diff options
Diffstat (limited to 'docs/manual/mod')
80 files changed, 681 insertions, 681 deletions
diff --git a/docs/manual/mod/event.xml b/docs/manual/mod/event.xml index e4f191c1a2..fc6154bd28 100644 --- a/docs/manual/mod/event.xml +++ b/docs/manual/mod/event.xml @@ -88,7 +88,7 @@ of consuming threads only for connections with active processing</description> moot.</p> <ul> - + <li>To use this MPM on FreeBSD, FreeBSD 5.3 or higher is recommended. However, it is possible to run this MPM on FreeBSD 5.2.1, if you use <code>libkse</code> (see <code>man libmap.conf</code>).</li> diff --git a/docs/manual/mod/mod_access_compat.xml b/docs/manual/mod/mod_access_compat.xml index 58fefc99b7..a4b747a01f 100644 --- a/docs/manual/mod/mod_access_compat.xml +++ b/docs/manual/mod/mod_access_compat.xml @@ -22,15 +22,15 @@ <modulesynopsis metafile="mod_access_compat.xml.meta"> -<name>mod_access_compat</name> +<name>mod_access_compat</name> <description>Group authorizations based on host (name or IP address)</description> <status>Extension</status> <sourcefile>mod_access_compat.c</sourcefile> <identifier>access_compat_module</identifier> -<compatibility>Available in Apache HTTP Server 2.3 as a compatibility module with +<compatibility>Available in Apache HTTP Server 2.3 as a compatibility module with previous versions of Apache httpd 2.x. The directives provided by this module -have been deprecated by the new authz refactoring. Please see +have been deprecated by the new authz refactoring. Please see <module>mod_authz_host</module></compatibility> <summary> @@ -59,7 +59,7 @@ have been deprecated by the new authz refactoring. Please see <note type="warning"><title>Note</title> <p>The directives provided by <module>mod_access_compat</module> have - been deprecated by the new authz refactoring. Please see + been deprecated by the new authz refactoring. Please see <module>mod_authz_host</module>.</p> </note> @@ -178,8 +178,8 @@ server</description> href="../env.html">environment variable</a>. When <code>Allow from env=<var>env-variable</var></code> is specified, then the request is allowed access if the environment variable <var>env-variable</var> - exists. When <code>Allow from env=!<var>env-variable</var></code> is - specified, then the request is allowed access if the environment + exists. When <code>Allow from env=!<var>env-variable</var></code> is + specified, then the request is allowed access if the environment variable <var>env-variable</var> doesn't exist. The server provides the ability to set environment variables in a flexible way based on characteristics of the client @@ -440,7 +440,7 @@ later</compatibility> <example> <Directory /var/www/private><br /> - Require valid-user<br /> + Require valid-user<br /> </Directory><br /> <br /> <Directory /var/www/private/public><br /> diff --git a/docs/manual/mod/mod_actions.xml b/docs/manual/mod/mod_actions.xml index a5fa94ae57..110ded6554 100644 --- a/docs/manual/mod/mod_actions.xml +++ b/docs/manual/mod/mod_actions.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_actions.xml.meta"> -<name>mod_actions</name> +<name>mod_actions</name> <description>This module provides for executing CGI scripts based on media type or request method.</description> @@ -90,7 +90,7 @@ introduced in Apache 2.1</compatibility> </example> <p>In this example, requests for files with a file extension of - <code>.xyz</code> are handled by the specified cgi script + <code>.xyz</code> are handled by the specified cgi script <code>/cgi-bin/program.cgi</code>.</p> <p>The optional <code>virtual</code> modifier turns off the check @@ -127,7 +127,7 @@ method.</description> module="mod_alias">ScriptAlias</directive> or <directive module="mod_mime">AddHandler</directive>. The URL and file path of the requested document is sent using the standard CGI - <code>PATH_INFO</code> and <code>PATH_TRANSLATED</code> environment + <code>PATH_INFO</code> and <code>PATH_TRANSLATED</code> environment variables.</p> <note> @@ -137,10 +137,10 @@ method.</description> effects. </note> - <p>Note that the <directive>Script</directive> command defines default + <p>Note that the <directive>Script</directive> command defines default actions only. If a CGI script is called, or some other resource that is capable of handling the requested method internally, it will do - so. Also note that <directive>Script</directive> with a method of + so. Also note that <directive>Script</directive> with a method of <code>GET</code> will only be called if there are query arguments present (<em>e.g.</em>, foo.html?hi). Otherwise, the request will proceed normally.</p> diff --git a/docs/manual/mod/mod_alias.xml b/docs/manual/mod/mod_alias.xml index ed807959ee..fa45b751a6 100644 --- a/docs/manual/mod/mod_alias.xml +++ b/docs/manual/mod/mod_alias.xml @@ -202,7 +202,7 @@ expressions</description> regular expression to match the entire request URI from beginning to end, and to use substitution on the right side.</p> - <p>In other words, just changing + <p>In other words, just changing <directive module="mod_alias">Alias</directive> to <directive module="mod_alias">AliasMatch</directive> will not have the same effect. At a minimum, you need to @@ -260,8 +260,8 @@ a different URL</description> <p>The old <em>URL-path</em> is a case-sensitive (%-decoded) path beginning with a slash. A relative path is not allowed.</p> - - <p>The new <em>URL</em> may be either an absolute URL beginning + + <p>The new <em>URL</em> may be either an absolute URL beginning with a scheme and hostname, or a URL-path beginning with a slash. In this latter case the scheme and hostname of the current server will be added.</p> @@ -284,7 +284,7 @@ a different URL</description> <code>http://foo2.example.com/service/foo.txt</code> instead. This includes requests with <code>GET</code> parameters, such as <code>http://example.com/service/foo.pl?q=23&a=42</code>, - it will be redirected to + it will be redirected to <code>http://foo2.example.com/service/foo.pl?q=23&a=42</code>. Note that <code>POST</code>s will be discarded.<br /> Only complete path segments are matched, so the above @@ -451,14 +451,14 @@ target as a CGI script</description> <p><directive>ScriptAlias</directive> can also be used in conjunction with a script or handler you have. For example:</p> - + <example> ScriptAlias /cgi-bin/ /web/cgi-handler.pl </example> - + <p>In this scenario all files requested in <code>/cgi-bin/</code> will be - handled by the file you have configured, this allows you to use your own custom - handler. You may want to use this as a wrapper for CGI so that you can add + handled by the file you have configured, this allows you to use your own custom + handler. You may want to use this as a wrapper for CGI so that you can add content, or some other bespoke action.</p> <note type="warning">It is safer to avoid placing CGI scripts under the diff --git a/docs/manual/mod/mod_allowmethods.xml b/docs/manual/mod/mod_allowmethods.xml index 5a2cf8fa55..e9fcca004d 100644 --- a/docs/manual/mod/mod_allowmethods.xml +++ b/docs/manual/mod/mod_allowmethods.xml @@ -1,6 +1,6 @@ -<?xml version="1.0"?> +<?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> +<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> <!-- $LastChangedRevision$ --> <!-- @@ -12,12 +12,12 @@ svn ps svn:keywords LastChangedRevision mod_allowmethods.xml in order for it to rebuild correctly. --> - -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 + The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at @@ -30,7 +30,7 @@ in order for it to rebuild correctly. limitations under the License. --> -<modulesynopsis metafile="mod_allowmethods.xml.meta"> +<modulesynopsis metafile="mod_allowmethods.xml.meta"> <name>mod_allowmethods</name> <description>Easily restrict what HTTP methods can be used on the server</description> <status>Experimental</status> @@ -55,7 +55,7 @@ used on an server. The most common configuration would be:</p> <directivesynopsis> <name>AllowMethods</name> <description>Restrict access to the listed HTTP methods</description> -<syntax>AllowMethods reset|<em>HTTP-method</em> +<syntax>AllowMethods reset|<em>HTTP-method</em> [<em>HTTP-method</em>]...</syntax> <default>AllowMethods reset</default> <contextlist><context>directory</context></contextlist> diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index 4c889e8917..d02bbc6d5a 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -55,7 +55,7 @@ <override>AuthConfig</override> <usage> - <p>The <directive>AuthBasicProvider</directive> directive sets + <p>The <directive>AuthBasicProvider</directive> directive sets which provider is used to authenticate the users for this location. The default <code>file</code> provider is implemented by the <module>mod_authn_file</module> module. Make sure @@ -75,7 +75,7 @@ </example> <p> Providers are queried in order until a provider finds a match - for the requested username, at which point this sole provider will + for the requested username, at which point this sole provider will attempt to check the password. A failure to verify the password does not result in control being passed on to subsequent providers.</p> diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index 85b233f255..8e06f6b9d7 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -43,12 +43,12 @@ <section id="using"><title>Using Digest Authentication</title> - <p>To use MD5 Digest authentication, simply + <p>To use MD5 Digest authentication, simply change the normal <code>AuthType Basic</code> and <directive module="mod_auth_basic">AuthBasicProvider</directive> to <code>AuthType Digest</code> and <directive module="mod_auth_digest">AuthDigestProvider</directive>, - when setting up authentication, then add a + when setting up authentication, then add a <directive module="mod_auth_digest" >AuthDigestDomain</directive> directive containing at least the root URI(s) for this protection space.</p> @@ -70,7 +70,7 @@ </Location> </example> - <note><title>Note</title> + <note><title>Note</title> <p>Digest authentication is more secure than Basic authentication, but only works with supporting browsers. As of September 2004, major browsers that support digest authentication include <a @@ -137,13 +137,13 @@ <override>AuthConfig</override> <usage> - <p>The <directive>AuthDigestProvider</directive> directive sets + <p>The <directive>AuthDigestProvider</directive> directive sets which provider is used to authenticate the users for this location. The default <code>file</code> provider is implemented by the <module>mod_authn_file</module> module. Make sure that the chosen provider module is present in the server.