summaryrefslogtreecommitdiffstats
path: root/docs/manual/upgrading.html.en
diff options
context:
space:
mode:
authorEric Covener <covener@apache.org>2016-12-05 20:34:20 +0100
committerEric Covener <covener@apache.org>2016-12-05 20:34:20 +0100
commitcb1fc9c5a5f16fefc9765633d67c724582973285 (patch)
tree95417917ebc58d285596354dc94d9f45debd49e9 /docs/manual/upgrading.html.en
parentprovide more access control migration hints (diff)
downloadapache2-cb1fc9c5a5f16fefc9765633d67c724582973285.tar.xz
apache2-cb1fc9c5a5f16fefc9765633d67c724582973285.zip
xforms
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772759 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r--docs/manual/upgrading.html.en64
1 files changed, 61 insertions, 3 deletions
diff --git a/docs/manual/upgrading.html.en b/docs/manual/upgrading.html.en
index 7b279c1ca1..fb72e31d5c 100644
--- a/docs/manual/upgrading.html.en
+++ b/docs/manual/upgrading.html.en
@@ -150,21 +150,21 @@
<p>Here are some examples of old and new ways to do the same
access control.</p>
- <p>In this example, all requests are denied.</p>
+ <p>In this example, there is no authentication and all requests are denied.</p>
<div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order deny,allow
Deny from all</pre>
</div>
<div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">Require all denied</pre>
</div>
- <p>In this example, all requests are allowed.</p>
+ <p>In this example, there is no authentication and all requests are allowed.</p>
<div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny
Allow from all</pre>
</div>
<div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">Require all granted</pre>
</div>
- <p>In the following example, all hosts in the example.org domain
+ <p>In the following example, there is no authentication and all hosts in the example.org domain
are allowed access; all other hosts are denied access.</p>
<div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order Deny,Allow
@@ -222,6 +222,64 @@ access.log - GET /server-status 200 127.0.0.1</pre>
</p>
+ <p>In many configurations with authentication, where the value of the
+ <code class="directive">Satisfy</code> was the default of <em>ALL</em>, snippets
+ that simply disabled host-based access control are omitted:</p>
+
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order Deny,Allow
+Deny from all
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user</pre>
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config"># No replacement needed
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user</pre>
+</div>
+
+ <p>In configurations where both authentication and access control were meaningfully combined, the
+ access control directives should be migrated. This example allows requests meeting <em>both</em> criteria:</p>
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny
+Deny from all
+# Satisfy ALL is the default
+Satisfy ALL
+Allow from 127.0.0.1
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user</pre>
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+&lt;RequireAll&gt;
+ Require valid-user
+ require ip 127.0.0.1
+&lt;/RequireAll&gt;</pre>
+</div>
+
+ <p>In configurations where both authentication and access control were meaningfully combined, the
+ access control directives should be migrated. This example allows requests meeting <em>either</em> criteria:</p>
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">Order allow,deny
+Deny from all
+Satisfy any
+Allow from 127.0.0.1
+AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+Require valid-user</pre>
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">AuthBasicProvider File
+AuthUserFile /example.com/conf/users.passwd
+AuthName secure
+# Implicitly &lt;RequireAny&gt;
+Require valid-user
+Require ip 127.0.0.1</pre>
+</div>
+
<h3><a name="config" id="config">Other configuration changes</a></h3>