auth_basic.cCompatibility: Available in Apache 2.1 and later

    Summary

    -

    This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers. HTTP Digest Authentication is provided by mod_auth_digest.

    -

    Directives

    See also

    top

    AuthBasicAuthoritative Directive

    Description: - Sets whether authorization and authentication are -passed to lower level modules
    Syntax: - AuthBasicAuthoritative on|off
    Default: - AuthBasicAuthoritative on
    Context: + Sets whether authorization and authentication are passed to +lower level modules
    Syntax: + AuthBasicAuthoritative On|Off
    Default: + AuthBasicAuthoritative On
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Base
    Module: mod_auth_basic

    Setting the AuthBasicAuthoritative directive - explicitly to 'off' allows for both + explicitly to Off allows for both authentication and authorization to be passed on to lower level - modules (as defined in the Configuration and - modules.c files) if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual + modules (as defined in the modules.c files) if there is + no userID or rule matching the + supplied userID. If there is a userID and/or rule specified, the usual password and access checks will be applied and a failure will give an Authorization Required reply.

    @@ -43,22 +40,39 @@ passed to lower level modulestop

    AuthBasicProvider Directive

    Description: Sets the authentication provider(s) for this location
    Syntax: - AuthBasicProvider provider-name
    Context: - directory, .htaccess
    Override: - AuthConfig
    Status: + AuthBasicProvider On|Off|provider-name +[provider-name] ...
    Default: + AuthBasicProvider On
    Context: + directory
    Status: Base
    Module: mod_auth_basic

    The AuthBasicProvider directive sets - which provider is used to authenticate the users for this location.

    + which provider is used to authenticate the users for this location. + Setting the value to On will choose the default provider + (file). Since the file provider is implemented + by the mod_authn_file module, you have to make sure, + that the module is present in the server.

    -

    See mod_authn_dbm, mod_authn_file +

    Example

    + <Location /secure>
    + + AuthBasicProvider dbm
    + AuthDBMType SDBM
    + AuthDBMUserFile /www/etc/dbmpasswd
    + Require valid-user
    +     + </Location> +

    + +

    See mod_authn_dbm and mod_authn_file for providers.

    +

    The value Off clears the provider list and sets it back + to the default.

    \ No newline at end of file diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en index 1609ebafc5..e152db9203 100644 --- a/docs/manual/mod/mod_auth_digest.html.en +++ b/docs/manual/mod/mod_auth_digest.html.en @@ -10,34 +10,39 @@ ExperimentalModule Identifier: auth_digest_moduleSource File: mod_auth_digest.c

    Summary

    -

    This module implements HTTP Digest Authentication. However, it +

    This module implements HTTP Digest Authentication. However, it has not been extensively tested and is therefore marked experimental.

    Directives

    Topics

    See also

    top

    Using Digest Authentication

    Using MD5 Digest authentication is very simple. Simply set - up authentication normally, using "AuthType Digest" and - "AuthDigestFile" instead of the normal "AuthType Basic" and - "AuthUserFile"; also, replace any "AuthGroupFile" with - "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive - containing at least the root URI(s) for this protection space. - Example:

    + up authentication normally, using AuthType Digest and + AuthDigestProvider + instead of the normal AuthType Basic and + AuthBasicProvider. + Then add a AuthDigestDomain directive containing at least the root + URI(s) for this protection space.

    -

    +

    Appropriate user (text) files can be created using the + htdigest tool.

    + +

    Example:

    <Location /private/>
    AuthType Digest
    AuthName "private area"
    AuthDigestDomain /private/ http://mirror.my.dom/private2/
    - AuthDigestFile /web/auth/.digest_pw
    +
    + AuthDigestProvider file
    + AuthUserFile /web/auth/.digest_pw
    Require valid-user
     </Location> @@ -46,11 +51,11 @@

    Note

    Digest authentication provides a more secure password system than Basic authentication, but only works with supporting - browsers. As of July 2002, the major browsers that support digest + browsers. As of November 2002, the major browsers that support digest authentication are Opera, MS Internet - Explorer (fails when used with a query string), Amaya and Mozilla. Since digest + Explorer (fails when used with a query string), Amaya, Mozilla and Netscape since version 7. Since digest authentication is not as widely implemented as basic - authentication, you should use it only in controlled settings.

    + authentication, you should use it only in controlled environments.

    top

    AuthDigestAlgorithm Directive

    Description: Selects the algorithm used to calculate the challenge and @@ -97,48 +102,6 @@ authentication
    Syntax: which case clients (which understand this) will then share username/password info across multiple servers without prompting the user each time.

    -
    top

    AuthDigestFile Directive

    Description: - Location of the text file containing the list -of users and encoded passwords for digest authentication
    Syntax: - AuthDigestFile file-path
    Context: - directory, .htaccess
    Override: - AuthConfig
    Status: - Experimental
    Module: - mod_auth_digest
    -

    The AuthDigestFile directive sets the - name of a textual file containing the list of users and encoded - passwords for digest authentication. File-path is the - absolute path to the user file.

    - -

    The digest file uses a special format. Files in this format - can be created using the htdigest utility found in - the support/ subdirectory of the Apache distribution.

    -
    top

    AuthDigestGroupFile Directive

    Description: - Name of the text file containing the list of groups -for digest authentication
    Syntax: - AuthDigestGroupFile file-path
    Context: - directory, .htaccess
    Override: - AuthConfig
    Status: - Experimental
    Module: - mod_auth_digest
    -

    The AuthDigestGroupFile directive sets - the name of a textual file containing the list of groups and their - members (user names). File-path is the absolute path to - the group file.

    - -

    Each line of the group file contains a groupname followed by - a colon, followed by the member usernames separated by spaces. - Example:

    - -

    mygroup: bob joe anne

    - -

    Note that searching large text files is very - inefficient.

