diff options
| author | Ken Coar <coar@apache.org> | 2015-04-15 01:35:26 +0200 |
|---|---|---|
| committer | Ken Coar <coar@apache.org> | 2015-04-15 01:35:26 +0200 |
| commit | a90c8fdafb0ddf833dd502996aadea2066e3c63c (patch) | |
| tree | b4a4175b76a0c3dcb144fd819aac761b8a3586fc /docs/manual | |
| parent | Rebuild HTML docs (diff) | |
| download | apache2-a90c8fdafb0ddf833dd502996aadea2066e3c63c.tar.xz apache2-a90c8fdafb0ddf833dd502996aadea2066e3c63c.zip | |
Following up on BZ 53530.. putting quotation marks around
arbitrary-text, complex, and/or filesystem directive arguments.
More to do..
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1673582 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual')
28 files changed, 340 insertions, 317 deletions
diff --git a/docs/manual/howto/auth.html.en b/docs/manual/howto/auth.html.en index 23da9f9584..b22c1cbc86 100644 --- a/docs/manual/howto/auth.html.en +++ b/docs/manual/howto/auth.html.en @@ -213,13 +213,13 @@ module from each group.</p> following directives, either placed in the file <code>/usr/local/apache/htdocs/secret/.htaccess</code>, or placed in <code>httpd.conf</code> inside a <Directory - /usr/local/apache/htdocs/secret> section.</p> + "/usr/local/apache/htdocs/secret"> section.</p> <pre class="prettyprint lang-config">AuthType Basic AuthName "Restricted Files" # (Following line optional) AuthBasicProvider file -AuthUserFile /usr/local/apache/passwd/passwords +AuthUserFile "/usr/local/apache/passwd/passwords" Require user rbowen</pre> @@ -315,8 +315,8 @@ person in</a></h2> AuthName "By Invitation Only" # Optional line: AuthBasicProvider file -AuthUserFile /usr/local/apache/passwd/passwords -AuthGroupFile /usr/local/apache/passwd/groups +AuthUserFile "/usr/local/apache/passwd/passwords" +AuthGroupFile "/usr/local/apache/passwd/groups" Require group GroupName</pre> @@ -375,11 +375,11 @@ Require group GroupName</pre> <p>To select a dbm file rather than a text file, for example:</p> - <pre class="prettyprint lang-config"><Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider dbm - AuthDBMUserFile /www/passwords/passwd.dbm + AuthDBMUserFile "/www/passwords/passwd.dbm" Require valid-user </Directory></pre> @@ -397,11 +397,11 @@ Require group GroupName</pre> scheme that meets your needs. In the following example, both the file and LDAP based authentication providers are being used.</p> - <pre class="prettyprint lang-config"><Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider file ldap - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" AuthLDAPURL ldap://ldaphost/o=yourorg Require valid-user </Directory></pre> @@ -420,13 +420,13 @@ Require group GroupName</pre> authorization methods can also be used. In this example both file group authorization as well as LDAP group authorization is being used.</p> - <pre class="prettyprint lang-config"><Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" AuthLDAPURL ldap://ldaphost/o=yourorg - AuthGroupFile /usr/local/apache/passwd/groups + AuthGroupFile "/usr/local/apache/passwd/groups" Require group GroupName Require ldap-group cn=mygroup,o=yourorg </Directory></pre> diff --git a/docs/manual/howto/auth.xml b/docs/manual/howto/auth.xml index 2b0d8cc437..d53846c55b 100644 --- a/docs/manual/howto/auth.xml +++ b/docs/manual/howto/auth.xml @@ -197,14 +197,14 @@ module from each group.</p> following directives, either placed in the file <code>/usr/local/apache/htdocs/secret/.htaccess</code>, or placed in <code>httpd.conf</code> inside a <Directory - /usr/local/apache/htdocs/secret> section.</p> + "/usr/local/apache/htdocs/secret"> section.</p> <highlight language="config"> AuthType Basic AuthName "Restricted Files" # (Following line optional) AuthBasicProvider file -AuthUserFile /usr/local/apache/passwd/passwords +AuthUserFile "/usr/local/apache/passwd/passwords" Require user rbowen </highlight> @@ -309,8 +309,8 @@ AuthType Basic AuthName "By Invitation Only" # Optional line: AuthBasicProvider file -AuthUserFile /usr/local/apache/passwd/passwords -AuthGroupFile /usr/local/apache/passwd/groups +AuthUserFile "/usr/local/apache/passwd/passwords" +AuthGroupFile "/usr/local/apache/passwd/groups" Require group GroupName </highlight> @@ -370,11 +370,11 @@ Require group GroupName <p>To select a dbm file rather than a text file, for example:</p> <highlight language="config"> -<Directory /www/docs/private> +<Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider dbm - AuthDBMUserFile /www/passwords/passwd.dbm + AuthDBMUserFile "/www/passwords/passwd.dbm" Require valid-user </Directory> </highlight> @@ -393,11 +393,11 @@ Require group GroupName file and LDAP based authentication providers are being used.</p> <highlight language="config"> -<Directory /www/docs/private> +<Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider file ldap - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" AuthLDAPURL ldap://ldaphost/o=yourorg Require valid-user </Directory> @@ -417,13 +417,13 @@ Require group GroupName authorization as well as LDAP group authorization is being used.</p> <highlight language="config"> -<Directory /www/docs/private> +<Directory "/www/docs/private"> AuthName "Private" AuthType Basic AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" AuthLDAPURL ldap://ldaphost/o=yourorg - AuthGroupFile /usr/local/apache/passwd/groups + AuthGroupFile "/usr/local/apache/passwd/groups" Require group GroupName Require ldap-group cn=mygroup,o=yourorg </Directory> diff --git a/docs/manual/howto/htaccess.html.en b/docs/manual/howto/htaccess.html.en index ec8596dd00..f652699c2d 100644 --- a/docs/manual/howto/htaccess.html.en +++ b/docs/manual/howto/htaccess.html.en @@ -66,7 +66,7 @@ changes on a per-directory basis.</p> if you would rather call the file <code>.config</code> then you can put the following in your server configuration file:</p> - <pre class="prettyprint lang-config">AccessFileName .config</pre> + <pre class="prettyprint lang-config">AccessFileName ".config"</pre> </div> @@ -188,18 +188,18 @@ changes on a per-directory basis.</p> <p>Note that it is completely equivalent to put a <code>.htaccess</code> file in a directory <code>/www/htdocs/example</code> containing a directive, and to put that same directive in a Directory section - <code><Directory /www/htdocs/example></code> in your main server + <code><Directory "/www/htdocs/example"></code> in your main server configuration:</p> <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p> <div class="example"><h3>Contents of .htaccess file in - <code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example .exm</pre> + <code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example ".exm"</pre> </div> <div class="example"><h3>Section from your <code>httpd.conf</code> - file</h3><pre class="prettyprint lang-config"><Directory /www/htdocs/example> - AddType text/example .exm + file</h3><pre class="prettyprint lang-config"><Directory "/www/htdocs/example"> + AddType text/example ".exm" </Directory></pre> </div> @@ -265,11 +265,11 @@ changes on a per-directory basis.</p> prevent script execution while allowing anything else to be set in <code>.htaccess</code> you can use:</p> - <pre class="prettyprint lang-config"><Directory /www/htdocs> + <pre class="prettyprint lang-config"><Directory "/www/htdocs"> AllowOverride All </Directory> -<Location /> +<Location "/"> Options +IncludesNoExec -ExecCGI<br /> </Location></pre> @@ -300,8 +300,8 @@ changes on a per-directory basis.</p> <pre class="prettyprint lang-config">AuthType Basic AuthName "Password Required" -AuthUserFile /www/passwords/password.file -AuthGroupFile /www/passwords/group.file +AuthUserFile "/www/passwords/password.file" +AuthGroupFile "/www/passwords/group.file" Require group admins</pre> @@ -320,7 +320,7 @@ Require group admins</pre> <code>.htaccess</code> file in the desired directory:</p> <pre class="prettyprint lang-config">Options +Includes -AddType text/html shtml +AddType text/html "shtml" AddHandler server-parsed shtml</pre> @@ -340,13 +340,13 @@ the current directory, rather than being the original requested URI. Consider the following examples:</p> <pre class="prettyprint lang-config"># In httpd.conf -RewriteRule ^/images/(.+)\.jpg /images/$1.png +RewriteRule "^/images/(.+)\.jpg" "/images/$1.png" # In .htaccess in root dir -RewriteRule ^images/(.+)\.jpg images/$1.png +RewriteRule "^images/(.+)\.jpg" "images/$1.png" # In .htaccess in images/ -RewriteRule ^(.+)\.jpg $1.png</pre> +RewriteRule "^(.+)\.jpg" "$1.png"</pre> <p>In a <code>.htaccess</code> in your document directory, the leading @@ -367,7 +367,7 @@ further details on using <code>mod_rewrite</code>.