</p> - <p>See <module>mod_authn_dbm</module>, <module>mod_authn_file</module>, + <p>See <module>mod_authn_dbm</module>, <module>mod_authn_file</module>, <module>mod_authn_dbd</module> and <module>mod_authn_socache</module> for providers.</p> </usage> diff --git a/docs/manual/mod/mod_auth_form.xml b/docs/manual/mod/mod_auth_form.xml index 0048c1e218..fedb656631 100644 --- a/docs/manual/mod/mod_auth_form.xml +++ b/docs/manual/mod/mod_auth_form.xml @@ -55,7 +55,7 @@ <p>Once the user has been successfully authenticated, the user's login details will be stored in a session provided by <module>mod_session</module>. </p> - + </summary> <seealso><module>mod_session</module></seealso> <seealso><directive module="mod_authn_core">AuthName</directive></seealso> @@ -65,7 +65,7 @@ <seealso><a href="../howto/auth.html">Authentication howto</a></seealso> <section id="basicconfig"><title>Basic Configuration</title> - + <p>To protect a particular URL with <module>mod_auth_form</module>, you need to decide where you will store your <var>session</var>, and you will need to decide what method you will use to authenticate. In this simple example, the @@ -73,7 +73,7 @@ <module>mod_session_cookie</module>, and authentication will be attempted against a file using <module>mod_authn_file</module>. If authentication is unsuccessful, the user will be redirected to the form login page.</p> - + <example><title>Basic example</title> AuthFormProvider file<br /> AuthUserFile conf/passwd<br /> @@ -84,14 +84,14 @@ SessionCookieName session path=/<br /> SessionCryptoPassphrase secret<br /> </example> - + <p>The directive <directive module="mod_authn_core">AuthType</directive> will enable the <module>mod_auth_form</module> authentication when set to the value <var>form</var>. The directives <directive module="mod_auth_form">AuthFormProvider</directive> and <directive module="mod_authn_file">AuthUserFile</directive> specify that usernames and passwords should be checked against the chosen file.</p> - <p>The directives <directive module="mod_session">Session</directive>, + <p>The directives <directive module="mod_session">Session</directive>, <directive module="mod_session_cookie">SessionCookieName</directive> and <directive module="mod_session_crypto">SessionCryptoPassphrase</directive> create an encrypted session stored within an HTTP cookie on the browser. For more information @@ -104,18 +104,18 @@ dedicated standalone login page for this purpose, or for providing the login page inline.</p> </section> - + <section id="standalone"><title>Standalone Login</title> <p>The login form can be hosted as a standalone page, or can be provided inline on the same page.</p> - + <p>When configuring the login as a standalone page, unsuccessful authentication attempts should be redirected to a login form created by the website for this purpose, using the <directive module="mod_auth_form">AuthFormLoginRequiredLocation</directive> directive. Typically this login page will contain an HTML form, asking the user to provide their usename and password.</p> - + <example><title>Example login form</title> <form method="POST" action="/dologin.html"><br /> Username: <input type="text" name="httpd_username" value="" /><br /> @@ -127,7 +127,7 @@ <p>The part that does the actual login is handled by the <var>form-login-handler</var>. The action of the form should point at this handler, which is configured within Apache httpd as follows:</p> - + <example><title>Form login handler example</title> <Location /dologin.html> <indent> @@ -150,7 +150,7 @@ point to a page explaining to the user that their login attempt was unsuccessful, and they should try again. The <directive module="mod_auth_form">AuthFormLoginSuccessLocation</directive> directive specifies the URL the user should be redirected to upon successful login.</p> - + <p>Alternatively, the URL to redirect the user to on success can be embedded within the login form, as in the example below. As a result, the same <var>form-login-handler</var> can be reused for different areas of a website.</p> @@ -169,9 +169,9 @@ </section> <section id="inline"><title>Inline Login</title> - + <note type="warning"><title>Warning</title> - <p>A risk exists that under certain circumstances, the login form configured + <p>A risk exists that under certain circumstances, the login form configured using inline login may be submitted more than once, revealing login credentials to the application running underneath. The administrator must ensure that the underlying application is properly secured to prevent abuse. If in doubt, use the @@ -190,7 +190,7 @@ <directive module="mod_auth_form">AuthFormLoginRequiredLocation</directive> directive, a <var>HTTP_UNAUTHORIZED</var> status code is returned to the browser indicating to the user that they are not authorized to view the page.</p> - + <p>To configure inline authentication, the administrator overrides the error document returned by the <var>HTTP_UNAUTHORIZED</var> status code with a custom error document containing the login form, as follows:</p> @@ -206,7 +206,7 @@ SessionCookieName session path=/<br /> SessionCryptoPassphrase secret<br /> </example> - + <p>The error document page should contain a login form with an empty action property, as per the example below. This has the effect of submitting the form to the original protected URL, without the page having to know what that @@ -268,7 +268,7 @@ <p>One option is to use the <module>mod_include</module> module along with the <directive module="core">KeptBodySize</directive> directive, along with a suitable CGI script to embed the variables in the form.</p> - + <p>Another option is to render the login form using a CGI script or other dynamic technology.</p> @@ -339,7 +339,7 @@ <override>AuthConfig</override> <usage> - <p>The <directive>AuthFormProvider</directive> directive sets + <p>The <directive>AuthFormProvider</directive> directive sets which provider is used to authenticate the users for this location. The default <code>file</code> provider is implemented by the <module>mod_authn_file</module> module. Make sure @@ -454,9 +454,9 @@ lower level modules</description> <p>The <directive module="mod_auth_form">AuthFormMethod</directive> directive specifies the name of an HTML field which, if present, will contain the method of the request to to submit should login be successful.</p> - + <p>By populating the form with fields described by - <directive module="mod_auth_form">AuthFormMethod</directive>, + <directive module="mod_auth_form">AuthFormMethod</directive>, <directive module="mod_auth_form">AuthFormMimetype</directive> and <directive module="mod_auth_form">AuthFormBody</directive>, a website can retry a request that may have been interrupted by the login screen, or by a session @@ -479,7 +479,7 @@ lower level modules</description> mimetype of the request to to submit should login be successful.</p> <p>By populating the form with fields described by - <directive module="mod_auth_form">AuthFormMethod</directive>, + <directive module="mod_auth_form">AuthFormMethod</directive>, <directive module="mod_auth_form">AuthFormMimetype</directive> and <directive module="mod_auth_form">AuthFormBody</directive>, a website can retry a request that may have been interrupted by the login screen, or by a session @@ -502,7 +502,7 @@ lower level modules</description> to submit should login be successful.</p> <p>By populating the form with fields described by - <directive module="mod_auth_form">AuthFormMethod</directive>, + <directive module="mod_auth_form">AuthFormMethod</directive>, <directive module="mod_auth_form">AuthFormMimetype</directive> and <directive module="mod_auth_form">AuthFormBody</directive>, a website can retry a request that may have been interrupted by the login screen, or by a session @@ -522,12 +522,12 @@ lower level modules</description> <usage> <p>The <directive module="mod_auth_form">AuthFormSize</directive> directive specifies the maximum size of the body of the request that will be parsed to find the login form.</p> - + <p>If a login request arrives that exceeds this size, the whole request will be aborted with the HTTP response code <code>HTTP_REQUEST_TOO_LARGE</code>.</p> <p>If you have populated the form with fields described by - <directive module="mod_auth_form">AuthFormMethod</directive>, + <directive module="mod_auth_form">AuthFormMethod</directive>, <directive module="mod_auth_form">AuthFormMimetype</directive> and <directive module="mod_auth_form">AuthFormBody</directive>, you probably want to set this field to a similar size as the <directive module="core">KeptBodySize</directive> @@ -552,7 +552,7 @@ lower level modules</description> will be returned with the page specified by the <directive module="core">ErrorDocument</directive> directive. This directive overrides this default.</p> - + <p>Use this directive if you have a dedicated login page to redirect users to.</p> </usage> @@ -572,7 +572,7 @@ lower level modules</description> specifies the URL to redirect to should the user have logged in successfully. This directive can be overridden if a form field has been defined containing another URL using the <directive module="mod_auth_form">AuthFormLocation</directive> directive.</p> - + <p>Use this directive if you have a dedicated login URL, and you have not embedded the destination page in the login form.</p> @@ -613,7 +613,7 @@ lower level modules</description> <p>When a URI is accessed that is served by the handler <code>form-logout-handler</code>, the page specified by this directive will be shown to the end user. For example:</p> - + <example><title>Example</title> <Location /logout><br /> <indent> @@ -624,7 +624,7 @@ lower level modules</description> </indent> </Location> </example> - + <p>An attempt to access the URI <var>/logout/</var> will result in the user being logged out, and the page <var>/loggedout.html</var> will be displayed. Make sure that the page <var>loggedout.html</var> is not password protected, otherwise the page will not be @@ -667,7 +667,7 @@ lower level modules</description> specifies a passphrase which, if present in the user session, causes Apache httpd to bypass authentication checks for the given URL. It can be used on high traffic websites to reduce the load induced on authentication infrastructure.