    - -

    Security: make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

    top

    AuthDigestNcCheck Directive

    Description: Enables or disables checking of the nonce-count sent by the server
    Syntax: @@ -158,8 +121,8 @@ server
    Syntax: AuthConfig
    Status: Experimental
    Module: mod_auth_digest
    -

    Not implemented yet. -

    +
    Not implemented yet.
    +
    top

    AuthDigestNonceLifetime Directive

    Description: How long the server nonce is valid
    Syntax: AuthDigestNonceLifetime seconds
    Default: @@ -177,6 +140,26 @@ server
    Syntax: seconds. If seconds is less than 0 then the nonce never expires.

    +
    top

    AuthDigestProvider Directive

    Description: + Sets the authentication provider(s) for this location
    Syntax: + AuthDigestProvider On|Off|provider-name +[provider-name] ...
    Default: + AuthBasicProvider On
    Context: + directory
    Status: + Experimental
    Module: + mod_auth_digest
    +

    The AuthDigestProvider directive sets + which provider is used to authenticate the users for this location. + Setting the value to On will choose the default provider + (file). Since the file provider is implemented + by the mod_authn_file module, you have to make sure, + that the module is present in the server.

    + +

    See mod_authn_dbm and mod_authn_file + for providers.

    + +

    The value Off clears the provider list and sets it back + to the default.

    top

    AuthDigestQop Directive

    Description: Determines the quality-of-protection to use in digest authentication
    Syntax: @@ -187,8 +170,8 @@ authentication
    Syntax: Experimental
    Module: mod_auth_digest

    The AuthDigestQop directive determines - the quality-of-protection to use. auth will only do - authentication (username/password); auth-int is + the quality-of-protection to use. auth will + only do authentication (username/password); auth-int is authentication plus integrity checking (an MD5 hash of the entity is also computed and checked); none will cause the module to use the old RFC-2069 digest algorithm (which does not include @@ -200,4 +183,32 @@ authentication

    Syntax:
    auth-int is not implemented yet.
    +
    top

    AuthDigestShmemSize Directive

    Description: + The amount of shared memory to allocate for keeping track +of clients
    Syntax: + AuthDigestShmemSize size
    Default: + AuthDigestShmemSize 1000
    Context: + server config
    Status: + Experimental
    Module: + mod_auth_digest
    +

    The AuthDigestShmemSize directive defines + the amount of shared memory, that will be allocated at the server + startup for keeping track of clients. Note that the shared memory + segment cannot be set less than the space that is neccessary for + tracking at least one client. This value is dependant on your + system. If you want to find out the exact value, you may simply + set AuthDigestShmemSize to the value of + 0 and read the error message after trying to start the + server.

    + +

    The size is normally expressed in Bytes, but you + may let the number follow a K or an M to + express your value as KBytes or MBytes. For example, the following + directives are all equivalent:

    + +

    + AuthDigestShmemSize 1048576
    + AuthDigestShmemSize 1024K
    + AuthDigestShmemSize 1M
    +

    \ No newline at end of file diff --git a/docs/manual/mod/mod_authn_anon.html.en b/docs/manual/mod/mod_authn_anon.html.en index 7eda7b88ba..f9bbacedad 100644 --- a/docs/manual/mod/mod_authn_anon.html.en +++ b/docs/manual/mod/mod_authn_anon.html.en @@ -11,8 +11,9 @@     		authn_anon_module
    Source File: mod_authn_anon.c
    Compatibility: Available in Apache 2.1 and later

    Summary

    -

    This module does access control in a manner similar to - anonymous-ftp sites; i.e. have a 'magic' user id +

    This module provides authentication front-ends such as + mod_auth_basic to authenticate users similar + to anonymous-ftp sites, i.e. have a 'magic' user id 'anonymous' and the email address as a password. These email addresses can be logged.

    @@ -23,29 +24,30 @@ tracking is that, unlike magic-cookies and funny URL pre/postfixes, it is completely browser independent and it allows users to share URLs.

    + +

    When using mod_auth_basic, this module is invoked + via the AuthBasicProvider + directive with the anon value.

    top

    Example

    - -

    The example below (when combined with the Auth directives of a - htpasswd-file based (or GDM, mSQL etc.) base access - control system allows users in as 'guests' with the following - properties:

    +

    Topics

    top

    Example

    +

    The example below is combined with "normal" htpasswd-file based + authentication and allows users in additionally as 'guests' with the + following properties:

    • It insists that the user enters a userId. - (Anonymous_NoUserId)
      • + (Anonymous_NoUserId)
    • It insists that the user enters a password. - (Anonymous_MustGiveEmail)
      • + (Anonymous_MustGiveEmail) -
    • The password entered must be a valid email address, ie. +
    • The password entered must be a valid email address, i.e. contain at least one '@' and a '.'. - (Anonymous_VerifyEmail)
      • + (Anonymous_VerifyEmail)
    • The userID must be one of anonymous guest www test welcome and comparison is not case @@ -53,38 +55,34 @@
    • And the Email addresses entered in the passwd field are logged to the error log file - (Anonymous_LogEmail)
      • + (Anonymous_LogEmail)
    -

    Excerpt of httpd.conf:

    - -

    - Anonymous_NoUserId off
    - Anonymous_MustGiveEmail on
    - Anonymous_VerifyEmail on
    - Anonymous_LogEmail on
    - Anonymous anonymous guest www test welcome
    -
    - AuthName "Use 'anonymous' & Email address for - guest entry"
    - AuthType basic
    -
    - # An - AuthUserFile/AuthDBMUserFile
    - # directive must be specified, or use
    - # Anonymous_Authoritative for public access.
    - # In the .htaccess for the public directory, add:
    - <Files *>
    - Order Deny,Allow
    - Allow from all
    -
    - Require valid-user
    - </Files>
    -