</p> implemented with the following configuration:</p> <pre class="prettyprint lang-config">Options +ExecCGI -AddHandler cgi-script cgi pl</pre> +AddHandler cgi-script "cgi" "pl"</pre> <p>Alternately, if you wish to have all files in the given directory be diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml index 6902decd55..08e27eec63 100644 --- a/docs/manual/howto/htaccess.xml +++ b/docs/manual/howto/htaccess.xml @@ -77,7 +77,9 @@ changes on a per-directory basis.</p> if you would rather call the file <code>.config</code> then you can put the following in your server configuration file:</p> - <highlight language="config">AccessFileName .config</highlight> + <highlight language="config"> +AccessFileName ".config" + </highlight> </note> <p>In general, <code>.htaccess</code> files use the same syntax as @@ -209,21 +211,23 @@ changes on a per-directory basis.</p> <p>Note that it is completely equivalent to put a <code>.htaccess</code> file in a directory <code>/www/htdocs/example</code> containing a directive, and to put that same directive in a Directory section - <code><Directory /www/htdocs/example></code> in your main server + <code><Directory "/www/htdocs/example"></code> in your main server configuration:</p> <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p> <example><title>Contents of .htaccess file in <code>/www/htdocs/example</code></title> - <highlight language="config">AddType text/example .exm</highlight> + <highlight language="config"> +AddType text/example ".exm" + </highlight> </example> <example><title>Section from your <code>httpd.conf</code> file</title> <highlight language="config"> -<Directory /www/htdocs/example> - AddType text/example .exm +<Directory "/www/htdocs/example"> + AddType text/example ".exm" </Directory> </highlight> </example> @@ -237,7 +241,9 @@ changes on a per-directory basis.</p> by setting the <directive module="core">AllowOverride</directive> directive to <code>none</code>:</p> - <highlight language="config">AllowOverride None</highlight> + <highlight language="config"> +AllowOverride None + </highlight> </section> <section id="how"><title>How directives are applied</title> @@ -258,7 +264,9 @@ changes on a per-directory basis.</p> <p>In the directory <code>/www/htdocs/example1</code> we have a <code>.htaccess</code> file containing the following:</p> - <highlight language="config">Options +ExecCGI</highlight> + <highlight language="config"> +Options +ExecCGI + </highlight> <p>(Note: you must have "<code>AllowOverride Options</code>" in effect to permit the use of the "<directive @@ -268,7 +276,9 @@ changes on a per-directory basis.</p> <p>In the directory <code>/www/htdocs/example1/example2</code> we have a <code>.htaccess</code> file containing:</p> - <highlight language="config">Options Includes</highlight> + <highlight language="config"> +Options Includes + </highlight> <p>Because of this second <code>.htaccess</code> file, in the directory <code>/www/htdocs/example1/example2</code>, CGI execution is not @@ -292,11 +302,11 @@ changes on a per-directory basis.</p> <code>.htaccess</code> you can use:</p> <highlight language="config"> -<Directory /www/htdocs> +<Directory "/www/htdocs"> AllowOverride All </Directory> -<Location /> +<Location "/"> Options +IncludesNoExec -ExecCGI<br /> </Location> </highlight> @@ -330,8 +340,8 @@ changes on a per-directory basis.</p> <highlight language="config"> AuthType Basic AuthName "Password Required" -AuthUserFile /www/passwords/password.file -AuthGroupFile /www/passwords/group.file +AuthUserFile "/www/passwords/password.file" +AuthGroupFile "/www/passwords/group.file" Require group admins </highlight> @@ -351,7 +361,7 @@ Require group admins <highlight language="config"> Options +Includes -AddType text/html shtml +AddType text/html "shtml" AddHandler server-parsed shtml </highlight> @@ -372,13 +382,13 @@ Consider the following examples:</p> <highlight language="config"> # In httpd.conf -RewriteRule ^/images/(.+)\.jpg /images/$1.png +RewriteRule "^/images/(.+)\.jpg" "/images/$1.png" # In .htaccess in root dir -RewriteRule ^images/(.+)\.jpg images/$1.png +RewriteRule "^images/(.+)\.jpg" "images/$1.png" # In .htaccess in images/ -RewriteRule ^(.+)\.jpg $1.png +RewriteRule "^(.+)\.jpg" "$1.png" </highlight> <p>In a <code>.htaccess</code> in your document directory, the leading @@ -401,7 +411,7 @@ further details on using <code>mod_rewrite</code>.</p> <highlight language="config"> Options +ExecCGI -AddHandler cgi-script cgi pl +AddHandler cgi-script "cgi" "pl" </highlight> <p>Alternately, if you wish to have all files in the given directory be diff --git a/docs/manual/mod/mod_auth_basic.html.en b/docs/manual/mod/mod_auth_basic.html.en index 51f0d90fad..0e78f816d6 100644 --- a/docs/manual/mod/mod_auth_basic.html.en +++ b/docs/manual/mod/mod_auth_basic.html.en @@ -111,7 +111,7 @@ username and password</td></tr> <p>In this example, we pass a fixed username and password to a backend server.</p> - <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config"><Location /demo> + <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config"><Location "/demo"> AuthBasicFake demo demopass </Location></pre> </div> @@ -122,8 +122,8 @@ username and password</td></tr> directive. Like the FakeBasicAuth option, the password is set to the fixed string "password".</p> - <div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config"><Location /secure> - AuthBasicFake %{SSL_CLIENT_S_DN_Email} + <div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config"><Location "/secure"> + AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" </Location></pre> </div> @@ -132,12 +132,12 @@ username and password</td></tr> backend server. This can be used to gate into legacy systems that do not support client certificates.</p> - <div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config"><Location /secure> - AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}} + <div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config"><Location "/secure"> + AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}" </Location></pre> </div> - <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config"><Location /public> + <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config"><Location "/public"> AuthBasicFake off </Location></pre> </div> @@ -161,12 +161,12 @@ username and password</td></tr> The default <code>file</code> provider is implemented by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure that the chosen provider module is present in the server.</p> - <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location /secure> + <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location "/secure"> AuthType basic AuthName "private area" AuthBasicProvider dbm AuthDBMType SDBM - AuthDBMUserFile /www/etc/dbmpasswd + AuthDBMUserFile "/www/etc/dbmpasswd" Require valid-user </Location></pre> </div> diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index 730af2da11..46b6dacff4 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -60,12 +60,12 @@ that the chosen provider module is present in the server.</p> <example><title>Example</title> <highlight language="config"> -<Location /secure> +<Location "/secure"> AuthType basic AuthName "private area" AuthBasicProvider dbm AuthDBMType SDBM - AuthDBMUserFile /www/etc/dbmpasswd + AuthDBMUserFile "/www/etc/dbmpasswd" Require valid-user </Location> </highlight> @@ -136,7 +136,7 @@ username and password</description> <example><title>Fixed Example</title> <highlight language="config"> -<Location /demo> +<Location "/demo"> AuthBasicFake demo demopass </Location> </highlight> @@ -150,8 +150,8 @@ username and password</description> <example><title>Certificate Example</title> <highlight language="config"> -<Location /secure> - AuthBasicFake %{SSL_CLIENT_S_DN_Email} +<Location "/secure"> + AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" </Location> </highlight> </example> @@ -163,15 +163,15 @@ username and password</description> <example><title>Password Example</title> <highlight language="config"> -<Location /secure> - AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}} +<Location "/secure"> + AuthBasicFake "%{SSL_CLIENT_S_DN_Email}" "%{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}" </Location> </highlight> </example> <example><title>Exclusion Example</title> <highlight language="config"> -<Location /public> +<Location "/public"> AuthBasicFake off </Location> </highlight> diff --git a/docs/manual/mod/mod_auth_digest.html.en b/docs/manual/mod/mod_auth_digest.html.en index 0030e013c1..c9df7ecb40 