</p> - + <p>The passphrase can be inserted into a user session by adding this directive to the configuration for the <var>form-login-handler</var>. The <var>form-login-handler</var> itself will always run the authentication checks, regardless of whether a passphrase diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml index fd3284cdc6..0edbfc915b 100644 --- a/docs/manual/mod/mod_authn_core.xml +++ b/docs/manual/mod/mod_authn_core.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_authn_core.xml.meta"> -<name>mod_authn_core</name> +<name>mod_authn_core</name> <description>Core Authentication</description> <status>Base</status> <sourcefile>mod_authn_core.c</sourcefile> @@ -30,22 +30,22 @@ <compatibility>Available in Apache 2.3 and later</compatibility> <summary> - <p>This module provides core authentication capabilities to - allow or deny access to portions of the web site. - <module>mod_authn_core</module> provides directives that are + <p>This module provides core authentication capabilities to + allow or deny access to portions of the web site. + <module>mod_authn_core</module> provides directives that are common to all authentication providers.</p> </summary> <section id="authnalias"><title>Creating Authentication Provider Aliases</title> - <p>Extended authentication providers can be created - within the configuration file and assigned an alias name. The alias - providers can then be referenced through the directives - <directive module="mod_auth_basic">AuthBasicProvider</directive> or + <p>Extended authentication providers can be created + within the configuration file and assigned an alias name. The alias + providers can then be referenced through the directives + <directive module="mod_auth_basic">AuthBasicProvider</directive> or <directive module="mod_auth_digest">AuthDigestProvider</directive> in the same way as a base authentication provider. Besides the ability - to create and alias an extended provider, it also allows the same - extended authentication provider to be reference by multiple + to create and alias an extended provider, it also allows the same + extended authentication provider to be reference by multiple locations.</p> <section id="example"><title>Examples</title> @@ -80,11 +80,11 @@ </Directory><br /> </example> - <p>The example below creates two different ldap authentication + <p>The example below creates two different ldap authentication provider aliases based on the ldap provider. This allows a single authenticated location to be serviced by multiple ldap hosts:</p> - + <example><title>Checking multiple LDAP servers</title> <AuthnProviderAlias ldap ldap-alias1><br /> <indent> @@ -100,15 +100,15 @@ AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br /> </indent> </AuthnProviderAlias><br /><br /> - + Alias /secure /webpages/secure<br /> <Directory /webpages/secure><br /> <indent> Order deny,allow<br /> Allow from all<br /><br /> - + AuthBasicProvider ldap-other-alias ldap-alias1<br /><br /> - + AuthType Basic<br /> AuthName LDAP_Protected_Place<br /> Require valid-user<br /> @@ -213,10 +213,10 @@ authentication</description> tree will typically continue to send authentication HTTP headers or cookies with each request, regardless of whether the server actually requires authentication for every resource.</note> -</usage> +</usage> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> </directivesynopsis> <directivesynopsis type="section"> @@ -232,7 +232,7 @@ the specified alias</description> <usage> <p><code><AuthnProviderAlias></code> and <code></AuthnProviderAlias></code> are used to enclose a group of - authentication directives that can be referenced by the alias name + authentication directives that can be referenced by the alias name using one of the directives <directive module="mod_auth_basic"> AuthBasicProvider</directive> or <directive module="mod_auth_digest"> AuthDigestProvider</directive>.</p> diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml index f6e228b9f1..dd530946ff 100644 --- a/docs/manual/mod/mod_authn_file.xml +++ b/docs/manual/mod/mod_authn_file.xml @@ -50,7 +50,7 @@ <seealso><program>htpasswd</program></seealso> <seealso><program>htdigest</program></seealso> <seealso><a href="../misc/password_encryptions.html">Password Formats</a></seealso> - + <directivesynopsis> <name>AuthUserFile</name> <description>Sets the name of a text file containing the list of users and diff --git a/docs/manual/mod/mod_authn_socache.xml b/docs/manual/mod/mod_authn_socache.xml index e1942d78c8..7a1816ab26 100644 --- a/docs/manual/mod/mod_authn_socache.xml +++ b/docs/manual/mod/mod_authn_socache.xml @@ -1,4 +1,4 @@ -<?xml version="1.0"?> +<?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> <!-- $LastChangedRevision$ --> @@ -183,6 +183,6 @@ the load on backends</description> is not permitted in <var>.htaccess</var> contexts.</p> </usage> </directivesynopsis> - + </modulesynopsis> diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index d646625e3b..a07ad31830 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -32,9 +32,9 @@ for HTTP Basic authentication.</description> <summary> <p>This module provides authentication front-ends such as - <module>mod_auth_basic</module> to authenticate users through + <module>mod_auth_basic</module> to authenticate users through an ldap directory.</p> - + <p><module>mod_authnz_ldap</module> supports the following features:</p> <ul> @@ -69,7 +69,7 @@ for HTTP Basic authentication.</description> <ul> <li> - <a href="#operation">Operation</a> + <a href="#operation">Operation</a> <ul> <li><a href="#authenphase">The Authentication @@ -81,7 +81,7 @@ for HTTP Basic authentication.</description> </li> <li> - <a href="#requiredirectives">The Require Directives</a> + <a href="#requiredirectives">The Require Directives</a> <ul> <li><a href="#requser">Require ldap-user</a></li> @@ -99,7 +99,7 @@ for HTTP Basic authentication.</description> <li><a href="#activedirectory">Using Active Directory</a></li> <li> <a href="#frontpage">Using Microsoft FrontPage with - <module>mod_authnz_ldap</module></a> + <module>mod_authnz_ldap</module></a> <ul> <li><a href="#howitworks">How It Works</a></li> @@ -113,7 +113,7 @@ for HTTP Basic authentication.</description> <p>There are two phases in granting access to a user. The first phase is authentication, in which the <module>mod_authnz_ldap</module> - authentication provider verifies that the user's credentials are valid. + authentication provider verifies that the user's credentials are valid. This is also called the <em>search/bind</em> phase. The second phase is authorization, in which <module>mod_authnz_ldap</module> determines if the authenticated user is allowed access to the resource in @@ -122,11 +122,11 @@ for HTTP Basic authentication.</description> <p><module>mod_authnz_ldap</module> registers both an authn_ldap authentication provider and an authz_ldap authorization handler. The authn_ldap - authentication provider can be enabled through the - <directive module="mod_auth_basic">AuthBasicProvider</directive> directive - using the <code>ldap</code> value. The authz_ldap handler extends the + authentication provider can be enabled through the + <directive module="mod_auth_basic">AuthBasicProvider</directive> directive + using the <code>ldap</code> value. The authz_ldap handler extends the <directive module="mod_authz_core">Require</directive> directive's authorization types - by adding <code>ldap-user</code>, <code>ldap-dn</code> and <code>ldap-group</code> + by adding <code>ldap-user</code>, <code>ldap-dn</code> and <code>ldap-group</code> values.</p> <section id="authenphase"><title>The Authentication @@ -215,14 +215,14 @@ for HTTP Basic authentication.</description> one of its sub-groups.</li> <li>Grant access if there is a <a href="#reqattribute"> - <code>Require ldap-attribute</code></a> + <code>Require ldap-attribute</code></a> directive, and the attribute fetched from the LDAP directory - matches the given value.</li> + matches the given value.</li> <li>Grant access if there is a <a href="#reqfilter"> - <code>Require ldap-filter</code></a> + <code>Require ldap-filter</code></a> directive, and the search filter successfully finds a single user - object that matches the dn of the authenticated user.</li> + object that matches the dn of the authenticated user.</li> <li>otherwise, deny or decline access</li> </ul> @@ -231,16 +231,16 @@ for HTTP Basic authentication.</description> be used which may require loading additional authorization modules.</p> <ul> - <li>Grant access to all successfully authenticated users if - there is a <a href="#requser"><code>Require valid-user</code></a> + <li>Grant access to all successfully authenticated users if + there is a <a href="#requser"><code>Require valid-user</code></a> directive. (requires <module>mod_authz_user</module>)</li> <li>Grant access if there is a <a href="#reqgroup"><code>Require group</code></a> directive, and - <module>mod_authz_groupfile</module> has been loaded with the - <directive module="mod_authz_groupfile">AuthGroupFile</directive> + <module>mod_authz_groupfile</module> has been loaded with the + <directive module="mod_authz_groupfile">AuthGroupFile</directive> directive set.</li> - + <li>others...</li> </ul> @@ -317,10 +317,10 @@ for HTTP Basic authentication.</description> <p>Apache's <directive module="mod_authz_core">Require</directive> directives are used during the authorization phase to ensure that - a user is allowed to access a resource. mod_authnz_ldap extends the - authorization types with <code>ldap-user</code>, <code>ldap-dn</code>, - <code>ldap-group</code>, <code>ldap-attribute</code> and - <code>ldap-filter</code>. Other authorization types may also be + a user is allowed to access a resource. mod_authnz_ldap extends the + authorization types with <code>ldap-user</code>, <code>ldap-dn</code>, + <code>ldap-group</code>, <code>ldap-attribute</code> and + <code>ldap-filter</code>. Other authorization types may also be used but may require that additional authorization modules be loaded.