    +

    Example

    + <Directory /foo> + + AuthName "Use 'anonymous' & Email address for guest entry"
    + AuthType Basic
    + AuthBasicProvider file anon
    + AuthUserFile /path/to/your/.htpasswd
    +
    + Anonymous_NoUserId off
    + Anonymous_MustGiveEmail on
    + Anonymous_VerifyEmail on
    + Anonymous_LogEmail on
    + Anonymous anonymous guest www test welcome
    +
    + Order Deny,Allow
    + Allow from all
    +
    + Require valid-user
    +     + </Directory> +

    top

    Anonymous Directive

    Description: Specifies userIDs that areallowed access without password verification
    Syntax: - Anonymous user [user] ...
    Context: + Anonymous user [user] ...
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: @@ -96,50 +94,33 @@ password verification
    Synt

    Please note that the comparison is case-IN-sensitive.
    - I strongly suggest that the magic username + It's strongly recommended that the magic username 'anonymous' is always one of the allowed userIDs.

    -

    Example:

    -

    Anonymous anonymous "Not Registered" 'I don\'t know'

    +

    Example:

    + Anonymous anonymous "Not Registered" "I don't know" +

    This would allow the user to enter without password - verification by using the userId's 'anonymous', - 'AnonyMous','Not Registered' and 'I Don't Know'.

    -
    top

    Anonymous_Authoritative Directive

    Description: - Configures if authorization will fall-through -to other methods
    Syntax: - Anonymous_Authoritative on|off
    Default: - Anonymous_Authoritative off
    Context: - directory, .htaccess
    Override: - AuthConfig
    Status: - Extension
    Module: - mod_authn_anon
    -

    When set 'on', there is no fall-through to other authorization - methods. So if a userID does not match the values specified in the - Anonymous directive, - access is denied.

    - -

    Be sure you know what you are doing when you decide to - switch it on. And remember that it is the linking order of the - modules (in the Configuration / Make file) which details the - order in which the Authorization modules are queried.

    + verification by using the userIDs "anonymous", + "AnonyMous", "Not Registered" and "I Don't Know".

    top

    Anonymous_LogEmail Directive

    Description: Sets whether the password entered will be logged in the error log
    Syntax: - Anonymous_LogEmail on|off
    Default: - Anonymous_LogEmail on
    Context: + Anonymous_LogEmail On|Off
    Default: + Anonymous_LogEmail On
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authn_anon
    -

    When set on, the default, the 'password' entered +

    When set On, the default, the 'password' entered (which hopefully contains a sensible email address) is logged in the error log.

    top

    Anonymous_MustGiveEmail Directive

    Description: Specifies whether blank passwords are allowed
    Syntax: - Anonymous_MustGiveEmail on|off
    Default: - Anonymous_MustGiveEmail on
    Context: + Anonymous_MustGiveEmail On|Off
    Default: + Anonymous_MustGiveEmail On
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: @@ -148,26 +129,26 @@ error log
    Syntax: the password. This prohibits blank passwords.

    top

    Anonymous_NoUserID Directive

    Description: Sets whether the userID field may be empty
    Syntax: - Anonymous_NoUserID on|off
    Default: - Anonymous_NoUserID off
    Context: + Anonymous_NoUserID On|Off
    Default: + Anonymous_NoUserID Off
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authn_anon
    -

    When set on, users can leave the userID (and +

    When set On, users can leave the userID (and perhaps the password field) empty. This can be very convenient for MS-Explorer users who can just hit return or click directly on the OK button; which seems a natural reaction.

    top

    Anonymous_VerifyEmail Directive

    Description: Sets whether to check the password field for a correctly formatted email address
    Syntax: - Anonymous_VerifyEmail on|off
    Default: - Anonymous_VerifyEmail off
    Context: + Anonymous_VerifyEmail On|Off
    Default: + Anonymous_VerifyEmail Off
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authn_anon
    -

    When set on the 'password' entered is checked for +

    When set On the 'password' entered is checked for at least one '@' and a '.' to encourage users to enter valid email - addresses (see the above Auth_LogEmail).

    + addresses (see the above Anonymous_LogEmail).

    \ No newline at end of file diff --git a/docs/manual/mod/mod_authn_dbm.html.en b/docs/manual/mod/mod_authn_dbm.html.en index 2403487147..7242c5aa80 100644 --- a/docs/manual/mod/mod_authn_dbm.html.en +++ b/docs/manual/mod/mod_authn_dbm.html.en @@ -12,14 +12,15 @@     		Available in Apache 2.1 and later

    Summary

    This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic - to authenticate users by looking up users in plain text password files. - Similar functionality is provided by mod_authn_file.

    + to authenticate users by looking up users in dbm password + files. Similar functionality is provided by + mod_authn_file.

    When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider - with the 'dbm' value.

    + with the dbm value.

    Directives

    See also

    Syntax: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: - mod_authn_dbm
    Compatibility: - Available in version 2.0.30 and later.
    +
    		mod_authn_dbm
    +

    Sets the type of database file that is used to store the passwords. + The default database type is determined at compile time. The + availability of other types of database files also depends on + compile-time settings.

    -

    Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -compile-time settings.

    - -

    It is crucial that whatever program you use to create your password -files is configured to use the same type of database.

    +

    It is crucial that whatever program you use to create your password + files is configured to use the same type of database.

    top

    AuthDBMUserFile Directive

    Description: Sets the name of a database file containing the list of users and passwords for authentication
    Syntax: - AuthDBMUserFile file-path
    Context: + AuthDBMUserFile file-path
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authn_dbm

    The AuthDBMUserFile directive sets the name of a DBM file containing the list of users and passwords for - user authentication. File-path is the absolute path to + user authentication. File-path is the absolute path to the user file.