100644 --- a/docs/manual/mod/mod_auth_digest.html.en +++ b/docs/manual/mod/mod_auth_digest.html.en @@ -83,13 +83,13 @@ <p>Appropriate user (text) files can be created using the <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p> - <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config"><Location /private/> + <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config"><Location "/private/"> AuthType Digest AuthName "private area" - AuthDigestDomain /private/ http://mirror.my.dom/private2/ + AuthDigestDomain "/private/" "http://mirror.my.dom/private2/" AuthDigestProvider file - AuthUserFile /web/auth/.digest_pw + AuthUserFile "/web/auth/.digest_pw" Require valid-user </Location></pre> </div> diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index afedd6cd64..7e3382f665 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -64,13 +64,13 @@ <example><title>Example:</title> <highlight language="config"> -<Location /private/> +<Location "/private/"> AuthType Digest AuthName "private area" - AuthDigestDomain /private/ http://mirror.my.dom/private2/ + AuthDigestDomain "/private/" "http://mirror.my.dom/private2/" AuthDigestProvider file - AuthUserFile /web/auth/.digest_pw + AuthUserFile "/web/auth/.digest_pw" Require valid-user </Location> </highlight> diff --git a/docs/manual/mod/mod_auth_form.html.en b/docs/manual/mod/mod_auth_form.html.en index b845a813fb..2f38a4774b 100644 --- a/docs/manual/mod/mod_auth_form.html.en +++ b/docs/manual/mod/mod_auth_form.html.en @@ -108,10 +108,10 @@ the user will be redirected to the form login page.</p> <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file -AuthUserFile conf/passwd +AuthUserFile "conf/passwd" AuthType form AuthName realm -AuthFormLoginRequiredLocation http://example.com/login.html +AuthFormLoginRequiredLocation "http://example.com/login.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret</pre> @@ -159,12 +159,12 @@ SessionCryptoPassphrase secret</pre> The action of the form should point at this handler, which is configured within Apache httpd as follows:</p> - <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config"><Location /dologin.html> + <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config"><Location "/dologin.html"> SetHandler form-login-handler - AuthFormLoginRequiredLocation http://example.com/login.html - AuthFormLoginSuccessLocation http://example.com/success.html + AuthFormLoginRequiredLocation "http://example.com/login.html" + AuthFormLoginSuccessLocation "http://example.com/success.html" AuthFormProvider file - AuthUserFile conf/passwd + AuthUserFile "conf/passwd" AuthType form AuthName realm Session On @@ -221,11 +221,11 @@ SessionCryptoPassphrase secret</pre> containing the login form, as follows:</p> <div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file -ErrorDocument 401 /login.shtml -AuthUserFile conf/passwd +ErrorDocument 401 "/login.shtml" +AuthUserFile "conf/passwd" AuthType form AuthName realm -AuthFormLoginRequiredLocation http://example.com/login.html +AuthFormLoginRequiredLocation "http://example.com/login.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret</pre> @@ -291,7 +291,7 @@ SessionCryptoPassphrase secret</pre> technology.</p> <div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config"> AuthFormProvider file - ErrorDocument 401 /cgi-bin/login.cgi + ErrorDocument 401 "/cgi-bin/login.cgi" ...</pre> </div> @@ -312,7 +312,7 @@ SessionCryptoPassphrase secret</pre> <div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler AuthName realm -AuthFormLogoutLocation http://example.com/loggedout.html +AuthFormLogoutLocation "http://example.com/loggedout.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret</pre> @@ -327,7 +327,7 @@ SessionCryptoPassphrase secret</pre> </p> <div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler -AuthFormLogoutLocation http://example.com/loggedout.html +AuthFormLogoutLocation "http://example.com/loggedout.html" Session On SessionMaxAge 1 SessionCookieName session path=/ @@ -515,7 +515,7 @@ parser has been added in 2.4.4.</td></tr> <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location /logout> SetHandler form-logout-handler - AuthFormLogoutLocation http://example.com/loggedout.html + AuthFormLogoutLocation "http://example.com/loggedout.html" Session on #... </Location></pre> @@ -613,7 +613,7 @@ parser has been added in 2.4.4.</td></tr> AuthName "private area" AuthFormProvider dbm AuthDBMType SDBM - AuthDBMUserFile /www/etc/dbmpasswd + AuthDBMUserFile "/www/etc/dbmpasswd" Require valid-user #... </Location></pre> diff --git a/docs/manual/mod/mod_auth_form.xml b/docs/manual/mod/mod_auth_form.xml index 041c3a732b..57450fd5ae 100644 --- a/docs/manual/mod/mod_auth_form.xml +++ b/docs/manual/mod/mod_auth_form.xml @@ -76,10 +76,10 @@ <example><title>Basic example</title> <highlight language="config"> AuthFormProvider file -AuthUserFile conf/passwd +AuthUserFile "conf/passwd" AuthType form AuthName realm -AuthFormLoginRequiredLocation http://example.com/login.html +AuthFormLoginRequiredLocation "http://example.com/login.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret @@ -133,12 +133,12 @@ SessionCryptoPassphrase secret <example><title>Form login handler example</title> <highlight language="config"> -<Location /dologin.html> +<Location "/dologin.html"> SetHandler form-login-handler - AuthFormLoginRequiredLocation http://example.com/login.html - AuthFormLoginSuccessLocation http://example.com/success.html + AuthFormLoginRequiredLocation "http://example.com/login.html" + AuthFormLoginSuccessLocation "http://example.com/success.html" AuthFormProvider file - AuthUserFile conf/passwd + AuthUserFile "conf/passwd" AuthType form AuthName realm Session On @@ -201,11 +201,11 @@ SessionCryptoPassphrase secret <example><title>Basic inline example</title> <highlight language="config"> AuthFormProvider file -ErrorDocument 401 /login.shtml -AuthUserFile conf/passwd +ErrorDocument 401 "/login.shtml" +AuthUserFile "conf/passwd" AuthType form AuthName realm -AuthFormLoginRequiredLocation http://example.com/login.html +AuthFormLoginRequiredLocation "http://example.com/login.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret @@ -280,7 +280,7 @@ SessionCryptoPassphrase secret <example><title>CGI example</title> <highlight language="config"> AuthFormProvider file - ErrorDocument 401 /cgi-bin/login.cgi + ErrorDocument 401 "/cgi-bin/login.cgi" ... </highlight> </example> @@ -304,7 +304,7 @@ SessionCryptoPassphrase secret <highlight language="config"> SetHandler form-logout-handler AuthName realm -AuthFormLogoutLocation http://example.com/loggedout.html +AuthFormLogoutLocation "http://example.com/loggedout.html" Session On SessionCookieName session path=/ SessionCryptoPassphrase secret @@ -322,7 +322,7 @@ SessionCryptoPassphrase secret <example><title>Basic session expiry example</title> <highlight language="config"> SetHandler form-logout-handler -AuthFormLogoutLocation http://example.com/loggedout.html +AuthFormLogoutLocation "http://example.com/loggedout.html" Session On SessionMaxAge 1 SessionCookieName session path=/ @@ -363,7 +363,7 @@ SessionCryptoPassphrase secret AuthName "private area" AuthFormProvider dbm AuthDBMType SDBM - AuthDBMUserFile /www/etc/dbmpasswd + AuthDBMUserFile "/www/etc/dbmpasswd" Require valid-user #... </Location> @@ -636,7 +636,7 @@ parser has been added in 2.4.4.