</p> <section id="requser"><title>Require ldap-user</title> @@ -412,7 +412,7 @@ uniqueMember: cn=Elliot Rhodes, o=Example<br /> <p>The following directives would allow access for Bob Ellis, Tom Jackson, Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not - allow access for Jim Swenson, or Elliot Rhodes (since they are at a + allow access for Jim Swenson, or Elliot Rhodes (since they are at a sub-group depth of 2):</p> <example> Require ldap-group cn=Employees, o-Example<br /> @@ -453,18 +453,18 @@ AuthLDAPSubGroupDepth 1<br /> administrator to grant access based on attributes of the authenticated user in the LDAP directory. If the attribute in the directory matches the value given in the configuration, access is granted.</p> - + <p>The following directive would grant access to anyone with the attribute employeeType = active</p> <example>Require ldap-attribute employeeType=active</example> <p>Multiple attribute/value pairs can be specified on the same line - separated by spaces or they can be specified in multiple - <code>Require ldap-attribute</code> directives. The effect of listing - multiple attribute/values pairs is an OR operation. Access will be - granted if any of the listed attribute values match the value of the - corresponding attribute in the user object. If the value of the + separated by spaces or they can be specified in multiple + <code>Require ldap-attribute</code> directives. The effect of listing + multiple attribute/values pairs is an OR operation. Access will be + granted if any of the listed attribute values match the value of the + corresponding attribute in the user object. If the value of the attribute contains a space, only the value must be within double quotes.</p> <p>The following directive would grant access to anyone with @@ -480,18 +480,18 @@ AuthLDAPSubGroupDepth 1<br /> administrator to grant access based on a complex LDAP search filter. If the dn returned by the filter search matches the authenticated user dn, access is granted.</p> - + <p>The following directive would grant access to anyone having a cell phone and is in the marketing department</p> <example>Require ldap-filter &(cell=*)(department=marketing)</example> - <p>The difference between the <code>Require ldap-filter</code> directive and the - <code>Require ldap-attribute</code> directive is that <code>ldap-filter</code> - performs a search operation on the LDAP directory using the specified search - filter rather than a simple attribute comparison. If a simple attribute - comparison is all that is required, the comparison operation performed by - <code>ldap-attribute</code> will be faster than the search operation + <p>The difference between the <code>Require ldap-filter</code> directive and the + <code>Require ldap-attribute</code> directive is that <code>ldap-filter</code> + performs a search operation on the LDAP directory using the specified search + filter rather than a simple attribute comparison. If a simple attribute + comparison is all that is required, the comparison operation performed by + <code>ldap-attribute</code> will be faster than the search operation used by <code>ldap-filter</code> especially within a large directory.</p> </section> @@ -503,7 +503,7 @@ AuthLDAPSubGroupDepth 1<br /> <ul> <li> Grant access to anyone who exists in the LDAP directory, - using their UID for searches. + using their UID for searches. <example> AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"<br /> Require valid-user @@ -513,7 +513,7 @@ Require valid-user <li> The next example is the same as above; but with the fields that have useful defaults omitted. Also, note the use of a - redundant LDAP server. + redundant LDAP server. <example>AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"<br /> Require valid-user </example> @@ -527,7 +527,7 @@ Require valid-user <strong>must</strong> return exactly one entry. That's why this approach is not recommended: it's a better idea to choose an attribute that is guaranteed unique in your - directory, such as <code>uid</code>. + directory, such as <code>uid</code>. <example> AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"<br /> Require valid-user @@ -536,7 +536,7 @@ Require valid-user <li> Grant access to anybody in the Administrators group. The - users must authenticate using their UID. + users must authenticate using their UID. <example> AuthLDAPURL ldap://ldap.example.com/o=Example?uid<br /> Require ldap-group cn=Administrators, o=Example @@ -548,7 +548,7 @@ Require ldap-group cn=Administrators, o=Example carries an alphanumeric pager will have an LDAP attribute of <code>qpagePagerID</code>. The example will grant access only to people (authenticated via their UID) who have - alphanumeric pagers: + alphanumeric pagers: <example> AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)<br /> Require valid-user @@ -597,10 +597,10 @@ Require valid-user module="mod_ldap">LDAPTrustedGlobalCert</directive> and <directive module="mod_ldap">LDAPTrustedMode</directive>.</p> - <p>An optional second parameter can be added to the + <p>An optional second parameter can be added to the <directive module="mod_authnz_ldap">AuthLDAPURL</directive> to override the default connection type set by <directive module="mod_ldap">LDAPTrustedMode</directive>. - This will allow the connection established by an <em>ldap://</em> Url + This will allow the connection established by an <em>ldap://</em> Url to be upgraded to a secure connection on the same port.</p> </section> @@ -619,11 +619,11 @@ Require valid-user <section id="exposed"><title>Exposing Login Information</title> <p>when this module performs <em>authentication</em>, ldap attributes specified - in the <directive module="mod_authnz_ldap">authldapurl</directive> + in the <directive module="mod_authnz_ldap">authldapurl</directive> directive are placed in environment variables with the prefix "AUTHENTICATE_".</p> <p>when this module performs <em>authorization</em>, ldap attributes specified - in the <directive module="mod_authnz_ldap">authldapurl</directive> + in the <directive module="mod_authnz_ldap">authldapurl</directive> directive are placed in environment variables with the prefix "AUTHORIZE_".</p> <p>If the attribute field contains the username, common name @@ -706,7 +706,7 @@ Require group <em>mygroupfile</em> the LDAP directory is considered a valid user, whereas FrontPage considers only those people in the local user file to be valid. By substituting the ldap-group with group file authorization, - Apache is allowed to consult the local user file (which is managed by + Apache is allowed to consult the local user file (which is managed by FrontPage) - instead of LDAP - when handling authorizing the user.</p> <p>Once directives have been added as specified above, @@ -735,7 +735,7 @@ Require group <em>mygroupfile</em> <module>mod_authn_file</module> and <module>mod_authz_groupfile</module> in order to use FrontPage support. This is because Apache will still use - the <module>mod_authz_groupfile</module> group file for determine + the <module>mod_authz_groupfile</module> group file for determine the extent of a user's access to the FrontPage web.</li> <li>The directives must be put in the <code>.htaccess</code> @@ -772,7 +772,7 @@ authorization</description> whether LDAP has performed authentication, authorization, or both.</p> <note><title>Note</title> - No authorization variables are set when a user is authorized on the basis of + No authorization variables are set when a user is authorized on the basis of <code>Require valid-user</code>. </note> </usage> @@ -788,14 +788,14 @@ authorization</description> </contextlist> <override>AuthConfig</override> <usage> - <p>By default, subsequent authentication providers are only queried if a + <p>By default, subsequent authentication providers are only queried if a user cannot be mapped to a DN, but not if the user can be mapped to a DN and their - password cannot be verified with an LDAP bind. - If <directive module="mod_authnz_ldap">AuthLDAPBindAuthoritative</directive> - is set to <em>off</em>, other configured authentication modules will have - a chance to validate the user if the LDAP bind (with the current user's credentials) + password cannot be verified with an LDAP bind. + If <directive module="mod_authnz_ldap">AuthLDAPBindAuthoritative</directive> + is set to <em>off</em>, other configured authentication modules will have + a chance to validate the user if the LDAP bind (with the current user's credentials) fails for any reason.</p> - <p> This allows users present in both LDAP and + <p> This allows users present in both LDAP and <directive module="mod_authn_file">AuthUserFile</directive> to authenticate when the LDAP server is available but the user's account is locked or password is otherwise unusable.</p> @@ -820,13 +820,13 @@ own username, instead of anonymously or with hard-coded credentials for the serv distinguished name (DN). This directive forces the server to use the verbatim username and password provided by the incoming user to perform the initial DN search.</p> - + <p> If the verbatim username can't directly bind, but needs some cosmetic transformation, see <directive module="mod_authnz_ldap"> AuthLDAPInitialBindPattern</directive>.</p> - - <p> This directive should only be used when your LDAP server doesn't - accept anonymous searches and you cannot use a dedicated + + <p> This directive should only be used when your LDAP server doesn't + accept anonymous searches and you cannot use a dedicated <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>. </p> @@ -858,9 +858,9 @@ to perform a DN lookup</description> <p> The regular expression argument is compared against the current basic authentication username. The substitution argument may contain backreferences, but has no other variable interpolation.</p> - - <p> This directive should only be used when your LDAP server doesn't - accept anonymous searches and you cannot use a dedicated + + <p> This directive should only be used when your LDAP server doesn't + accept anonymous searches and you cannot use a dedicated <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>. </p> @@ -872,8 +872,8 @@ to perform a DN lookup</description> has no effect when this module is used exclusively for authorization. </note> <note><title>debugging</title> - The substituted DN is recorded in the environment variable - <em>LDAP_BINDASUSER</em>. If the regular expression does not match the input, + The substituted DN is recorded in the environment variable + <em>LDAP_BINDASUSER</em>. If the regular expression does not match the input, the verbatim username is used. </note> </usage> @@ -910,7 +910,7 @@ to perform a DN lookup</description> properly protected. You should only use the <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive> and <directive module="mod_authnz_ldap">AuthLDAPBindPassword</directive> if you - absolutely need them to search the directory.