    The user file is keyed on the username. The value for a user is @@ -69,8 +68,8 @@ passwords for authenticationAuthDBMUserFile.

    Important compatibility note: The implementation of - "dbmopen" in the apache modules reads the string length of the - hashed values from the DBM data structures, rather than relying + dbmopen in the apache modules reads the string length of + the hashed values from the DBM data structures, rather than relying upon the string being NULL-appended. Some applications, such as the Netscape web server, rely upon the string being NULL-appended, so if you are having trouble using DBM files diff --git a/docs/manual/mod/mod_authn_default.html.en b/docs/manual/mod/mod_authn_default.html.en new file mode 100644 index 0000000000..71338ecc51 --- /dev/null +++ b/docs/manual/mod/mod_authn_default.html.en @@ -0,0 +1,39 @@ + + +mod_authn_default - Apache HTTP Server

    Modules | Directives | FAQ | Glossary | Sitemap

    Apache HTTP Server Version 2.1

    <-

    Apache Module mod_authn_default

    Description: + Authentication fallback module
    Status: + Base
    Module Identifier: + authn_default_module
    Source File: + mod_authn_default.c
    Compatibility: + Available in Apache 2.1 and later

    Summary

    +

    This module is designed to be the fallback module, if you don't + have configured an authentication module like + mod_auth_basic. It simply rejects any + credentials supplied by the user.

    +
    top

    AuthDefaultAuthoritative Directive

    Description: + Sets whether authentication is passed to lower level +modules
    Syntax: + AuthDefaultAuthoritative On|Off
    Default: + AuthDefaultAuthoritative On
    Context: + directory, .htaccess
    Override: + AuthConfig
    Status: + Base
    Module: + mod_authn_default
    +

    Setting the AuthDefaultAuthoritative directive + explicitly to Off allows for authentication to be passed on + to lower level modules (as defined in the modules.c + files).

    + +

    Note

    +

    Normally there are no lower level modules, since + mod_authn_default is defined to be already on + a very low level. Therefore you should leave the value of + AuthDefaultAuthoritative as default + (On).

    +
    +
    \ No newline at end of file diff --git a/docs/manual/mod/mod_authn_file.html.en b/docs/manual/mod/mod_authn_file.html.en index 2545080be4..41da1a920e 100644 --- a/docs/manual/mod/mod_authn_file.html.en +++ b/docs/manual/mod/mod_authn_file.html.en @@ -10,7 +10,6 @@ authn_file_moduleSource File: mod_authn_file.cCompatibility: Available in Apache 2.1 and later

    Summary

    -

    This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in plain text password files. @@ -20,53 +19,67 @@ mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider - with the 'file' value.

    - + with the file value.

    top

    AuthUserFile Directive

    Description: +
  • htpasswd
  • htdigest
    • top

    AuthUserFile Directive

    Description: Sets the name of a text file containing the list of users and passwords for authentication
    Syntax: - AuthUserFile file-path
    Context: + AuthUserFile file-path
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Base
    Module: mod_authn_file

    The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for - user authentication. File-path is the path to the user - file. If it is not absolute (i.e., if it doesn't begin - with a slash), it is treated as relative to the ServerRoot.

    + user authentication. File-path is the path to the user + file. If it is not absolute, it is treated as relative to the + ServerRoot.

    Each line of the user file contains a username followed by - a colon, followed by the crypt() encrypted - password. The behavior of multiple occurrences of the same user is - undefined.

    + a colon, followed by the encrypted password. If the same user + ID is defined multiple times, mod_authn_file will + use the first occurrence to verify the password.

    The utility htpasswd which is installed as part of the binary distribution, or which can be found in src/support, is used to maintain - this password file. See the man page for more - details. In short:

    + the password file for HTTP Basic Authentication. See the + man page for more details. + In short:

    -

    Create a password file 'Filename' with 'username' as the - initial ID. It will prompt for the password:

    -

    htpasswd -c Filename username

    +

    Create a password file Filename with + username as the initial ID. It will prompt for + the password:

    -

    Add or modify 'username2' in the password file 'Filename':

    -

    htpasswd Filename username2

    +

    + htpasswd -c Filename username +

    + +

    Add or modify username2 in the password file + Filename:

    + +

    + htpasswd Filename username2 +

    Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.

    -

    Security

    -

    Make sure that the AuthUserFile is - stored outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients will - be able to download the AuthUserFile.

    +

    If you are using HTTP Digest Authentication, the htpasswd tool is not sufficient. + You have to use htdigest + instead. Note that you cannot mix user data for Digest Authentication + and Basic Authentication within the same file.

    + +

    Security

    +

    Make sure that the AuthUserFile is + stored outside the document tree of the web-server. Do + not put it in the directory that it protects. + Otherwise, clients may be able to download the + AuthUserFile.

    \ No newline at end of file diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en index b3f598cc1a..224a8d03a1 100644 --- a/docs/manual/mod/mod_authz_dbm.html.en +++ b/docs/manual/mod/mod_authz_dbm.html.en @@ -20,14 +20,14 @@

    See also

    top

    AuthDBMGroupFile Directive

    Description: Sets the name of the database file containing the list of user groups for authentication
    Syntax: - AuthDBMGroupFile file-path
    Context: + AuthDBMGroupFile file-path
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authz_dbm

    The AuthDBMGroupFile directive sets the name of a DBM file containing the list of user groups for user - authentication. File-path is the absolute path to the + authentication. File-path is the absolute path to the group file.

    The group file is keyed on the username. The value for a @@ -35,12 +35,14 @@ of user groups for authentication

    AuthDBMGroupFile is stored outside the - document tree of the web-server; do not put it in the - directory that it protects. Otherwise, clients will be able to - download the AuthDBMGroupFile unless - otherwise protected.

