diff options
author | Eric Covener <covener@apache.org> | 2016-12-05 20:34:20 +0100 |
---|---|---|
committer | Eric Covener <covener@apache.org> | 2016-12-05 20:34:20 +0100 |
commit | cb1fc9c5a5f16fefc9765633d67c724582973285 (patch) | |
tree | 95417917ebc58d285596354dc94d9f45debd49e9 /docs/manual/upgrading.html.en | |
parent | provide more access control migration hints (diff) | |
download | apache2-cb1fc9c5a5f16fefc9765633d67c724582973285.tar.xz apache2-cb1fc9c5a5f16fefc9765633d67c724582973285.zip |
xforms
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772759 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | docs/manual/upgrading.html.en | 64 |
1 files changed, 61 insertions, 3 deletions
diff --git a/docs/manual/upgrading.html.en b/docs/manual/upgrading.html.en index 7b279c1ca1..fb72e31d5c 100644 --- a/docs/manual/upgrading.html.en +++ b/docs/manual/upgrading.html.en @@ -150,21 +150,21 @@ <p>Here are some examples of old and new ways to do the same access control.</p> - <p>In this example, all requests are denied.</p> + <p>In this example, there is no authentication and all requests are denied.</p> <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order deny,allow Deny from all</pre> </div> <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">Require all denied</pre> </div> - <p>In this example, all requests are allowed.</p> + <p>In this example, there is no authentication and all requests are allowed.</p> <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny Allow from all</pre> </div> <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">Require all granted</pre> </div> - <p>In the following example, all hosts in the example.org domain + <p>In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.</p> <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order Deny,Allow @@ -222,6 +222,64 @@ access.log - GET /server-status 200 127.0.0.1</pre> </p> + <p>In many configurations with authentication, where the value of the + <code class="directive">Satisfy</code> was the default of <em>ALL</em>, snippets + that simply disabled host-based access control are omitted:</p> + + <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order Deny,Allow +Deny from all +AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +Require valid-user</pre> +</div> + <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config"># No replacement needed +AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +Require valid-user</pre> +</div> + + <p>In configurations where both authentication and access control were meaningfully combined, the + access control directives should be migrated. This example allows requests meeting <em>both</em> criteria:</p> + <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny +Deny from all +# Satisfy ALL is the default +Satisfy ALL +Allow from 127.0.0.1 +AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +Require valid-user</pre> +</div> + <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +<RequireAll> + Require valid-user + require ip 127.0.0.1 +</RequireAll></pre> +</div> + + <p>In configurations where both authentication and access control were meaningfully combined, the + access control directives should be migrated. This example allows requests meeting <em>either</em> criteria:</p> + <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny +Deny from all +Satisfy any +Allow from 127.0.0.1 +AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +Require valid-user</pre> +</div> + <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">AuthBasicProvider File +AuthUserFile /example.com/conf/users.passwd +AuthName secure +# Implicitly <RequireAny> +Require valid-user +Require ip 127.0.0.1</pre> +</div> + <h3><a name="config" id="config">Other configuration changes</a></h3> |