</p> + absolutely need them to search the directory.</p> </usage> </directivesynopsis> @@ -953,16 +953,16 @@ to perform a DN lookup</description> <usage> <p>When set, and <module>mod_authnz_ldap</module> has authenticated the user, LDAP comparisons for authorization use the queried distinguished name (DN) - and HTTP basic authentication password of the authenticated user instead of + and HTTP basic authentication password of the authenticated user instead of the servers configured credentials.</p> - <p> The <em>ldap-attribute</em>, <em>ldap-user</em>, and <em>ldap-group</em> (single-level only) + <p> The <em>ldap-attribute</em>, <em>ldap-user</em>, and <em>ldap-group</em> (single-level only) authorization checks use comparisons.</p> <p>This directive only has effect on the comparisons performed during nested group processing when <directive module="mod_authnz_ldap"> AuthLDAPSearchAsUser</directive> is also enabled.</p> - + <p> This directive should only be used when your LDAP server doesn't accept anonymous comparisons and you cannot use a dedicated <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>. @@ -1085,10 +1085,10 @@ query to set the REMOTE_USER environment variable</description> <default>none</default> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> -<override>AuthConfig</override> - +<override>AuthConfig</override> + <usage> - <p>If this directive is set, the value of the + <p>If this directive is set, the value of the <code>REMOTE_USER</code> environment variable will be set to the value of the attribute specified. Make sure that this attribute is included in the list of attributes in the AuthLDAPUrl definition, @@ -1132,10 +1132,10 @@ environment variable</description> <usage> <p>When set, and <module>mod_authnz_ldap</module> has authenticated the user, LDAP searches for authorization use the queried distinguished name (DN) - and HTTP basic authentication password of the authenticated user instead of + and HTTP basic authentication password of the authenticated user instead of the servers configured credentials.</p> - <p> The <em>ldap-filter</em> and <em>ldap-dn</em> authorization + <p> The <em>ldap-filter</em> and <em>ldap-dn</em> authorization checks use searches.</p> <p>This directive only has effect on the comparisons performed during @@ -1213,8 +1213,8 @@ objects that are groups during sub-group processing.</description> <example>ldap://host:port/basedn?attribute?scope?filter</example> <p>If you want to specify more than one LDAP URL that Apache should try in turn, the syntax is:</p> <example>AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."</example> -<p><em><strong>Caveat: </strong>If you specify multiple servers, you need to enclose the entire URL string in quotes; -otherwise you will get an error: "AuthLDAPURL takes one argument, URL to define LDAP connection.." </em> +<p><em><strong>Caveat: </strong>If you specify multiple servers, you need to enclose the entire URL string in quotes; +otherwise you will get an error: "AuthLDAPURL takes one argument, URL to define LDAP connection.." </em> You can of course use search parameters on each of these.</p> <dl> @@ -1234,7 +1234,7 @@ You can of course use search parameters on each of these.</p> specify multiple, redundant LDAP servers, just list all servers, separated by spaces. <module>mod_authnz_ldap</module> will try connecting to each server in turn, until it makes a - successful connection. If multiple ldap servers are specified, + successful connection. If multiple ldap servers are specified, then entire LDAP URL must be encapsulated in double quotes.</p> <p>Once a connection has been made to a server, that @@ -1298,7 +1298,7 @@ You can of course use search parameters on each of these.</p> Jenson</code>, the resulting search filter will be <code>(&(posixid=*)(cn=Babs Jenson))</code>.</p> - <p>An optional parameter can be added to allow the LDAP Url to override + <p>An optional parameter can be added to allow the LDAP Url to override the connection type. This parameter can be one of the following:</p> <dl> @@ -1310,7 +1310,7 @@ You can of course use search parameters on each of these.</p> This is the same as <code>ldaps://</code></dd> <dt>TLS | STARTTLS</dt> <dd>Establish an upgraded secure connection on the default LDAP port. - This connection will be initiated on port 389 by default and then + This connection will be initiated on port 389 by default and then upgraded to a secure connection on the same port.</dd> </dl> diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 79c5a9d240..192444f896 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_authz_core.xml.meta"> -<name>mod_authz_core</name> +<name>mod_authz_core</name> <description>Core Authorization</description> <status>Base</status> <sourcefile>mod_authz_core.c</sourcefile> @@ -32,12 +32,12 @@ <summary> <p>This module provides core authorization capabilities so that authenticated users can be allowed or denied access to portions - of the web site. <module>mod_authz_core</module> provides the + of the web site. <module>mod_authz_core</module> provides the functionality to register various authorization providers. It is usually used in conjunction with an authentication - provider module such as <module>mod_authn_file</module> and an + provider module such as <module>mod_authn_file</module> and an authorization module such as <module>mod_authz_user</module>. It - also allows for advanced logic to be applied to the + also allows for advanced logic to be applied to the authorization processing.</p> </summary> @@ -57,36 +57,36 @@ allows a single authorization location to check group membership within multiple ldap hosts: </p> - + <example><title>Example</title> <AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx><br /> <indent> AuthLDAPBindDN cn=youruser,o=ctx<br /> AuthLDAPBindPassword yourpassword<br /> AuthLDAPURL ldap://ldap.host/o=ctx<br /> - </indent> - </AuthzProviderAlias><br /><br /> + </indent> + </AuthzProviderAlias><br /><br /> <AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev><br /> <indent> AuthLDAPBindDN cn=yourotheruser,o=dev<br /> AuthLDAPBindPassword yourotherpassword<br /> AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br /> - </indent> + </indent> </AuthzProviderAlias><br /><br /> - + Alias /secure /webpages/secure<br /> <Directory /webpages/secure><br /> <indent> Require all granted<br /><br /> - + AuthBasicProvider file<br /><br /> - + AuthType Basic<br /> AuthName LDAP_Protected_Place<br /><br /> - #implied OR operation<br /> - Require ldap-group-alias1<br /> + #implied OR operation<br /> + Require ldap-group-alias1<br /> Require ldap-group-alias2<br /> </indent> </Directory><br /> </example> @@ -145,7 +145,7 @@ </RequireNone> </indent> </RequireAll> - </indent> + </indent> </Directory> </example> </section> @@ -160,7 +160,7 @@ <p>The <code>env</code> provider allows access to the server to be controlled based on the existence of an <a - href="../env.html">environment variable</a>. When <code>Require + href="../env.html">environment variable</a>. When <code>Require env <var>env-variable</var></code> is specified, then the request is allowed access if the environment variable <var>env-variable</var> exists. The server provides the ability to set environment @@ -170,7 +170,7 @@ used to allow access based on such factors as the clients <code>User-Agent</code> (browser type), <code>Referer</code>, or other HTTP request header fields.</p> - + <example><title>Example:</title> SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br /> <Directory /docroot><br /> @@ -179,7 +179,7 @@ </indent> </Directory> </example> - + <p>In this case, browsers with a user-agent string beginning with <code>KnockKnock/2.0</code> will be allowed access, and all others will be denied.</p> @@ -190,8 +190,8 @@ <p>The <code>all</code> provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' - directives. This provider can take one of two arguments which are - 'granted' or 'denied'. The following examples will grant or deny + directives. This provider can take one of two arguments which are + 'granted' or 'denied'. The following examples will grant or deny access to all requests.</p> <example> @@ -302,17 +302,17 @@ an authorization provider.</description> <p>Other authorization modules that implement require options include <module>mod_authnz_ldap</module>, - <module>mod_authz_dbm</module>, <module>mod_authz_dbd</module>, - <module>mod_authz_host</module>, + <module>mod_authz_dbm</module>, <module>mod_authz_dbd</module>, + <module>mod_authz_host</module>, <module>mod_authz_owner</module> and <module>mod_ssl</module>.</p> <p>In most cases, for a complete authentication and authorization configuration, <directive>Require</directive> must be accompanied by <directive module="mod_authn_core">AuthName</directive>, <directive - module="mod_authn_core">AuthType</directive> and + module="mod_authn_core">AuthType</directive> and <directive module="mod_auth_basic">AuthBasicProvider</directive> or - <directive module="mod_auth_digest">AuthDigestProvider</directive> - directives, and directives such as + <directive module="mod_auth_digest">AuthDigestProvider</directive> + directives, and directives such as <directive module="mod_authn_file">AuthUserFile</directive> and <directive module="mod_authz_groupfile">AuthGroupFile</directive> (to define users and groups) in order to work correctly. Example:</p> @@ -372,7 +372,7 @@ an authorization provider.</description> </usage> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> <seealso><a href="#logic">Authorization Containers</a></seealso> <seealso><module>mod_authn_core</module></seealso> <seealso><module>mod_authz_host</module></seealso> @@ -406,7 +406,7 @@ succeed.</description> <seealso><a href="#logic">Authorization Containers</a></seealso> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> </directivesynopsis> @@ -444,7 +444,7 @@ must succeed for the enclosing directive to succeed.</description> <seealso><a href="#logic">Authorization Containers</a></seealso> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> </directivesynopsis> @@ -485,7 +485,7 @@ must succeed for the enclosing directive to not fail.