    +

    Security

    +

    Make sure that the AuthDBMGroupFile is + stored outside the document tree of the web-server. Do + not put it in the directory that it protects. + Otherwise, clients will be able to download the + AuthDBMGroupFile unless otherwise + protected.

    +

    Combining Group and Password DBM files: In some cases it is easier to manage a single database which contains both the @@ -50,41 +52,40 @@ of user groups for authentication

    -AuthDBMGroupFile /www/userbase
    -AuthDBMUserFile /www/userbase -

    +

    + AuthDBMGroupFile /www/userbase
    + AuthDBMUserFile /www/userbase +

    The key for the single DBM is the username. The value consists of

    -

    Unix Crypt-ed Password : List of Groups [ : (ignored) - ]

    +

    + Encrypted Password : List of Groups [ : (ignored) ] +

    -

    The password section contains the Unix crypt() +

    The password section contains the encrypted password as before. This is followed by a colon and the comma separated list of groups. Other data may optionally be left in the DBM file after another colon; it is ignored by the authentication module. This is what www.telescope.org uses for its combined password and group database.

    top

    AuthzDBMAuthoritative Directive

    Description: - Sets whether authorization will be passed on to lower level modules
    Syntax: - AuthzDBMAuthoritative on|off
    Default: - AuthzDBMAuthoritative on
    Context: + Sets whether authorization will be passed on to lower level +modules
    Syntax: + AuthzDBMAuthoritative On|Off
    Default: + AuthzDBMAuthoritative On
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: mod_authz_dbm
    -

    Setting the AuthzDBMAuthoritative - directive explicitly to 'off' allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the Configuration and - modules.c file if there is no userID - or rule matching the supplied userID. If there is - a userID and/or rule specified; the usual password and access - checks will be applied and a failure will give an Authorization - Required reply.

    + directive explicitly to Off allows group authorization + to be passed on to lower level modules (as defined in the + modules.c file) if there is no group found + for the the supplied userID. If there are any groups + specified, the usual checks will be applied and a failure will + give an Authentication Required reply.

    So if a userID appears in the database of more than one module; or if a valid Require @@ -93,21 +94,24 @@ AuthDBMUserFile /www/userbase regardless of the AuthAuthoritative setting.

    A common use for this is in conjunction with one of the - auth providers; such as mod_authn_file. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.

    + auth providers; such as mod_authn_dbm or + mod_authn_file. Whereas this DBM module supplies + the bulk of the user credential checking; a few (administrator) related + accesses fall through to a lower level with a well protected + .htpasswd file.

    -

    By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not +

    By default, control is not passed on and an unknown group + will result in an Authentication Required reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.

    -

    Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.

    +

    Security

    +

    Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a + database which might have more access interfaces.

    +
    top

    AuthzDBMType Directive

    Description: Sets the type of database file that is used to store passwords
    Syntax: @@ -116,14 +120,12 @@ store passwords
    Syntax: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Module: - mod_authz_dbm
    Compatibility: - Available in version 2.0.30 and later.
    +
    		mod_authz_dbm
    +

    Sets the type of database file that is used to store the passwords. + The default database type is determined at compile time. The + availability of other types of database files also depends on + compile-time settings.

    -

    Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -compile-time settings.

    - -

    It is crucial that whatever program you use to create your password -files is configured to use the same type of database.

    +

    It is crucial that whatever program you use to create your password + files is configured to use the same type of database.

    \ No newline at end of file diff --git a/docs/manual/mod/mod_authz_default.html.en b/docs/manual/mod/mod_authz_default.html.en new file mode 100644 index 0000000000..02b00a80ad --- /dev/null +++ b/docs/manual/mod/mod_authz_default.html.en @@ -0,0 +1,39 @@ + + +mod_authz_default - Apache HTTP Server

    Modules | Directives | FAQ | Glossary | Sitemap

    Apache HTTP Server Version 2.1

    <-

    Apache Module mod_authz_default

    Description: + Authorization fallback module
    Status: + Base
    Module Identifier: + authz_default_module
    Source File: + mod_authz_default.c
    Compatibility: + Available in Apache 2.1 and later

    Summary

    +

    This module is designed to be the fallback module, if you don't + have configured an authorization module like + mod_authz_user or mod_authz_groupfile. + It simply rejects any authorization request.

    +
    top

    AuthzDefaultAuthoritative Directive

    Description: + Sets whether authorization is passed to lower level +modules
    Syntax: + AuthzDefaultAuthoritative On|Off
    Default: + AuthzDefaultAuthoritative On
    Context: + directory, .htaccess
    Override: + AuthConfig
    Status: + Base
    Module: + mod_authz_default
    +

    Setting the AuthzDefaultAuthoritative directive + explicitly to Off allows for authorization to be passed on + to lower level modules (as defined in the modules.c + files).

    + +

    Note

    +

    Normally there are no lower level modules, since + mod_authz_default is defined to be already on + a very low level. Therefore you should leave the value of + AuthzDefaultAuthoritative as default + (On).

    +
    +
    \ No newline at end of file diff --git a/docs/manual/mod/mod_authz_groupfile.html.en b/docs/manual/mod/mod_authz_groupfile.html.en index ea7ab5d92c..eb3e4a8dde 100644 --- a/docs/manual/mod/mod_authz_groupfile.html.en +++ b/docs/manual/mod/mod_authz_groupfile.html.en @@ -6,78 +6,70 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->mod_authz_groupfile - Apache HTTP Server

    Modules | Directives | FAQ | Glossary | Sitemap

    Apache HTTP Server Version 2.1

    <-

    Apache Module mod_authz_groupfile

    Description: Group authorization using plaintext files
    Status: - Extension
    Module Identifier: + Base
    Module Identifier: authz_groupfile_module
    Source File: mod_authz_groupfile.c
    Compatibility: Available in Apache 2.1 and later

    Summary

    This module provides authorization capabilities so that - authenticated users can be allowed or denied access to portions - of the web site by group membership. Similar functionality is - provided by mod_authz_dbm.