</compatibility> <highlight language="config"> <Location /logout> SetHandler form-logout-handler - AuthFormLogoutLocation http://example.com/loggedout.html + AuthFormLogoutLocation "http://example.com/loggedout.html" Session on #... </Location> diff --git a/docs/manual/mod/mod_authn_anon.html.en b/docs/manual/mod/mod_authn_anon.html.en index c9b0d4ca0e..75c2dbd80e 100644 --- a/docs/manual/mod/mod_authn_anon.html.en +++ b/docs/manual/mod/mod_authn_anon.html.en @@ -93,11 +93,11 @@ (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li> </ul> - <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Directory /var/www/html/private> + <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Directory "/var/www/html/private"> AuthName "Use 'anonymous' & Email address for guest entry" AuthType Basic AuthBasicProvider file anon - AuthUserFile /path/to/your/.htpasswd + AuthUserFile "/path/to/your/.htpasswd" Anonymous_NoUserID off Anonymous_MustGiveEmail on diff --git a/docs/manual/mod/mod_authn_anon.xml b/docs/manual/mod/mod_authn_anon.xml index dd2d96dd1c..778a11504e 100644 --- a/docs/manual/mod/mod_authn_anon.xml +++ b/docs/manual/mod/mod_authn_anon.xml @@ -81,11 +81,11 @@ <example><title>Example</title> <highlight language="config"> -<Directory /var/www/html/private> +<Directory "/var/www/html/private"> AuthName "Use 'anonymous' & Email address for guest entry" AuthType Basic AuthBasicProvider file anon - AuthUserFile /path/to/your/.htpasswd + AuthUserFile "/path/to/your/.htpasswd" Anonymous_NoUserID off Anonymous_MustGiveEmail on diff --git a/docs/manual/mod/mod_authn_core.html.en b/docs/manual/mod/mod_authn_core.html.en index 64dddce6b2..b68c3a16cc 100644 --- a/docs/manual/mod/mod_authn_core.html.en +++ b/docs/manual/mod/mod_authn_core.html.en @@ -70,15 +70,15 @@ <div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config"># Check here first <AuthnProviderAlias file file1> - AuthUserFile /www/conf/passwords1 + AuthUserFile "/www/conf/passwords1" </AuthnProviderAlias> # Then check here <AuthnProviderAlias file file2> - AuthUserFile /www/conf/passwords2 + AuthUserFile "/www/conf/passwords2" </AuthnProviderAlias> -<Directory /var/web/pages/secure> +<Directory "/var/web/pages/secure"> AuthBasicProvider file1 file2 AuthType Basic @@ -93,18 +93,18 @@ hosts:</p> <div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config"><AuthnProviderAlias ldap ldap-alias1> - AuthLDAPBindDN cn=youruser,o=ctx + AuthLDAPBindDN "cn=youruser,o=ctx" AuthLDAPBindPassword yourpassword - AuthLDAPURL ldap://ldap.host/o=ctx + AuthLDAPURL "ldap://ldap.host/o=ctx" </AuthnProviderAlias> <AuthnProviderAlias ldap ldap-other-alias> - AuthLDAPBindDN cn=yourotheruser,o=dev + AuthLDAPBindDN "cn=yourotheruser,o=dev" AuthLDAPBindPassword yourotherpassword - AuthLDAPURL ldap://other.ldap.host/o=dev?cn + AuthLDAPURL "ldap://other.ldap.host/o=dev?cn" </AuthnProviderAlias> -Alias /secure /webpages/secure -<Directory /webpages/secure> +Alias "/secure" "/webpages/secure" +<Directory "/webpages/secure"> Order deny,allow Allow from all @@ -220,15 +220,15 @@ the specified alias</td></tr> in the following example, clients may access the <code>/www/docs/public</code> directory without authenticating:</p> - <pre class="prettyprint lang-config"><Directory /www/docs> + <pre class="prettyprint lang-config"><Directory "/www/docs"> AuthType Basic AuthName Documents AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" Require valid-user </Directory> -<Directory /www/docs/public> +<Directory "/www/docs/public"> AuthType None Require all granted </Directory></pre> diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml index d1ea4b218d..3c349d73a6 100644 --- a/docs/manual/mod/mod_authn_core.xml +++ b/docs/manual/mod/mod_authn_core.xml @@ -57,15 +57,15 @@ <highlight language="config"> # Check here first <AuthnProviderAlias file file1> - AuthUserFile /www/conf/passwords1 + AuthUserFile "/www/conf/passwords1" </AuthnProviderAlias> # Then check here <AuthnProviderAlias file file2> - AuthUserFile /www/conf/passwords2 + AuthUserFile "/www/conf/passwords2" </AuthnProviderAlias> -<Directory /var/web/pages/secure> +<Directory "/var/web/pages/secure"> AuthBasicProvider file1 file2 AuthType Basic @@ -83,18 +83,18 @@ <example><title>Checking multiple LDAP servers</title> <highlight language="config"> <AuthnProviderAlias ldap ldap-alias1> - AuthLDAPBindDN cn=youruser,o=ctx + AuthLDAPBindDN "cn=youruser,o=ctx" AuthLDAPBindPassword yourpassword - AuthLDAPURL ldap://ldap.host/o=ctx + AuthLDAPURL "ldap://ldap.host/o=ctx" </AuthnProviderAlias> <AuthnProviderAlias ldap ldap-other-alias> - AuthLDAPBindDN cn=yourotheruser,o=dev + AuthLDAPBindDN "cn=yourotheruser,o=dev" AuthLDAPBindPassword yourotherpassword - AuthLDAPURL ldap://other.ldap.host/o=dev?cn + AuthLDAPURL "ldap://other.ldap.host/o=dev?cn" </AuthnProviderAlias> -Alias /secure /webpages/secure -<Directory /webpages/secure> +Alias "/secure" "/webpages/secure" +<Directory "/webpages/secure"> Order deny,allow Allow from all @@ -194,15 +194,15 @@ authentication</description> <code>/www/docs/public</code> directory without authenticating:</p> <highlight language="config"> -<Directory /www/docs> +<Directory "/www/docs"> AuthType Basic AuthName Documents AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" Require valid-user </Directory> -<Directory /www/docs/public> +<Directory "/www/docs/public"> AuthType None Require all granted </Directory> diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en index 1b40da14b7..cc55e99061 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.en +++ b/docs/manual/mod/mod_authnz_ldap.html.en @@ -482,7 +482,7 @@ AuthLDAPMaxSubGroupDepth 1</pre> <p>The following directive would grant access to anyone with the attribute employeeType = active</p> - <pre class="prettyprint lang-config">Require ldap-attribute employeeType=active</pre> + <pre class="prettyprint lang-config">Require ldap-attribute "employeeType=active"</pre> <p>Multiple attribute/value pairs can be specified on the same line @@ -496,7 +496,7 @@ AuthLDAPMaxSubGroupDepth 1</pre> <p>The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"</p> - <pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" status=active</pre> + <pre class="prettyprint lang-config">Require ldap-attribute city="San Jose" "status=active"</pre> @@ -511,7 +511,7 @@ AuthLDAPMaxSubGroupDepth 1</pre> <p>The following directive would grant access to anyone having a cell phone and is in the marketing department</p> - <pre class="prettyprint lang-config">Require ldap-filter &(cell=*)(department=marketing)</pre> + <pre class="prettyprint lang-config">Require ldap-filter "&(cell=*)(department=marketing)"</pre> <p>The difference between the <code>Require ldap-filter</code> directive and the @@ -526,8 +526,8 @@ AuthLDAPMaxSubGroupDepth 1</pre> must be taken to ensure that LDAP filters are escaped correctly to guard against LDAP injection. The ldap function can be used for this purpose.</p> -<pre class="prettyprint lang-config"><LocationMatch ^/dav/(?<SITENAME>[^/]+)/> - Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example) +<pre class="prettyprint lang-config"><LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> + Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)" </LocationMatch></pre> @@ -543,8 +543,8 @@ AuthLDAPMaxSubGroupDepth 1</pre> <p>The following directive would grant access to URLs that match the given objects in the LDAP server:</p> -<pre class="prettyprint lang-config"><LocationMatch ^/dav/(?<SITENAME>[^/]+)/> -Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website) +<pre class="prettyprint lang-config"><LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> +Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)" </LocationMatch></pre> diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index 7f743b71ac..542094b5f6 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -364,7 +364,9 @@ Require ldap-user "Joe Manager" <p>If the <code>uid</code> attribute was used instead of the <code>cn</code> attribute in the URL above, the above three lines could be condensed to</p> -<highlight language="config">Require ldap-user bjenson fuser jmanager</highlight> +<highlight language="config"> +Require ldap-user bjenson fuser jmanager +</highlight> </section> <section id="reqgroup"><title>Require ldap-group</title> @@ -383,7 +385,9 @@ uniqueMember: cn=Fred User, o=Example <p>The following directive would grant access to both Fred and Barbara:</p> -<highlight language="config">Require ldap-group cn=Administrators, o=Example</highlight> +<highlight language="config"> +Require ldap-group cn=Administrators, o=Example +</highlight> <p>Members can also be found within sub-groups of a specified LDAP group if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive> @@ -448,7 +452,9 @@ AuthLDAPMaxSubGroupDepth 1 <p>The following directive would grant access to a specific DN:</p> -<highlight language="config">Require ldap-dn cn=Barbara Jenson, o=Example</highlight> +<highlight language="config"> +Require ldap-dn cn=Barbara Jenson, o=Example +</highlight> <p>Behavior of this directive is modified by the <directive module="mod_authnz_ldap">AuthLDAPCompareDNOnServer</directive> @@ -465,7 +471,9 @@ AuthLDAPMaxSubGroupDepth 1 <p>The following directive would grant access to anyone with the attribute employeeType = active</p> - <highlight language="config">Require ldap-attribute employeeType=active</highlight> + <highlight language="config"> +Require ldap-attribute "employeeType=active" +</highlight> <p>Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple @@ -478,7 +486,9 @@ AuthLDAPMaxSubGroupDepth 1 <p>The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"</p> - <highlight language="config">Require ldap-attribute city="San Jose" status=active</highlight> + <highlight language="config"> +Require ldap-attribute city="San Jose" "status=active" +</highlight> </section> @@ -492,7 +502,9 @@ AuthLDAPMaxSubGroupDepth 1 <p>The following directive would grant access to anyone having a cell phone and is in the marketing department</p> - <highlight language="config">Require ldap-filter &(cell=*)(department=marketing)</highlight> + <highlight language="config"> +Require ldap-filter "&(cell=*)(department=marketing)" +</highlight> <p>The difference between the <code>Require ldap-filter</code> directive and the <code>Require ldap-attribute</code> directive is that <code>ldap-filter</code> @@ -507,8 +519,8 @@ AuthLDAPMaxSubGroupDepth 1 LDAP injection. The ldap function can be used for this purpose.