</description> <seealso><a href="#logic">Authorization Containers</a></seealso> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> </directivesynopsis> @@ -569,7 +569,7 @@ sections.</description> <description>Enclose a group of directives that represent an extension of a base authorization provider and referenced by the specified alias</description> -<syntax><AuthzProviderAlias <var>baseProvider Alias Require-Parameters</var>> +<syntax><AuthzProviderAlias <var>baseProvider Alias Require-Parameters</var>> ... </AuthzProviderAlias> </syntax> <contextlist><context>server config</context> diff --git a/docs/manual/mod/mod_authz_groupfile.xml b/docs/manual/mod/mod_authz_groupfile.xml index 1d5ed01438..5ebe885aad 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml +++ b/docs/manual/mod/mod_authz_groupfile.xml @@ -59,7 +59,7 @@ of user groups for authorization</description> <example><title>Example:</title> mygroup: bob joe anne - </example> + </example> <p>Note that searching large text files is <em>very</em> inefficient; <directive module="mod_authz_dbm" diff --git a/docs/manual/mod/mod_authz_host.xml b/docs/manual/mod/mod_authz_host.xml index 2c543f7cc3..09993d17ea 100644 --- a/docs/manual/mod/mod_authz_host.xml +++ b/docs/manual/mod/mod_authz_host.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_authz_host.xml.meta"> -<name>mod_authz_host</name> +<name>mod_authz_host</name> <description>Group authorizations based on host (name or IP address)</description> <status>Base</status> @@ -33,9 +33,9 @@ address)</description> <summary> <p>The authorization providers implemented by <module>mod_authz_host</module> are registered using the <directive module="mod_authz_core">Require</directive> - directive. The directive can be referenced within a + directive. The directive can be referenced within a <directive module="core" type="section">Directory</directive>, - <directive module="core" type="section">Files</directive>, + <directive module="core" type="section">Files</directive>, or <directive module="core" type="section">Location</directive> section as well as <code><a href="core.html#accessfilename">.htaccess</a> </code> files to control access to particular parts of the server. @@ -50,16 +50,16 @@ address)</description> </summary> <seealso><a href="../howto/auth.html">Authentication, Authorization, - and Access Control</a></seealso> + and Access Control</a></seealso> <seealso><directive module="mod_authz_core">Require</directive></seealso> <section id="requiredirectives"><title>The Require Directives</title> - <p>Apache's <directive module="mod_authz_core">Require</directive> + <p>Apache's <directive module="mod_authz_core">Require</directive> directive is used during the authorization phase to ensure that a user is allowed or - denied access to a resource. mod_authz_host extends the + denied access to a resource. mod_authz_host extends the authorization types with <code>ip</code> and <code>host</code>. - Other authorization types may also be + Other authorization types may also be used but may require that additional authorization modules be loaded.</p> <p>These authorization providers affect which hosts can @@ -69,50 +69,50 @@ address)</description> <section id="reqip"><title>Require ip</title> <p>The <code>ip</code> provider allows access to the server - to be controlled based on the IP address of the remote client. - When <code>Require ip <var>ip-address</var></code> is specified, + to be controlled based on the IP address of the remote client. + When <code>Require ip <var>ip-address</var></code> is specified, then the request is allowed access if the IP address matches.</p> <p>A full IP address:</p> - + <example> Require ip 10.1.2.3<br /> Require ip 192.168.1.104 192.168.1.205 </example> <p>An IP address of a host allowed access</p> - + <p>A partial IP address:</p> - + <example> Require ip 10.1<br /> Require ip 10 172.20 192.168.2 </example> <p>The first 1 to 3 bytes of an IP address, for subnet restriction.</p> - + <p>A network/netmask pair:</p> - + <example> Require ip 10.1.0.0/255.255.0.0 </example> <p>A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.</p> - + <p>A network/nnn CIDR specification:</p> - + <example> Require ip 10.1.0.0/16 </example> <p>Similar to the previous case, except the netmask consists of nnn high-order 1 bits.</p> - + <p>Note that the last three examples above match exactly the same set of hosts.</p> - + <p>IPv6 addresses and IPv6 subnets can be specified as shown below:</p> - + <example> Require ip 2001:db8::a00:20ff:fea7:ccea<br /> Require ip 2001:db8::a00:20ff:fea7:ccea/10 @@ -124,17 +124,17 @@ address)</description> <section id="reqhost"><title>Require host</title> <p>The <code>host</code> provider allows access to the server - to be controlled based on the host name of the remote client. - When <code>Require host <var>host-name</var></code> is specified, + to be controlled based on the host name of the remote client. + When <code>Require host <var>host-name</var></code> is specified, then the request is allowed access if the host name matches.</p> <p>A (partial) domain-name</p> - + <example> Require host example.org<br /> Require host .net example.edu </example> - + <p>Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match <code>foo.example.org</code> but it will not diff --git a/docs/manual/mod/mod_authz_owner.xml b/docs/manual/mod/mod_authz_owner.xml index 5b7abda039..2e91eb071f 100644 --- a/docs/manual/mod/mod_authz_owner.xml +++ b/docs/manual/mod/mod_authz_owner.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_authz_owner.xml.meta"> -<name>mod_authz_owner</name> +<name>mod_authz_owner</name> <description>Authorization based on file ownership</description> <status>Extension</status> <sourcefile>mod_authz_owner.c</sourcefile> diff --git a/docs/manual/mod/mod_authz_user.xml b/docs/manual/mod/mod_authz_user.xml index cad7e9bb5d..fea8c72d9b 100644 --- a/docs/manual/mod/mod_authz_user.xml +++ b/docs/manual/mod/mod_authz_user.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_authz_user.xml.meta"> -<name>mod_authz_user</name> +<name>mod_authz_user</name> <description>User Authorization</description> <status>Base</status> <sourcefile>mod_authz_user.c</sourcefile> diff --git a/docs/manual/mod/mod_autoindex.xml b/docs/manual/mod/mod_autoindex.xml index a4264f476f..806a959c23 100644 --- a/docs/manual/mod/mod_autoindex.xml +++ b/docs/manual/mod/mod_autoindex.xml @@ -552,7 +552,7 @@ a directory</description> </example> <note type="warning"><p> Review the default configuration for a list of - patterns that you might want to explicitly ignore after using this + patterns that you might want to explicitly ignore after using this directive.</p></note> </usage> </directivesynopsis> @@ -578,7 +578,7 @@ indexing</description> <dt><a name="indexoptions.addaltclass" id="indexoptions.addaltclass">AddAltClass</a></dt> <dd>Adds an additional CSS class declaration to each row of the - directory listing table when <code>IndexOptions HTMLTable</code> + directory listing table when <code>IndexOptions HTMLTable</code> is in effect and an <code>IndexStyleSheet</code> is defined. Rather than the standard <code>even</code> and <code>odd</code> classes that would otherwise be applied to each row of the table, @@ -656,7 +656,7 @@ indexing</description> HTTP Server 2.0.23 and later</em>)</dt> <dd>This option with <code>FancyIndexing</code> constructs - a simple table for the fancy directory listing. + a simple table for the fancy directory listing. It is necessary for utf-8 enabled platforms or if file names or description text will alternate between left-to-right and right-to-left reading order.</dd> @@ -979,7 +979,7 @@ Name|Date|Size|Description</syntax> <p>You can, if desired, prevent the client from reordering the list by also adding the <code><a - href="#indexoptions.suppresscolumnsorting">SuppressColumnSorting</a></code> + href="#indexoptions.suppresscolumnsorting">SuppressColumnSorting</a></code> index option to remove the sort link from the top of the column, along with the <code><a href="#indexoptions.ignoreclient">IgnoreClient</a></code> index diff --git a/docs/manual/mod/mod_buffer.xml b/docs/manual/mod/mod_buffer.xml index 4879033448..7bef039f7a 100644 --- a/docs/manual/mod/mod_buffer.xml +++ b/docs/manual/mod/mod_buffer.xml @@ -65,7 +65,7 @@ cause the request/response to be slower than not using a buffer at all. These filters should be used with care, and only where necessary.</note> - + </summary> <seealso><a href="../filter.html">Filters</a></seealso> diff --git a/docs/manual/mod/mod_cache.xml b/docs/manual/mod/mod_cache.xml index 943ef2f66e..afc2c2e6d2 100644 --- a/docs/manual/mod/mod_cache.xml +++ b/docs/manual/mod/mod_cache.xml @@ -31,12 +31,12 @@ <summary> <note type="warning">This module should be used with care, as when the <directive module="mod_cache">CacheQuickHandler</directive> directive is - in its default value of <strong>on</strong>, the <directive - module="mod_authz_host">Allow</directive> and <directive + in its default value of <strong>on</strong>, the <directive + module="mod_authz_host">Allow</directive> and <directive module="mod_authz_host">Deny</directive> directives will be circumvented. You should not enable quick handler caching for any content to which you wish to limit access by client host name, address or environment - variable.</note> + variable.</note> <p><module>mod_cache</module> implements an <a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> compliant @@ -228,11 +228,11 @@ <p>Under the default mode of cache operation, the cache runs as a quick handler, short circuiting the majority of server processing and offering the highest cache performance available.</p> - + <p>In this mode, the cache <strong>bolts onto</strong> the front of the server, acting as if a free standing RFC 2616 caching proxy had been placed in front of the server.</p> - + <p>While this mode offers the best performance, the administrator may find that under certain circumstances they may want to perform further processing on the request after the request is cached, such as to inject personalisation into the @@ -360,7 +360,7 @@ manager</description> before globally defined <directive>CacheEnable</directive> directives.