    + authenticated users can be allowed or denied access to portions + of the web site by group membership. Similar functionality is + provided by mod_authz_dbm.

    top

    AuthGroupFile Directive

    Description: Sets the name of a text file containing the list of user groups for authentication
    Syntax: - AuthGroupFile file-path
    Context: + AuthGroupFile file-path
    Context: directory, .htaccess
    Override: AuthConfig
    Status: - Extension
    Module: + Base
    Module: mod_authz_groupfile

    The AuthGroupFile directive sets the name of a textual file containing the list of user groups for user - authentication. File-path is the path to the group - file. If it is not absolute (i.e., if it doesn't begin - with a slash), it is treated as relative to the ServerRoot.

    + authentication. File-path is the path to the group + file. If it is not absolute, it is treated as relative to the ServerRoot.

    Each line of the group file contains a groupname followed by a - colon, followed by the member usernames separated by spaces. - Example:

    + colon, followed by the member usernames separated by spaces.

    -

    mygroup: bob joe anne

    +

    Example:

    + mygroup: bob joe anne +

    Note that searching large text files is very - inefficient; AuthDBMGroupFile should be used - instead.

    + inefficient; AuthDBMGroupFile provides a much better performance.

    -

    Security

    -

    Make sure that the AuthGroupFile is - stored outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients will - be able to download the AuthGroupFile.

    +

    Security

    +

    Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients may + be able to download the AuthGroupFile.

    top

    AuthzGroupFileAuthoritative Directive

    Description: - Sets whether authorization will be passed on to lower level modules
    Syntax: - AuthzGroupFileAuthoritative on|off
    Default: - AuthzGroupFileAuthoritative on
    Context: + Sets whether authorization will be passed on to lower level +modules
    Syntax: + AuthzGroupFileAuthoritative On|Off
    Default: + AuthzGroupFileAuthoritative On
    Context: directory, .htaccess
    Override: AuthConfig
    Status: - Extension
    Module: + Base
    Module: mod_authz_groupfile
    -

    Setting the AuthzGroupFileAuthoritative - directive explicitly to 'off' allows for - authorization to be passed on to lower level modules (as defined in - the Configuration and modules.c file if - there is no userID or rule matching - the supplied userID. If there is a userID and/or rule specified; the - usual password and access checks will be applied and a failure will - give an Authorization Required reply.

    + directive explicitly to Off allows for + group authorization to be passed on to lower level modules (as defined + in the modules.c files) if there is no + group matching the supplied userID.

    -

    So if a valid Require - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthzGroupFileAuthoritative - setting.

    - -

    By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not +

    By default, control is not passed on and an unknown group + will result in an Authentication Required reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.

    -

    Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.

    +

    Security

    +

    Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify + that this is really what you want; Generally it is easier to just + secure a single .htpasswd file, than it is to secure + a database which might have more access interfaces.

    +
    \ No newline at end of file diff --git a/docs/manual/mod/mod_authz_host.html.en b/docs/manual/mod/mod_authz_host.html.en index 641a443be6..aafe0ef77e 100644 --- a/docs/manual/mod/mod_authz_host.html.en +++ b/docs/manual/mod/mod_authz_host.html.en @@ -42,14 +42,12 @@ address)Status:

    See also

    top

    Allow Directive

    Description: Controls which hosts can access an area of the server
    Syntax: - Allow from - all|host|env=env-variable - [host|env=env-variable] ...
    Context: + Allow from all|host|env=env-variable +[host|env=env-variable] ...
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_authz_host
    -

    The Allow directive affects which hosts can access an area of the server. Access can be controlled by hostname, IP Address, IP Address range, or by other @@ -68,38 +66,52 @@ serverSyntax:

    A (partial) domain-name
    -
    Example: Allow from apache.org
    - Hosts whose names match, or end in, this string are allowed +
    +

    Example:

    + Allow from apache.org +

    +

    Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.apache.org but it will not match fooapache.org. This configuration will cause the server to perform a reverse DNS lookup on the client IP address, regardless of the setting of the HostnameLookups - directive.

    + directive.

    A full IP address
    -
    Example: Allow from 10.1.2.3
    - An IP address of a host allowed access
    +
    +

    Example:

    + Allow from 10.1.2.3 +

    +

    An IP address of a host allowed access

    A partial IP address
    -
    Example: Allow from 10.1
    - The first 1 to 3 bytes of an IP address, for subnet - restriction.
    +
    +

    Example:

    + Allow from 10.1 +

    +

    The first 1 to 3 bytes of an IP address, for subnet + restriction.

    A network/netmask pair
    -
    Example: Allow from - 10.1.0.0/255.255.0.0
    - A network a.b.c.d, and a netmask w.x.y.z. For more - fine-grained subnet restriction.
    +
    +

    Example:

    + Allow from 10.1.0.0/255.255.0.0 +

    +

    A network a.b.c.d, and a netmask w.x.y.z. For more + fine-grained subnet restriction.

    A network/nnn CIDR specification
    -
    Example: Allow from 10.1.0.0/16
    - Similar to the previous case, except the netmask consists of - nnn high-order 1 bits.
    +
    +

    Example:

    + Allow from 10.1.0.0/16 +

    +

    Similar to the previous case, except the netmask consists of + nnn high-order 1 bits.

    Note that the last three examples above match exactly the @@ -116,25 +128,26 @@ serverSyntax:

    The third format of the arguments to the Allow directive allows access to the server to be controlled based on the existence of an environment variable. When Allow from - env=env-variable is specified, then the request is - allowed access if the environment variable env-variable + env=env-variable is specified, then the request is + allowed access if the environment variable env-variable exists. The server provides the ability to set environment variables in a flexible way based on characteristics of the client request using the directives provided by - mod_setenvif. Therefore, this directive can be + mod_setenvif. Therefore, this directive can be used to allow access based on such factors as the clients User-Agent (browser type), Referer, or other HTTP request header fields.