</p> <highlight language="config"> -<LocationMatch ^/dav/(?<SITENAME>[^/]+)/> - Require ldap-filter (memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example) +<LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> + Require ldap-filter "(memberOf=cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}},ou=Websites,o=Example)" </LocationMatch> </highlight> @@ -525,8 +537,8 @@ AuthLDAPMaxSubGroupDepth 1 LDAP server:</p> <highlight language="config"> -<LocationMatch ^/dav/(?<SITENAME>[^/]+)/> -Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website) +<LocationMatch "^/dav/(?<SITENAME>[^/]+)/"> +Require ldap-search "(cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)" </LocationMatch> </highlight> diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en index 5075def0e9..3f0c16c5ce 100644 --- a/docs/manual/mod/mod_authz_core.html.en +++ b/docs/manual/mod/mod_authz_core.html.en @@ -83,13 +83,13 @@ not belong to either the <code>temps</code> group or the LDAP group <code>Temporary Employees</code>.</p> - <pre class="prettyprint lang-config"><Directory /www/mydocs> + <pre class="prettyprint lang-config"><Directory "/www/mydocs"> <RequireAll> <RequireAny> Require user superadmin <RequireAll> Require group admins - Require ldap-group cn=Administrators,o=Airius + Require ldap-group "cn=Administrators,o=Airius" <RequireAny> Require group sales Require ldap-attribute dept="sales" @@ -98,7 +98,7 @@ </RequireAny> <RequireNone> Require group temps - Require ldap-group cn=Temporary Employees,o=Airius + Require ldap-group "cn=Temporary Employees,o=Airius" </RequireNone> </RequireAll> </Directory></pre> @@ -125,8 +125,8 @@ <code>User-Agent</code> (browser type), <code>Referer</code>, or other HTTP request header fields.</p> - <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in -<Directory /docroot> + <pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in +<Directory "/docroot"> Require env let_me_in </Directory></pre> @@ -235,20 +235,20 @@ multiple ldap hosts: </p> - <pre class="prettyprint lang-config"><AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx> - AuthLDAPBindDN cn=youruser,o=ctx + <pre class="prettyprint lang-config"><AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"> + AuthLDAPBindDN "cn=youruser,o=ctx" AuthLDAPBindPassword yourpassword - AuthLDAPURL ldap://ldap.host/o=ctx + AuthLDAPURL "ldap://ldap.host/o=ctx" </AuthzProviderAlias> -<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev> - AuthLDAPBindDN cn=yourotheruser,o=dev +<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"> + AuthLDAPBindDN "cn=yourotheruser,o=dev" AuthLDAPBindPassword yourotherpassword - AuthLDAPURL ldap://other.ldap.host/o=dev?cn + AuthLDAPURL "ldap://other.ldap.host/o=dev?cn" </AuthzProviderAlias> -Alias /secure /webpages/secure -<Directory /webpages/secure> +Alias "/secure" "/webpages/secure" +<Directory "/webpages/secure"> Require all granted AuthBasicProvider file @@ -312,20 +312,20 @@ sections.</td></tr> preceding sections. Thus only users belong to the group <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div> - <pre class="prettyprint lang-config"><Directory /www/docs> + <pre class="prettyprint lang-config"><Directory "/www/docs"> AuthType Basic AuthName Documents AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" Require group alpha </Directory> -<Directory /www/docs/ab> +<Directory "/www/docs/ab"> AuthMerging Or Require group beta </Directory> -<Directory /www/docs/ab/gamma> +<Directory "/www/docs/ab/gamma"> Require group gamma </Directory></pre> @@ -454,8 +454,8 @@ an authorization provider.</td></tr> <pre class="prettyprint lang-config">AuthType Basic AuthName "Restricted Resource" AuthBasicProvider file -AuthUserFile /web/users -AuthGroupFile /web/groups +AuthUserFile "/web/users" +AuthGroupFile "/web/groups" Require group admin</pre> @@ -479,7 +479,7 @@ Require group admin</pre> and <code>beta</code> groups are authorized, except for those who are also in the <code>reject</code> group.</p> - <pre class="prettyprint lang-config"><Directory /www/docs> + <pre class="prettyprint lang-config"><Directory "/www/docs"> <RequireAll> Require group alpha beta Require not group reject diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 670604e853..26c3ce2df6 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -63,13 +63,13 @@ LDAP group <code>Temporary Employees</code>.</p> <highlight language="config"> -<Directory /www/mydocs> +<Directory "/www/mydocs"> <RequireAll> <RequireAny> Require user superadmin <RequireAll> Require group admins - Require ldap-group cn=Administrators,o=Airius + Require ldap-group "cn=Administrators,o=Airius" <RequireAny> Require group sales Require ldap-attribute dept="sales" @@ -78,7 +78,7 @@ </RequireAny> <RequireNone> Require group temps - Require ldap-group cn=Temporary Employees,o=Airius + Require ldap-group "cn=Temporary Employees,o=Airius" </RequireNone> </RequireAll> </Directory> @@ -107,8 +107,8 @@ other HTTP request header fields.</p> <highlight language="config"> -SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in -<Directory /docroot> +SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in +<Directory "/docroot"> Require env let_me_in </Directory> </highlight> @@ -227,20 +227,20 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in </p> <highlight language="config"> -<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx> - AuthLDAPBindDN cn=youruser,o=ctx +<AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"> + AuthLDAPBindDN "cn=youruser,o=ctx" AuthLDAPBindPassword yourpassword - AuthLDAPURL ldap://ldap.host/o=ctx + AuthLDAPURL "ldap://ldap.host/o=ctx" </AuthzProviderAlias> -<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev> - AuthLDAPBindDN cn=yourotheruser,o=dev +<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"> + AuthLDAPBindDN "cn=yourotheruser,o=dev" AuthLDAPBindPassword yourotherpassword - AuthLDAPURL ldap://other.ldap.host/o=dev?cn + AuthLDAPURL "ldap://other.ldap.host/o=dev?cn" </AuthzProviderAlias> -Alias /secure /webpages/secure -<Directory /webpages/secure> +Alias "/secure" "/webpages/secure" +<Directory "/webpages/secure"> Require all granted AuthBasicProvider file @@ -337,8 +337,8 @@ an authorization provider.</description> AuthType Basic AuthName "Restricted Resource" AuthBasicProvider file -AuthUserFile /web/users -AuthGroupFile /web/groups +AuthUserFile "/web/users" +AuthGroupFile "/web/groups" Require group admin </highlight> @@ -363,7 +363,7 @@ Require group admin are also in the <code>reject</code> group.</p> <highlight language="config"> -<Directory /www/docs> +<Directory "/www/docs"> <RequireAll> Require group alpha beta Require not group reject @@ -561,20 +561,20 @@ sections.