</p> <p>When acting as a forward proxy server, <var>url-string</var> can - also be used to specify remote sites and proxy protocols which + also be used to specify remote sites and proxy protocols which caching should be enabled for.</p> <example> @@ -395,7 +395,7 @@ manager</description> CacheEnable disk http://.example.org/<br /> </example> - <p> The <code>no-cache</code> environment variable can be set to + <p> The <code>no-cache</code> environment variable can be set to disable caching on a finer grained set of resources in versions 2.2.12 and later.</p> @@ -432,7 +432,7 @@ manager</description> </Location><br /> </example> - <p>The <code>no-cache</code> environment variable can be set to + <p>The <code>no-cache</code> environment variable can be set to disable caching on a finer grained set of resources in versions 2.2.12 and later.</p> @@ -519,7 +519,7 @@ header.</description> <context>directory</context> <context>.htaccess</context> </contextlist> - + <usage> <p>Ordinarily, documents without a last-modified date are not cached. Under some circumstances the last-modified date is removed (during @@ -580,11 +580,11 @@ header.</description> <usage> <p>Ordinarily, requests with query string parameters are cached separately for each unique query string. This is according to RFC 2616/13.9 done only - if an expiration time is specified. The + if an expiration time is specified. The <directive>CacheIgnoreQueryString</directive> directive tells the cache to - cache requests even if no expiration time is specified, and to reply with + cache requests even if no expiration time is specified, and to reply with a cached reply even if the query string differs. From a caching point of - view the request is treated as if having no query string when this + view the request is treated as if having no query string when this directive is enabled.</p> <example> @@ -605,7 +605,7 @@ LastModified date.</description> <context>directory</context> <context>.htaccess</context> </contextlist> - + <usage> <p>In the event that a document does not provide an expiry date but does provide a last-modified date, an expiry date can be calculated based on @@ -830,7 +830,7 @@ LastModified date.</description> <usage> <p>The <directive>CacheLock</directive> directive enables the thundering herd lock for the given URL space.</p> - + <p>In a minimal configuration the following directive is all that is needed to enable the thundering herd lock in the default system temp directory.</p> @@ -849,7 +849,7 @@ LastModified date.</description> <default>CacheLockPath /tmp/mod_cache-lock</default> <contextlist><context>server config</context><context>virtual host</context> </contextlist> - + <usage> <p>The <directive>CacheLockPath</directive> directive allows you to specify the directory in which the locks are created. By default, the system's temporary @@ -867,16 +867,16 @@ LastModified date.</description> <default>CacheLockMaxAge 5</default> <contextlist><context>server config</context><context>virtual host</context> </contextlist> - + <usage> <p>The <directive>CacheLockMaxAge</directive> directive specifies the maximum age of any cache lock.</p> - + <p>A lock older than this value in seconds will be ignored, and the next incoming request will be given the opportunity to re-establish the lock. This mechanism prevents a slow client taking an excessively long time to refresh an entity.</p> - + </usage> </directivesynopsis> @@ -936,7 +936,7 @@ LastModified date.</description> <context>.htaccess</context> </contextlist> <compatibility>Available in Apache 2.3.9 and later</compatibility> - + <usage> <p>When the <directive module="mod_cache">CacheHeader</directive> directive is switched on, an <strong>X-Cache</strong> header will be added to the response @@ -978,17 +978,17 @@ LastModified date.</description> <context>.htaccess</context> </contextlist> <compatibility>Available in Apache 2.3.9 and later</compatibility> - + <usage> <p>When the <directive module="mod_cache">CacheDetailHeader</directive> directive is switched on, an <strong>X-Cache-Detail</strong> header will be added to the response containing the detailed reason for a particular caching decision.</p> - + <p>It can be useful during development of cached RESTful services to have additional information about the caching decision written to the response headers, so as to confirm whether <code>Cache-Control</code> and other headers have been correctly used by the service and client.</p> - + <p>If the normal handler is used, this directive may appear within a <directive module="core"><Directory></directive> or <directive module="core"><Location></directive> directive. If the quick handler diff --git a/docs/manual/mod/mod_cache_disk.xml b/docs/manual/mod/mod_cache_disk.xml index 03335a549a..b159c6ad1d 100644 --- a/docs/manual/mod/mod_cache_disk.xml +++ b/docs/manual/mod/mod_cache_disk.xml @@ -181,7 +181,7 @@ cache</description> <context>directory</context> <context>.htaccess</context> </contextlist> - + <usage> <p>The <directive>CacheMaxFileSize</directive> directive sets the maximum size, in bytes, for a document to be considered for storage in @@ -204,7 +204,7 @@ cache</description> <context>directory</context> <context>.htaccess</context> </contextlist> - + <usage> <p>The <directive>CacheReadSize</directive> directive sets the minimum amount of data, in bytes, to be read from the backend before the @@ -216,7 +216,7 @@ cache</description> <p>This directive only takes effect when the data is being saved to the cache, as opposed to data being served from the cache.</p> - + <example> CacheReadSize 102400 </example> @@ -256,5 +256,5 @@ cache</description> </example> </usage> </directivesynopsis> - + </modulesynopsis> diff --git a/docs/manual/mod/mod_cgi.xml b/docs/manual/mod/mod_cgi.xml index aa10027072..ac1f2f5948 100644 --- a/docs/manual/mod/mod_cgi.xml +++ b/docs/manual/mod/mod_cgi.xml @@ -46,7 +46,7 @@ <module>mod_cgid</module> should be used in place of this module. At the user level, the two modules are essentially identical.</p> - + <p>For backward-compatibility, the cgi-script handler will also be activated for any file with the mime-type <code>application/x-httpd-cgi</code>. The use of the magic mime-type is deprecated.</p> diff --git a/docs/manual/mod/mod_charset_lite.xml b/docs/manual/mod/mod_charset_lite.xml index 69d8a15cb7..0fdcf1bc0c 100644 --- a/docs/manual/mod/mod_charset_lite.xml +++ b/docs/manual/mod/mod_charset_lite.xml @@ -36,7 +36,7 @@ process locale to ISO-8859-1, but not the body of responses. In any environment, <module>mod_charset_lite</module> can be used to specify that response bodies should be translated. For example, - if files are stored in EBCDIC, then + if files are stored in EBCDIC, then <module>mod_charset_lite</module> can translate them to ISO-8859-1 before sending them to the client.</p> @@ -100,7 +100,7 @@ as a valid character set name by the character set support in <glossary>APR</glossary>. Generally, this means that it must be supported by iconv.</p> - + <example><title>Example</title> <Directory /export/home/trawick/apacheinst/htdocs/convert><br /> <indent> @@ -112,7 +112,7 @@ <p>The character set names in this example work with the iconv translation support in Solaris 8.</p> - + <note> Specifying the same charset for both <directive module="mod_charset_lite">CharsetSourceEnc</directive> and <directive module="mod_charset_lite">CharsetDefault</directive> disables translation. The charset diff --git a/docs/manual/mod/mod_data.xml b/docs/manual/mod/mod_data.xml index 0c2c490d36..6de297478e 100644 --- a/docs/manual/mod/mod_data.xml +++ b/docs/manual/mod/mod_data.xml @@ -62,7 +62,7 @@ </indent> </Location><br /> </example> - + </summary> <seealso><a href="../filter.html">Filters</a></seealso> diff --git a/docs/manual/mod/mod_dav.xml b/docs/manual/mod/mod_dav.xml index b598ba3056..ee56ec6b18 100644 --- a/docs/manual/mod/mod_dav.xml +++ b/docs/manual/mod/mod_dav.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_dav.xml.meta"> -<name>mod_dav</name> +<name>mod_dav</name> <description>Distributed Authoring and Versioning (<a href="http://www.webdav.org/">WebDAV</a>) functionality</description> <status>Extension</status> @@ -51,7 +51,7 @@ by the <module>mod_dav_fs</module> module. Therefore, that module must be compiled into the server or loaded at runtime using the <directive module="mod_so">LoadModule</directive> directive.</p> - + <p>In addition, a location for the DAV lock database must be specified in the global section of your <code>httpd.conf</code> file using the <directive module="mod_dav_fs">DavLockDB</directive> @@ -232,7 +232,7 @@ a DAV resource</description> </indent> </Location> </example> -</usage> +</usage> </directivesynopsis> <directivesynopsis> diff --git a/docs/manual/mod/mod_dav_fs.xml b/docs/manual/mod/mod_dav_fs.xml index 6fdfe1be39..84d10184d2 100644 --- a/docs/manual/mod/mod_dav_fs.xml +++ b/docs/manual/mod/mod_dav_fs.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_dav_fs.xml.meta"> -<name>mod_dav_fs</name> +<name>mod_dav_fs</name> <description>filesystem provider for <module>mod_dav</module></description> <status>Extension</status> <sourcefile>mod_dav_fs.c</sourcefile> diff --git a/docs/manual/mod/mod_dav_lock.xml b/docs/manual/mod/mod_dav_lock.xml index d1f0a9e86e..5caaaf76ae 100644 --- a/docs/manual/mod/mod_dav_lock.xml +++ b/docs/manual/mod/mod_dav_lock.xml @@ -22,7 +22,7 @@ <modulesynopsis metafile="mod_dav_lock.xml.meta"> -<name>mod_dav_lock</name> +<name>mod_dav_lock</name> <description>generic locking module for <module>mod_dav</module></description> <status>Extension</status> <sourcefile>mod_dav_lock.c</sourcefile> diff --git a/docs/manual/mod/mod_dbd.xml b/docs/manual/mod/mod_dbd.xml index 7144a1fcef..3021e29883 100644 --- a/docs/manual/mod/mod_dbd.xml +++ b/docs/manual/mod/mod_dbd.xml @@ -183,9 +183,9 @@ APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const c <dt>FreeTDS (for MSSQL and SyBase)</dt> <dd>username, password, appname, dbname, host, charset, lang, server</dd> <dt>MySQL</dt> - <dd>host, port, user, pass, dbname, sock, flags, fldsz, group, reconnect</dd> + <dd>host, port, user, pass, dbname, sock, flags, fldsz, group, reconnect</dd> <dt>Oracle</dt> - <dd>user, pass, dbname, server</dd> + <dd>user, pass, dbname, server</dd> <dt>PostgreSQL</dt> <dd>The connection string is passed straight through to <code>PQconnectdb</code></dd> <dt>SQLite2</dt> diff --git a/docs/manual/mod/mod_deflate.xml b/docs/manual/mod/mod_deflate.xml index 2473be0d8b..0eb3637c59 100644 --- a/docs/manual/mod/mod_deflate.xml +++ b/docs/manual/mod/mod_deflate.xml @@ -93,7 +93,7 @@ client</description> <code>1</code> to only allow html files to be compressed (see below). If you set this to <em>anything but <code>1</code></em> it will be ignored.