    -

    Example:

    - -SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
    -<Directory /docroot>
    -   Order Deny,Allow
    -   Deny from all
    -   Allow from env=let_me_in
    -</Directory> -

    +

    Example:

    + SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
    + <Directory /docroot>
    + + Order Deny,Allow
    + Deny from all
    + Allow from env=let_me_in
    +     + </Directory> +

    In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all @@ -142,9 +155,8 @@ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in

    top

    Deny Directive

    Description: Controls which hosts are denied access to the server
    Syntax: - Deny from - all|host|env=env-variable - [host|env=env-variable] ...
    Context: + Deny from all|host|env=env-variable +[host|env=env-variable] ...
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: @@ -157,28 +169,27 @@ server
    Syntax: Controls the default access state and the order in which Allow and Deny are evaluated.
    Syntax: - Order ordering
    Default: + Order ordering
    Default: Order Deny,Allow
    Context: directory, .htaccess
    Override: Limit
    Status: Base
    Module: mod_authz_host
    -

    The Order directive controls the default access state and the order in which Allow and Deny directives are evaluated. - Ordering is one of

    + Ordering is one of

    -
    Deny,Allow
    +
    Deny,Allow
    The Deny directives are evaluated before the Allow directives. Access is - allowed by default. Any client which does not match a + allowed by default. Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server.
    -
    Allow,Deny
    +
    Allow,Deny
    The Allow directives are evaluated before the Deny directives. Access is denied @@ -186,7 +197,7 @@ evaluated.Syntax: Deny directive will be denied access to the server.
    -
    Mutual-failure
    +
    Mutual-failure
    Only those hosts which appear on the Allow list and do not appear on the Deny list are @@ -195,17 +206,17 @@ evaluated.Syntax: configuration.
    -

    Keywords may only be separated by a comma; no whitespace is +

    Keywords may only be separated by a comma; no whitespace is allowed between them. Note that in all cases every Allow and Deny statement is evaluated.

    In the following example, all hosts in the apache.org domain are allowed access; all other hosts are denied access.

    -

    +

    Order Deny,Allow
    Deny from all
    - Allow from apache.org
    -

    + Allow from apache.org +

    In the next example, all hosts in the apache.org domain are allowed access, except for the hosts which are in the @@ -213,11 +224,11 @@ evaluated.Syntax: in the apache.org domain are denied access because the default state is to deny access to the server.

    -

    - Order Allow,Deny
    - Allow from apache.org
    - Deny from foo.apache.org
    -

    +

    + Order Allow,Deny
    + Allow from apache.org
    + Deny from foo.apache.org +

    On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will @@ -232,13 +243,15 @@ evaluated.Syntax:

    The presence of an Order directive can affect access to a part of the server even in the absence of accompanying Allow and Deny directives because of its effect - on the default access state. For example,

    + on the default access state. For example,

    -

    +

    <Directory /www>
    -   Order Allow,Deny
    + + Order Allow,Deny
    +     </Directory> -

    +

    will deny all access to the /www directory because the default access state will be set to diff --git a/docs/manual/mod/mod_authz_user.html.en b/docs/manual/mod/mod_authz_user.html.en new file mode 100644 index 0000000000..20b2865bbd --- /dev/null +++ b/docs/manual/mod/mod_authz_user.html.en @@ -0,0 +1,39 @@ + + +mod_authz_user - Apache HTTP Server

    Modules | Directives | FAQ | Glossary | Sitemap

    Apache HTTP Server Version 2.1

    <-

    Apache Module mod_authz_user

    Description: + User Authorization
    Status: + Base
    Module Identifier: + authz_user_module
    Source File: + mod_authz_user.c
    Compatibility: + Available in Apache 2.1 and later

    Summary

    +

    This module provides authorization capabilities so that + authenticated users can be allowed or denied access to portions + of the web site. mod_authz_user grants + access if the authenticated user is listed in a Require user + directive. Alternatively require valid-user can be used to + grant access to all successfully authenticated users.

    +
    top

    AuthzUserAuthoritative Directive

    Description: + Sets whether authorization will be passed on to lower level +modules
    Syntax: + AuthzUserAuthoritative On|Off
    Default: + AuthzUserAuthoritative On
    Context: + directory, .htaccess
    Override: + AuthConfig
    Status: + Base
    Module: + mod_authz_user
    +

    Setting the AuthzUserAuthoritative + directive explicitly to Off allows for + user authorization to be passed on to lower level modules (as defined + in the modules.c files) if there is no + user matching the supplied userID.

    + +

    By default, control is not passed on and an unknown user + will result in an Authentication Required reply. Not + setting it to Off thus keeps the system secure and forces + an NCSA compliant behaviour.