</description> <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</note> <highlight language="config"> -<Directory /www/docs> +<Directory "/www/docs"> AuthType Basic AuthName Documents AuthBasicProvider file - AuthUserFile /usr/local/apache/passwd/passwords + AuthUserFile "/usr/local/apache/passwd/passwords" Require group alpha </Directory> -<Directory /www/docs/ab> +<Directory "/www/docs/ab"> AuthMerging Or Require group beta </Directory> -<Directory /www/docs/ab/gamma> +<Directory "/www/docs/ab/gamma"> Require group gamma </Directory> </highlight> diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en index 71742f6e13..a24da7b959 100644 --- a/docs/manual/mod/mod_authz_dbm.html.en +++ b/docs/manual/mod/mod_authz_dbm.html.en @@ -88,16 +88,16 @@ <div class="section"> <h2><a name="examples" id="examples">Example usage</a></h2> -<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code> +<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code> instead of <code>group</code>:</em> </p> <pre class="prettyprint lang-config"><Directory "/foo/bar"> - AuthType Basic + AuthType Basic AuthName "Secure Area" - AuthBasicProvider dbm - AuthDBMUserFile site/data/users - AuthDBMGroupFile site/data/users - Require dbm-group admin + AuthBasicProvider dbm + AuthDBMUserFile "site/data/users" + AuthDBMGroupFile "site/data/users" + Require dbm-group admin </Directory></pre> </div> @@ -139,8 +139,8 @@ of user groups for authorization</td></tr> accomplished by first setting the group and password files to point to the same DBM:</p> - <pre class="prettyprint lang-config">AuthDBMGroupFile /www/userbase -AuthDBMUserFile /www/userbase</pre> + <pre class="prettyprint lang-config">AuthDBMGroupFile "/www/userbase" +AuthDBMUserFile "/www/userbase"</pre> <p>The key for the single DBM is the username. The value consists diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml index dadeac0a99..1724a6c1f2 100644 --- a/docs/manual/mod/mod_authz_dbm.xml +++ b/docs/manual/mod/mod_authz_dbm.xml @@ -73,17 +73,17 @@ <section id="examples"> <title>Example usage</title> -<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code> +<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code> instead of <code>group</code>:</em> </p> <highlight language="config"> <Directory "/foo/bar"> - AuthType Basic + AuthType Basic AuthName "Secure Area" - AuthBasicProvider dbm - AuthDBMUserFile site/data/users - AuthDBMGroupFile site/data/users - Require dbm-group admin + AuthBasicProvider dbm + AuthDBMUserFile "site/data/users" + AuthDBMGroupFile "site/data/users" + Require dbm-group admin </Directory> </highlight> </section> @@ -126,8 +126,8 @@ of user groups for authorization</description> point to the same DBM:</p> <highlight language="config"> -AuthDBMGroupFile /www/userbase -AuthDBMUserFile /www/userbase +AuthDBMGroupFile "/www/userbase" +AuthDBMUserFile "/www/userbase" </highlight> <p>The key for the single DBM is the username. The value consists diff --git a/docs/manual/mod/mod_authz_owner.html.en b/docs/manual/mod/mod_authz_owner.html.en index f39eda7bef..94fbb8fe64 100644 --- a/docs/manual/mod/mod_authz_owner.html.en +++ b/docs/manual/mod/mod_authz_owner.html.en @@ -96,11 +96,11 @@ files in <code>/home/smith/public_html/private</code> unless they were owned by <code>jones</code> instead of <code>smith</code>.</p> - <pre class="prettyprint lang-config"><Directory /home/*/public_html/private> + <pre class="prettyprint lang-config"><Directory "/home/*/public_html/private"> AuthType Basic - AuthName MyPrivateFiles + AuthName "MyPrivateFiles" AuthBasicProvider dbm - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all + AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all" Require file-owner </Directory></pre> @@ -118,15 +118,15 @@ authorized to access the <code>project-foo</code> directories of each other.</p> - <pre class="prettyprint lang-config"><Directory /home/*/public_html/project-foo> + <pre class="prettyprint lang-config"><Directory "/home/*/public_html/project-foo"> AuthType Basic AuthName "Project Foo Files" AuthBasicProvider dbm - + # combined user/group database - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all - AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all - + AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all" + AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all" + Satisfy All Require file-group </Directory></pre> diff --git a/docs/manual/mod/mod_authz_owner.xml b/docs/manual/mod/mod_authz_owner.xml index 971c2cfb23..61c03b8604 100644 --- a/docs/manual/mod/mod_authz_owner.xml +++ b/docs/manual/mod/mod_authz_owner.xml @@ -85,11 +85,11 @@ were owned by <code>jones</code> instead of <code>smith</code>.</p> <highlight language="config"> -<Directory /home/*/public_html/private> +<Directory "/home/*/public_html/private"> AuthType Basic - AuthName MyPrivateFiles + AuthName "MyPrivateFiles" AuthBasicProvider dbm - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all + AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all" Require file-owner </Directory> </highlight> @@ -109,15 +109,15 @@ each other.</p> <highlight language="config"> -<Directory /home/*/public_html/project-foo> +<Directory "/home/*/public_html/project-foo"> AuthType Basic AuthName "Project Foo Files" AuthBasicProvider dbm - + # combined user/group database - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all - AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all - + AuthDBMUserFile "/usr/local/apache2/etc/.htdbm-all" + AuthDBMGroupFile "/usr/local/apache2/etc/.htdbm-all" + Satisfy All Require file-group </Directory> diff --git a/docs/manual/mod/mod_dav.html.en b/docs/manual/mod/mod_dav.html.en index 4aaa6b142a..8a89b2c511 100644 --- a/docs/manual/mod/mod_dav.html.en +++ b/docs/manual/mod/mod_dav.html.en @@ -78,7 +78,7 @@ file using the <code class="directive"><a href="../mod/mod_dav_fs.html#davlockdb">DavLockDB</a></code> directive:</p> - <pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock</pre> + <pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock"</pre> <p>The directory containing the lock database file must be @@ -93,15 +93,15 @@ directive. The "normal" <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> directive has no effect on DAV requests.</p> - <div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB /usr/local/apache2/var/DavLock + <div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">DavLockDB "/usr/local/apache2/var/DavLock" -<Directory /usr/local/apache2/htdocs/foo> +<Directory "/usr/local/apache2/htdocs/foo"> Require all granted Dav On AuthType Basic - AuthName DAV - AuthUserFile user.passwd + AuthName "DAV" + AuthUserFile "user.passwd" <LimitExcept GET POST OPTIONS> Require user admin @@ -159,9 +159,9 @@ will run the script, and one of which will allow it to be downloaded and manipulated with DAV.</p> -<pre class="prettyprint lang-config">Alias /phparea /home/gstein/php_files -Alias /php-source /home/gstein/php_files -<Location /php-source> +<pre class="prettyprint lang-config">Alias "/phparea" "/home/gstein/php_files" +Alias "/php-source" "/home/gstein/php_files" +<Location "/php-source"> Dav On ForceType text/plain </Location></pre> @@ -185,7 +185,7 @@ Alias /php-source /home/gstein/php_files <p>Use the <code class="directive">Dav</code> directive to enable the WebDAV HTTP methods for the given container:</p> - <pre class="prettyprint lang-config"><Location /foo> + <pre class="prettyprint lang-config"><Location "/foo"> Dav On </Location></pre> @@ -240,7 +240,7 @@ a DAV resource</td></tr> (like 600 seconds) to reduce the chance of the client losing the lock due to network latency.</p> - <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location /MSWord> + <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location "/MSWord"> DavMinTimeout 600 </Location></pre> </div> diff --git a/docs/manual/mod/mod_dav.xml b/docs/manual/mod/mod_dav.xml index 2d202c0eb3..4e015bd52d 100644 --- a/docs/manual/mod/mod_dav.xml +++ b/docs/manual/mod/mod_dav.xml @@ -45,7 +45,9 @@ <p>To enable <module>mod_dav</module>, add the following to a container in your <code>httpd.conf</code> file:</p> - <highlight language="config">Dav On</highlight> + <highlight language="config"> +Dav On + </highlight> <p>This enables the DAV file system provider, which is implemented by the <module>mod_dav_fs</module> module. Therefore, that module @@ -58,12 +60,12 @@ directive:</p> <highlight language="config"> - DavLockDB /usr/local/apache2/var/DavLock + DavLockDB "/usr/local/apache2/var/DavLock" </highlight> <p>The directory containing the lock database file must be writable by the <directive module="mod_unixd">User</directive> - and <directive module="mod_unixd" >Group</directive> under which + and <directive module="mod_unixd">Group</directive> under which Apache is running.</p> <p>You may wish to add a <directive module="core" type="section" @@ -78,15 +80,15 @@ <example><title>Full Example</title> <highlight language="config"> -DavLockDB /usr/local/apache2/var/DavLock +DavLockDB "/usr/local/apache2/var/DavLock" -<Directory /usr/local/apache2/htdocs/foo> +<Directory "/usr/local/apache2/htdocs/foo"> Require all granted Dav On AuthType Basic - AuthName DAV - AuthUserFile user.passwd + AuthName "DAV" + AuthUserFile "user.passwd" <LimitExcept GET POST OPTIONS> Require user admin @@ -149,9 +151,9 @@ DavLockDB /usr/local/apache2/var/DavLock downloaded and manipulated with DAV.