summaryrefslogtreecommitdiff
path: root/docs/manual/mod/mod_authz_core.html.en
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manual/mod/mod_authz_core.html.en')
-rw-r--r--docs/manual/mod/mod_authz_core.html.en85
1 files changed, 41 insertions, 44 deletions
diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en
index 25da33bc..3d1fb7ae 100644
--- a/docs/manual/mod/mod_authz_core.html.en
+++ b/docs/manual/mod/mod_authz_core.html.en
@@ -9,7 +9,7 @@
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
-<script src="../style/scripts/prettify.js" type="text/javascript">
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
</script>
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
@@ -79,8 +79,7 @@
multiple ldap hosts:
</p>
- <pre class="prettyprint lang-config">
-&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
+ <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
@@ -104,8 +103,7 @@ Alias /secure /webpages/secure
#implied OR operation
Require ldap-group-alias1
Require ldap-group-alias2
-&lt;/Directory&gt;
- </pre>
+&lt;/Directory&gt;</pre>
@@ -132,8 +130,7 @@ Alias /secure /webpages/secure
not belong to either the <code>temps</code> group or the
LDAP group <code>Temporary Employees</code>.</p>
- <pre class="prettyprint lang-config">
-&lt;Directory /www/mydocs&gt;
+ <pre class="prettyprint lang-config">&lt;Directory /www/mydocs&gt;
&lt;RequireAll&gt;
&lt;RequireAny&gt;
Require user superadmin
@@ -151,8 +148,7 @@ Alias /secure /webpages/secure
Require ldap-group cn=Temporary Employees,o=Airius
&lt;/RequireNone&gt;
&lt;/RequireAll&gt;
-&lt;/Directory&gt;
- </pre>
+&lt;/Directory&gt;</pre>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
@@ -176,18 +172,35 @@ Alias /secure /webpages/secure
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
- <pre class="prettyprint lang-config">
-SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+ <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
&lt;Directory /docroot&gt;
Require env let_me_in
-&lt;/Directory&gt;
- </pre>
+&lt;/Directory&gt;</pre>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
others will be denied.</p>
+ <p>When the server looks up a path via an internal
+ <a class="glossarylink" href="../glossary.html#subrequest" title="see glossary">subrequest</a> such as looking
+ for a <code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code>
+ or generating a directory listing with <code class="module"><a href="../mod/mod_autoindex.html">mod_autoindex</a></code>,
+ per-request environment variables are <em>not</em> inherited in the
+ subrequest. Additionally,
+ <code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> directives
+ are not separately evaluated in the subrequest due to the API phases
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>.</p>
+
+
+ <p>When the server looks up a path via an internal subrequest,
+ such as looking for a <code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code> or generating a directory listing with
+ <code class="module"><a href="../mod/mod_autoindex.html">mod_autoindex</a></code>, per-request environment variables are
+ <em>not</em> inherited in the subrequest. Additionally, environment
+ <code class="directive"><a href="../mod/mod_setenvif.html#setenvif">SetEnvIf</a></code> directives
+ are not separately evaluated in the subrequest due to the API phases
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> takes action in.</p>
+
<h3><a name="reqall" id="reqall">Require all</a></h3>
@@ -198,14 +211,10 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
'granted' or 'denied'. The following examples will grant or deny
access to all requests.</p>
- <pre class="prettyprint lang-config">
- Require all granted
- </pre>
+ <pre class="prettyprint lang-config">Require all granted</pre>
- <pre class="prettyprint lang-config">
- Require all denied
- </pre>
+ <pre class="prettyprint lang-config">Require all denied</pre>
@@ -220,21 +229,17 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
<p>The following example will only allow GET, HEAD, POST, and OPTIONS
requests:</p>
- <pre class="prettyprint lang-config">
- Require method GET POST OPTIONS
- </pre>
+ <pre class="prettyprint lang-config">Require method GET POST OPTIONS</pre>
<p>The following example will allow GET, HEAD, POST, and OPTIONS
requests without authentication, and require a valid user for all other
methods:</p>
- <pre class="prettyprint lang-config">
-&lt;RequireAny&gt;
- &nbsp;Require method GET POST OPTIONS
- &nbsp;Require valid-user
-&lt;/RequireAny&gt;
- </pre>
+ <pre class="prettyprint lang-config">&lt;RequireAny&gt;
+  Require method GET POST OPTIONS
+  Require valid-user
+&lt;/RequireAny&gt;</pre>
@@ -244,9 +249,7 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
<p>The <code>expr</code> provider allows to base authorization
decisions on arbitrary expressions.</p>
- <pre class="prettyprint lang-config">
- Require expr "%{TIME_HOUR} -ge 9 &amp;&amp; %{TIME_HOUR} -le 17"
- </pre>
+ <pre class="prettyprint lang-config">Require expr "%{TIME_HOUR} -ge 9 &amp;&amp; %{TIME_HOUR} -le 17"</pre>
<p>The syntax is described in the <a href="../expr.html">ap_expr</a>
@@ -309,8 +312,7 @@ sections.</td></tr>
preceding sections. Thus only users belong to the group
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
- <pre class="prettyprint lang-config">
-&lt;Directory /www/docs&gt;
+ <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
AuthType Basic
AuthName Documents
AuthBasicProvider file
@@ -325,8 +327,7 @@ sections.</td></tr>
&lt;Directory /www/docs/ab/gamma&gt;
Require group gamma
-&lt;/Directory&gt;
- </pre>
+&lt;/Directory&gt;</pre>
</div>
@@ -450,14 +451,12 @@ an authorization provider.</td></tr>
and <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> (to
define users and groups) in order to work correctly. Example:</p>
- <pre class="prettyprint lang-config">
-AuthType Basic
+ <pre class="prettyprint lang-config">AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
-Require group admin
- </pre>
+Require group admin</pre>
<p>Access controls which are applied in this way are effective for
@@ -480,14 +479,12 @@ Require group admin
and <code>beta</code> groups are authorized, except for those who
are also in the <code>reject</code> group.</p>
- <pre class="prettyprint lang-config">
-&lt;Directory /www/docs&gt;
+ <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
&lt;RequireAll&gt;
Require group alpha beta
Require not group reject
&lt;/RequireAll&gt;
-&lt;/Directory&gt;
- </pre>
+&lt;/Directory&gt;</pre>
<p>When multiple <code class="directive">Require</code> directives are
@@ -657,7 +654,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authz_core.h
}
})(window, document);
//--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 06:00:34 +0000