    +
    \ No newline at end of file diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index dd62a58725..6d4815a56d 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -90,50 +90,50 @@ onto the specified content type AliasMatch regex file-path|directory-pathsvBMaps URLs to filesystem locations using regular expressions - Allow from - all|host|env=env-variable - [host|env=env-variable] ...dhBControls which hosts can access an area of the + Allow from all|host|env=env-variable +[host|env=env-variable] ...dhBControls which hosts can access an area of the server AllowCONNECT port [port] ... 443 563 svEPorts that are allowed to CONNECT through the proxy AllowOverride All|None|directive-type [directive-type] ... All dCTypes of directives that are allowed in .htaccess files -Anonymous user [user] ...dhESpecifies userIDs that areallowed access without +Anonymous user [user] ...dhESpecifies userIDs that areallowed access without password verification -Anonymous_Authoritative on|off off dhEConfigures if authorization will fall-through -to other methods -Anonymous_LogEmail on|off on dhESets whether the password entered will be logged in the +Anonymous_LogEmail On|Off On dhESets whether the password entered will be logged in the error log -Anonymous_MustGiveEmail on|off on dhESpecifies whether blank passwords are allowed -Anonymous_NoUserID on|off off dhESets whether the userID field may be empty -Anonymous_VerifyEmail on|off off dhESets whether to check the password field for a correctly +Anonymous_MustGiveEmail On|Off On dhESpecifies whether blank passwords are allowed +Anonymous_NoUserID On|Off Off dhESets whether the userID field may be empty +Anonymous_VerifyEmail On|Off Off dhESets whether to check the password field for a correctly formatted email address -AssignUserID user_id group_idvM- -AuthBasicAuthoritative on|off on dhBSets whether authorization and authentication are -passed to lower level modules -AuthBasicProvider provider-namedhBSets the authentication provider(s) for this location -AuthDBMGroupFile file-pathdhESets the name of the database file containing the list +AssignUserID user_id group_idvM- +AuthBasicAuthoritative On|Off On dhBSets whether authorization and authentication are passed to +lower level modules +AuthBasicProvider On|Off|provider-name +[provider-name] ... On dBSets the authentication provider(s) for this location +AuthDBMGroupFile file-pathdhESets the name of the database file containing the list of user groups for authentication -AuthDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to +AuthDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to store passwords -AuthDBMUserFile file-pathdhESets the name of a database file containing the list of users and +AuthDBMUserFile file-pathdhESets the name of a database file containing the list of users and passwords for authentication +AuthDefaultAuthoritative On|Off On dhBSets whether authentication is passed to lower level +modules AuthDigestAlgorithm MD5|MD5-sess MD5 dhXSelects the algorithm used to calculate the challenge and response hases in digest authentication AuthDigestDomain URI [URI] ...dhXURIs that are in the same protection space for digest authentication -AuthDigestFile file-pathdhXLocation of the text file containing the list -of users and encoded passwords for digest authentication -AuthDigestGroupFile file-pathdhXName of the text file containing the list of groups -for digest authentication AuthDigestNcCheck On|Off Off sXEnables or disables checking of the nonce-count sent by the server AuthDigestNonceFormat formatdhXDetermines how the nonce is generated AuthDigestNonceLifetime seconds 300 dhXHow long the server nonce is valid -AuthDigestQop none|auth|auth-int [auth|auth-int] auth dhXDetermines the quality-of-protection to use in digest +AuthDigestProvider On|Off|provider-name +[provider-name] ...dXSets the authentication provider(s) for this location +AuthDigestQop none|auth|auth-int [auth|auth-int] auth dhXDetermines the quality-of-protection to use in digest authentication -AuthGroupFile file-pathdhESets the name of a text file containing the list +AuthDigestShmemSize size 1000 sXThe amount of shared memory to allocate for keeping track +of clients +AuthGroupFile file-pathdhBSets the name of a text file containing the list of user groups for authentication AuthLDAPAuthoritative on|off on dhXPrevent other authentication modules from authenticating the user if this one fails @@ -153,12 +153,18 @@ environment variable AuthName auth-domaindhCAuthorization realm for use in HTTP authentication AuthType Basic|DigestdhCType of user authentication -AuthUserFile file-pathdhBSets the name of a text file containing the list of users and +AuthUserFile file-pathdhBSets the name of a text file containing the list of users and passwords for authentication -AuthzDBMAuthoritative on|off on dhESets whether authorization will be passed on to lower level modules +AuthzDBMAuthoritative On|Off On dhESets whether authorization will be passed on to lower level +modules AuthzDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to store passwords -AuthzGroupFileAuthoritative on|off on dhESets whether authorization will be passed on to lower level modules +AuthzDefaultAuthoritative On|Off On dhBSets whether authorization is passed to lower level +modules +AuthzGroupFileAuthoritative On|Off On dhBSets whether authorization will be passed on to lower level +modules +AuthzUserAuthoritative On|Off On dhBSets whether authorization will be passed on to lower level +modules BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables conditional on HTTP User-Agent @@ -245,9 +251,8 @@ server cannot determine a type in any other way DeflateFilterNote notenamesvEPlaces the compression ratio in a note for logging DeflateMemLevel value 9 svEHow much memory should be used by zlib for compression DeflateWindowSize value 15 svEZlib compression window size - Deny from - all|host|env=env-variable - [host|env=env-variable] ...dhBControls which hosts are denied access to the + Deny from all|host|env=env-variable +[host|env=env-variable] ...dhBControls which hosts are denied access to the server <Directory directory-path> ... </Directory>svCEnclose a group of directives that apply only to the @@ -415,7 +420,7 @@ to directly Options [+|-]option [[+|-]option] ... All svdhCConfigures what features are available in a particular directory - Order ordering Deny,Allow dhBControls the default access state and the order in which + Order ordering Deny,Allow dhBControls the default access state and the order in which Allow and Deny are evaluated. PassEnv env-variable [env-variable] diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en index a24657ce92..a8bdc401d3 100644 --- a/docs/manual/sitemap.html.en +++ b/docs/manual/sitemap.html.en @@ -98,10 +98,13 @@ Server on HPUX
  • Apache Module mod_auth_ldap
  • Apache Module mod_authn_anon
  • Apache Module mod_authn_dbm
    • +
  • Apache Module mod_authn_default
  • Apache Module mod_authn_file
  • Apache Module mod_authz_dbm
    • +
  • Apache Module mod_authz_default
  • Apache Module mod_authz_groupfile
  • Apache Module mod_authz_host
    • +
  • Apache Module mod_authz_user
  • Apache Module mod_autoindex
  • Apache Module mod_cache
  • Apache Module mod_cern_meta