</p> <highlight language="config"> -Alias /phparea /home/gstein/php_files -Alias /php-source /home/gstein/php_files -<Location /php-source> +Alias "/phparea" "/home/gstein/php_files" +Alias "/php-source" "/home/gstein/php_files" +<Location "/php-source"> Dav On ForceType text/plain </Location> @@ -175,7 +177,7 @@ Alias /php-source /home/gstein/php_files WebDAV HTTP methods for the given container:</p> <highlight language="config"> -<Location /foo> +<Location "/foo"> Dav On </Location> </highlight> @@ -218,7 +220,7 @@ a DAV resource</description> <example><title>Example</title> <highlight language="config"> -<Location /MSWord> +<Location "/MSWord"> DavMinTimeout 600 </Location> </highlight> diff --git a/docs/manual/mod/mod_session.html.en b/docs/manual/mod/mod_session.html.en index c0ff549bca..3dc426c725 100644 --- a/docs/manual/mod/mod_session.html.en +++ b/docs/manual/mod/mod_session.html.en @@ -273,9 +273,9 @@ SessionCookieName session path=/private;domain=example.com;httponly;secure;</pre SessionCryptoPassphrase secret SessionCookieName session path=/ AuthFormProvider file -AuthUserFile conf/passwd +AuthUserFile "conf/passwd" AuthType form -AuthName realm +AuthName "realm" #...</pre> </div> diff --git a/docs/manual/mod/mod_session.xml b/docs/manual/mod/mod_session.xml index 963c0f0ccb..b6142517aa 100644 --- a/docs/manual/mod/mod_session.xml +++ b/docs/manual/mod/mod_session.xml @@ -261,9 +261,9 @@ Session On SessionCryptoPassphrase secret SessionCookieName session path=/ AuthFormProvider file -AuthUserFile conf/passwd +AuthUserFile "conf/passwd" AuthType form -AuthName realm +AuthName "realm" #... </highlight> </example> diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en index 9aee172e69..c9295283c3 100644 --- a/docs/manual/ssl/ssl_howto.html.en +++ b/docs/manual/ssl/ssl_howto.html.en @@ -49,8 +49,8 @@ following directives.</p> <VirtualHost *:443> ServerName www.example.com SSLEngine on - SSLCertificateFile /path/to/www.example.com.cert - SSLCertificateKeyFile /path/to/www.example.com.key + SSLCertificateFile "/path/to/www.example.com.cert" + SSLCertificateKeyFile "/path/to/www.example.com.key" </VirtualHost></pre> @@ -93,7 +93,7 @@ URL?</a></h3> <pre class="prettyprint lang-config"># be liberal in general SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL -<Location /strong/area> +<Location "/strong/area"> # but https://hostname/strong/area/ and below # requires strong ciphers SSLCipherSuite HIGH:!aNULL:!MD5 @@ -118,7 +118,7 @@ the server.</p> <p>Because the client can obtain the certificate revocation status from the server, without requiring an extra connection from the client to the Certificate Authority, OCSP Stapling is the preferred way for the -revocation status to be obtained. Other benefits of eliminating the +revocation status to be obtained. Other benefits of eliminating the communication between clients and the Certificate Authority are that the client browsing history is not exposed to the Certificate Authority and obtaining status is more reliable by not depending on potentially heavily @@ -138,7 +138,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)"</pre> <p>These directives are placed at global scope (i.e., not within a virtual host definition) wherever other global SSL configuration directives are -placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal +placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal open source builds of httpd, <code>/etc/apache2/mods-enabled/ssl.conf</code> for the Ubuntu or Debian-bundled httpd, etc.</p> @@ -146,7 +146,7 @@ for the Ubuntu or Debian-bundled httpd, etc.</p> <code class="module"><a href="../mod/mod_socache_shmcb.html">mod_socache_shmcb</a></code> (from the <code>shmcb</code> prefix on the directive's argument). This module is usually enabled already for <code class="directive">SSLSessionCache</code> or on behalf of some module other than -<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. If you enabled an SSL session cache using a +<code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. If you enabled an SSL session cache using a mechanism other than <code class="module"><a href="../mod/mod_socache_shmcb.html">mod_socache_shmcb</a></code>, use that alternative mechanism for <code class="directive">SSLStaplingCache</code> as well. For example:</p> @@ -159,7 +159,7 @@ is sent by your server:</p> <pre>$ openssl s_client -connect www.example.com:443 -status -servername www.example.com ... -OCSP response: +OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) @@ -169,15 +169,15 @@ OCSP Response Data: ...</pre> <p>The following sections highlight the most common situations which require -further modification to the configuration. Refer also to the +further modification to the configuration. Refer also to the <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> reference manual.</p> <h3>If more than a few SSL certificates are used for the server</h3> <p>OCSP responses are stored in the SSL stapling cache. While the responses -are typically a few hundred to a few thousand bytes in size, mod_ssl -supports OCSP responses up to around 10K bytes in size. With more than a -few certificates, the stapling cache size (32768 bytes in the example above) +are typically a few hundred to a few thousand bytes in size, mod_ssl +supports OCSP responses up to around 10K bytes in size. With more than a +few certificates, the stapling cache size (32768 bytes in the example above) may need to be increased. Error message AH01929 will be logged in case of an error storing a response.</p> @@ -185,7 +185,7 @@ an error storing a response.</p> <h3>If the certificate does not point to an OCSP responder, or if a different address must be used</h3> -<p>Refer to the +<p>Refer to the <code class="directive"><a href="../mod/mod_ssl.html#sslstaplingforceurl">SSLStaplingForceURL</a></code> directive.</p> <p>You can confirm that a server certificate points to an OCSP responder @@ -227,7 +227,7 @@ directives.</p> <pre>AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!</pre> <p>In order to support OCSP Stapling when a particular server certificate is -used, the certificate chain for that certificate must be configured. If it +used, the certificate chain for that certificate must be configured. If it was not configured as part of enabling SSL, the AH02217 error will be issued when stapling is enabled, and an OCSP response will not be provided for clients using the certificate.</p> @@ -264,7 +264,7 @@ Intranet website, for clients coming from the Internet?</a></li> # signed by our CA certificate in ca.crt SSLVerifyClient require SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/ca.crt</pre> +SSLCACertificateFile "conf/ssl.crt/ca.crt"</pre> @@ -277,9 +277,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt</pre> <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>:</p> <pre class="prettyprint lang-config">SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" -<Location /secure/area> +<Location "/secure/area"> SSLVerifyClient require SSLVerifyDepth 1 </Location></pre> @@ -303,10 +303,10 @@ SSLVerifyDepth 1 clients allowed, as follows:</p> <pre class="prettyprint lang-config">SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt -SSLCACertificatePath conf/ssl.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" +SSLCACertificatePath "conf/ssl.crt" -<Directory /usr/local/apache2/htdocs/secure/area> +<Directory "/usr/local/apache2/htdocs/secure/area"> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth @@ -314,7 +314,7 @@ SSLCACertificatePath conf/ssl.crt AuthName "Snake Oil Authentication" AuthType Basic AuthBasicProvider file - AuthUserFile /usr/local/apache2/conf/httpd.passwd + AuthUserFile "/usr/local/apache2/conf/httpd.passwd" Require valid-user </Directory></pre> @@ -332,10 +332,10 @@ SSLCACertificatePath conf/ssl.crt <pre class="prettyprint lang-config">SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt -SSLCACertificatePath conf/ssl.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" +SSLCACertificatePath "conf/ssl.crt" -<Directory /usr/local/apache2/htdocs/secure/area> +<Directory "/usr/local/apache2/htdocs/secure/area"> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth @@ -358,42 +358,42 @@ plain HTTP access for clients on the Intranet.</a></h3> This configuration should remain outside of your HTTPS virtual host, so that it applies to both HTTPS and HTTP.</p> - <pre class="prettyprint lang-config">SSLCACertificateFile conf/ssl.crt/company-ca.crt + <pre class="prettyprint lang-config">SSLCACertificateFile "conf/ssl.crt/company-ca.crt" -<Directory /usr/local/apache2/htdocs> +<Directory "/usr/local/apache2/htdocs"> # Outside the subarea only Intranet access is granted Require ip 192.168.1.0/24 </Directory> -<Directory /usr/local/apache2/htdocs/subarea> +<Directory "/usr/local/apache2/htdocs/subarea"> # Inside the subarea any Intranet access is allowed # but from the Internet only HTTPS + Strong-Cipher + Password # or the alternative HTTPS + Strong-Cipher + Client-Certificate - + # If HTTPS is used, make sure a strong cipher is used. # Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - + # Force clients from the Internet to use HTTPS RewriteEngine on - RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteRule . - [F] - + RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$" + RewriteCond "%{HTTPS}" "!=on" + RewriteRule "." "-" [F] + # Allow Network Access and/or Basic Auth Satisfy any - + # Network Access Control Require ip 192.168.1.0/24 - + # HTTP Basic Authentication AuthType basic AuthName "Protected Intranet Area" AuthBasicProvider file - AuthUserFile conf/protected.passwd + AuthUserFile "conf/protected.passwd" Require valid-user </Directory></pre> diff --git a/docs/manual/ssl/ssl_howto.xml b/docs/manual/ssl/ssl_howto.xml index dd349562e8..7763c757d2 100644 --- a/docs/manual/ssl/ssl_howto.xml +++ b/docs/manual/ssl/ssl_howto.xml @@ -44,8 +44,8 @@ Listen 443 <VirtualHost *:443> ServerName www.example.com SSLEngine on - SSLCertificateFile /path/to/www.example.com.cert - SSLCertificateKeyFile /path/to/www.example.com.key + SSLCertificateFile "/path/to/www.example.com.cert" + SSLCertificateKeyFile "/path/to/www.example.com.key" </VirtualHost> </highlight> @@ -92,7 +92,7 @@ URL?</title> # be liberal in general SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL -<Location /strong/area> +<Location "/strong/area"> # but https://hostname/strong/area/ and below # requires strong ciphers SSLCipherSuite HIGH:!aNULL:!MD5 @@ -118,7 +118,7 @@ the server.</p> <p>Because the client can obtain the certificate revocation status from the server, without requiring an extra connection from the client to the Certificate Authority, OCSP Stapling is the preferred way for the -revocation status to be obtained. Other benefits of eliminating the +revocation status to be obtained. Other benefits of eliminating the communication between clients and the Certificate Authority are that the client browsing history is not exposed to the Certificate Authority and obtaining status is more reliable by not depending on potentially heavily @@ -139,7 +139,7 @@ SSLStaplingCache "shmcb:ssl_stapling(32768)" <p>These directives are placed at global scope (i.e., not within a virtual host definition) wherever other global SSL configuration directives are -placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal +placed, such as in <code>conf/extra/httpd-ssl.conf</code> for normal open source builds of httpd, <code>/etc/apache2/mods-enabled/ssl.conf</code> for the Ubuntu or Debian-bundled httpd, etc.</p> @@ -147,7 +147,7 @@ for the Ubuntu or Debian-bundled httpd, etc.</p> <module>mod_socache_shmcb</module> (from the <code>shmcb</code> prefix on the directive's argument). This module is usually enabled already for <directive>SSLSessionCache</directive> or on behalf of some module other than -<module>mod_ssl</module>. If you enabled an SSL session cache using a +<module>mod_ssl</module>. If you enabled an SSL session cache using a mechanism other than <module>mod_socache_shmcb</module>, use that alternative mechanism for <directive>SSLStaplingCache</directive> as well. For example:</p> @@ -162,7 +162,7 @@ is sent by your server:</p> <pre> $ openssl s_client -connect www.example.com:443 -status -servername www.example.com ... -OCSP response: +OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) @@ -173,15 +173,15 @@ OCSP Response Data: </pre> <p>The following sections highlight the most common situations which require -further modification to the configuration. Refer also to the +further modification to the configuration. Refer also to the <module>mod_ssl</module> reference manual.</p> <section> <title>If more than a few SSL certificates are used for the server</title> <p>OCSP responses are stored in the SSL stapling cache. While the responses -are typically a few hundred to a few thousand bytes in size, mod_ssl -supports OCSP responses up to around 10K bytes in size. With more than a -few certificates, the stapling cache size (32768 bytes in the example above) +are typically a few hundred to a few thousand bytes in size, mod_ssl +supports OCSP responses up to around 10K bytes in size. With more than a +few certificates, the stapling cache size (32768 bytes in the example above) may need to be increased. Error message AH01929 will be logged in case of an error storing a response.</p> </section> @@ -189,7 +189,7 @@ an error storing a response.</p> <section> <title>If the certificate does not point to an OCSP responder, or if a different address must be used</title> -<p>Refer to the +<p>Refer to the <directive module="mod_ssl">SSLStaplingForceURL</directive> directive.</p> <p>You can confirm that a server certificate points to an OCSP responder @@ -235,7 +235,7 @@ directives.</p> AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate! </pre> <p>In order to support OCSP Stapling when a particular server certificate is -used, the certificate chain for that certificate must be configured. If it +used, the certificate chain for that certificate must be configured. If it was not configured as part of enabling SSL, the AH02217 error will be issued when stapling is enabled, and an OCSP response will not be provided for clients using the certificate.</p> @@ -274,7 +274,7 @@ Intranet website, for clients coming from the Internet?</a></li> # signed by our CA certificate in ca.crt SSLVerifyClient require SSLVerifyDepth 1 -SSLCACertificateFile conf/ssl.crt/ca.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" </highlight> </section> @@ -288,9 +288,9 @@ SSLCACertificateFile conf/ssl.crt/ca.crt <highlight language="config"> SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" -<Location /secure/area> +<Location "/secure/area"> SSLVerifyClient require SSLVerifyDepth 1 </Location> @@ -315,10 +315,10 @@ SSLVerifyDepth 1 <highlight language="config"> SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt -SSLCACertificatePath conf/ssl.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" +SSLCACertificatePath "conf/ssl.crt" -<Directory /usr/local/apache2/htdocs/secure/area> +<Directory "/usr/local/apache2/htdocs/secure/area"> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth @@ -326,7 +326,7 @@ SSLCACertificatePath conf/ssl.crt AuthName "Snake Oil Authentication" AuthType Basic AuthBasicProvider file - AuthUserFile /usr/local/apache2/conf/httpd.passwd + AuthUserFile "/usr/local/apache2/conf/httpd.passwd" Require valid-user </Directory> </highlight> @@ -348,10 +348,10 @@ SSLCACertificatePath conf/ssl.crt <highlight language="config"> SSLVerifyClient none -SSLCACertificateFile conf/ssl.crt/ca.crt -SSLCACertificatePath conf/ssl.crt +SSLCACertificateFile "conf/ssl.crt/ca.crt" +SSLCACertificatePath "conf/ssl.crt" -<Directory /usr/local/apache2/htdocs/secure/area> +<Directory "/usr/local/apache2/htdocs/secure/area"> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth @@ -375,42 +375,42 @@ plain HTTP access for clients on the Intranet.</title> that it applies to both HTTPS and HTTP.</p> <highlight language="config"> -SSLCACertificateFile conf/ssl.crt/company-ca.crt +SSLCACertificateFile "conf/ssl.crt/company-ca.crt" -<Directory /usr/local/apache2/htdocs> +<Directory "/usr/local/apache2/htdocs"> # Outside the subarea only Intranet access is granted Require ip 192.168.1.0/24 </Directory> -<Directory /usr/local/apache2/htdocs/subarea> +<Directory "/usr/local/apache2/htdocs/subarea"> # Inside the subarea any Intranet access is allowed # but from the Internet only HTTPS + Strong-Cipher + Password # or the alternative HTTPS + Strong-Cipher + Client-Certificate - + # If HTTPS is used, make sure a strong cipher is used. # Additionally allow client certs as alternative to basic auth. SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +FakeBasicAuth +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - + # Force clients from the Internet to use HTTPS RewriteEngine on - RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ - RewriteCond %{HTTPS} !=on - RewriteRule . - [F] - + RewriteCond "%{REMOTE_ADDR}" "!^192\.168\.1\.[0-9]+$" + RewriteCond "%{HTTPS}" "!=on" + RewriteRule "." "-" [F] + # Allow Network Access and/or Basic Auth Satisfy any - + # Network Access Control Require ip 192.168.1.0/24 - + # HTTP Basic Authentication AuthType basic AuthName "Protected Intranet Area" AuthBasicProvider file - AuthUserFile conf/protected.passwd + AuthUserFile "conf/protected.passwd" Require valid-user </Directory> </highlight> @@ -430,4 +430,3 @@ SSLCACertificateFile conf/ssl.crt/company-ca.crt </section> </manualpage> - |