</p> - + <p>If you want to restrict the compression to particular MIME types in general, you may use the <directive module="mod_filter" >AddOutputFilterByType</directive> directive. Here is an example of @@ -171,7 +171,7 @@ client</description> <p>This Example will uncompress gzip'ed output from example.com, so other filters can do further processing with it. </p> - + </section> <section id="input"><title>Input Decompression</title> <p>The <module>mod_deflate</module> module also provides a filter for @@ -188,7 +188,7 @@ client</description> </indent> </Location> </example> - + <p>Now if a request contains a <code>Content-Encoding: gzip</code> header, the body will be automatically decompressed. Few browsers have the ability to gzip request bodies. However, @@ -216,7 +216,7 @@ client</description> not understand it.</p> <p>If you use some special exclusions dependent - on, for example, the <code>User-Agent</code> header, you must + on, for example, the <code>User-Agent</code> header, you must manually configure an addition to the <code>Vary</code> header to alert proxies of the additional restrictions. For example, in a typical configuration where the addition of the <code>DEFLATE</code> @@ -225,7 +225,7 @@ client</description> <example> Header append Vary User-Agent </example> - + <p>If your decision about compression depends on other information than request headers (<em>e.g.</em> HTTP version), you have to set the <code>Vary</code> header to the value <code>*</code>. This prevents @@ -347,7 +347,7 @@ client</description> <usage> <p>The <directive>DeflateCompressionLevel</directive> directive specifies - what level of compression should be used, the higher the value, + what level of compression should be used, the higher the value, the better the compression, but the more CPU time is required to achieve this.</p> <p>The value must between 1 (less compression) and 9 (more compression).</p> diff --git a/docs/manual/mod/mod_dialup.xml b/docs/manual/mod/mod_dialup.xml index b5e9600df3..5b5b5743c5 100644 --- a/docs/manual/mod/mod_dialup.xml +++ b/docs/manual/mod/mod_dialup.xml @@ -1,13 +1,13 @@ -<?xml version="1.0"?> +<?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> +<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> <!-- $LastChangedRevision$ --> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 + The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at @@ -24,7 +24,7 @@ The sequence of tags is important and must be followed in order for the document to validate. --> -<modulesynopsis metafile="mod_dialup.xml.meta"> +<modulesynopsis metafile="mod_dialup.xml.meta"> <name>mod_dialup</name> <description>Send static content at a bandwidth rate limit, defined by the various old modem standards</description> <status>Experimental</status> @@ -33,7 +33,7 @@ the document to validate. --> <summary> <p>It is a module that sends static content at a bandwidth rate limit, defined -by the various old modem standards. So, you can browse your site with a 56k +by the various old modem standards. So, you can browse your site with a 56k V.92 modem, by adding something like this:</p> <example> @@ -43,9 +43,9 @@ ModemStandard V.92<br /> </example> <p>Previously to do bandwidth rate limiting modules would have to block an entire -thread, for each client, and insert sleeps to slow the bandwidth down. -Using the new suspend feature, a handler can get callback N milliseconds in -the future, and it will be invoked by the Event MPM on a different thread, +thread, for each client, and insert sleeps to slow the bandwidth down. +Using the new suspend feature, a handler can get callback N milliseconds in +the future, and it will be invoked by the Event MPM on a different thread, once the timer hits. From there the handler can continue to send data to the client.</p> </summary> diff --git a/docs/manual/mod/mod_dir.xml b/docs/manual/mod/mod_dir.xml index c7c9da7467..c9d7c3a1dd 100644 --- a/docs/manual/mod/mod_dir.xml +++ b/docs/manual/mod/mod_dir.xml @@ -43,7 +43,7 @@ </ul> <p>The two functions are separated so that you can completely remove (or replace) automatic index generation should you want - to.</p> + to.</p> <p>A "trailing slash" redirect is issued when the server receives a request for a URL @@ -95,7 +95,7 @@ a directory</description> executed if neither <code>index.html</code> or <code>index.txt</code> existed in a directory.</p> - <p>A single argument of "disabled" prevents <module>mod_dir</module> from + <p>A single argument of "disabled" prevents <module>mod_dir</module> from searching for an index. An argument of "disabled" will be interpeted literally if it has any arguments before or after it, even if they are "disabled" as well.</p> @@ -107,7 +107,7 @@ a directory</description> <name>DirectoryIndexRedirect</name> <description>Configures an external redirect for directory indexes. </description> -<syntax>DirectoryIndexRedirect on | off | permanent | temp | seeother | +<syntax>DirectoryIndexRedirect on | off | permanent | temp | seeother | <var>3xx-code</var> </syntax> <default>DirectoryIndexRedirect off</default> @@ -128,7 +128,7 @@ a directory</description> <p>A request for <code>http://example.com/docs/</code> would return a temporary redirect to <code - >http://example.com/docs/index.html</code> + >http://example.com/docs/index.html</code> if it exists.</p> </usage> diff --git a/docs/manual/mod/mod_dumpio.xml b/docs/manual/mod/mod_dumpio.xml index 9d14c8eca3..362fe7a23f 100644 --- a/docs/manual/mod/mod_dumpio.xml +++ b/docs/manual/mod/mod_dumpio.xml @@ -62,7 +62,7 @@ <syntax>DumpIOInput On|Off</syntax> <default>DumpIOInput Off</default> <contextlist><context>server config</context></contextlist> -<compatibility>DumpIOInput is only available in Apache 2.1.3 and +<compatibility>DumpIOInput is only available in Apache 2.1.3 and later.</compatibility> <usage> @@ -82,7 +82,7 @@ later.</compatibility> <syntax>DumpIOOutput On|Off</syntax> <default>DumpIOOutput Off</default> <contextlist><context>server config</context></contextlist> -<compatibility>DumpIOOutput is only available in Apache 2.1.3 and +<compatibility>DumpIOOutput is only available in Apache 2.1.3 and later.</compatibility> <usage> diff --git a/docs/manual/mod/mod_echo.xml b/docs/manual/mod/mod_echo.xml index ef15bfc0d4..46c6975772 100644 --- a/docs/manual/mod/mod_echo.xml +++ b/docs/manual/mod/mod_echo.xml @@ -23,7 +23,7 @@ <modulesynopsis metafile="mod_echo.xml.meta"> <name>mod_echo</name> -<description>A simple echo server to illustrate protocol +<description>A simple echo server to illustrate protocol modules</description> <status>Experimental</status> <sourcefile>mod_echo.c</sourcefile> diff --git a/docs/manual/mod/mod_env.xml b/docs/manual/mod/mod_env.xml index 97bac32d8e..7a48c9061f 100644 --- a/docs/manual/mod/mod_env.xml +++ b/docs/manual/mod/mod_env.xml @@ -32,8 +32,8 @@ SSI pages</description> <p>This module allows for control of internal environment variables that are used by various Apache HTTP Server modules. These variables are also provided to CGI scripts as native system environment variables, and available - for use in SSI pages. Environment variables may be passed from the shell - which invoked the <program>httpd</program> process. Alternatively, + for use in SSI pages. Environment variables may be passed from the shell + which invoked the <program>httpd</program> process. Alternatively, environment variables may be set or unset within the configuration process.</p> </summary> <seealso><a href="../env.html">Environment Variables</a></seealso> @@ -51,8 +51,8 @@ SSI pages</description> <usage> <p>Specifies one or more native system environment variables to make available as internal environment variables, which are available to Apache HTTP Server modules - as well as propogated to CGI scripts and SSI pages. Values come from the - native OS environment of the shell which invoked the + as well as propogated to CGI scripts and SSI pages. Values come from the + native OS environment of the shell which invoked the <program>httpd</program> process.</p> <example><title>Example</title> @@ -70,7 +70,7 @@ SSI pages</description> <override>FileInfo</override> <usage> - <p>Sets an internal environment variable, which is then available to Apache + <p>Sets an internal environment variable, which is then available to Apache HTTP Server modules, and passed on to CGI scripts and SSI pages.</p> <example><title>Example</title> @@ -81,11 +81,11 @@ SSI pages</description> <em>after</em> most early request processing directives are run, such as access control and URI-to-filename mapping. If the environment variable you're setting is meant as input into this early phase of processing such as the - <directive module="mod_rewrite">RewriteRule</directive> directive, you should + <directive module="mod_rewrite">RewriteRule</directive> directive, you should instead set the environment variable with <directive module="mod_setenvif"> SetEnvIf</directive>.</p> </note> - + </usage> <seealso><a href="../env.html">Environment Variables</a></seealso> </directivesynopsis> diff --git a/docs/manual/mod/mod_expires.xml b/docs/manual/mod/mod_expires.xml index cb63bfd4a5..514f76781d 100644 --- a/docs/manual/mod/mod_expires.xml +++ b/docs/manual/mod/mod_expires.xml @@ -43,7 +43,7 @@ criteria</description> be fetched from the cache rather than from the source until this time has passed. After that, the cache copy is considered "expired" and invalid, and a new copy must be obtained from the - source.</p> + source.</p> <p>To modify <code>Cache-Control</code> directives other than <code>max-age</code> (see <a @@ -52,7 +52,7 @@ criteria</description> module="mod_headers">Header</directive> directive.</p> <p> When the <code>Expires</code> header is already part of the response - generated by the server, for example when generated by a CGI script or + generated by the server, for example when generated by a CGI script or proxied from an origin server, this module does not change or add an <code>Expires</code> or <code>Cache-Control</code> header.</p> </summary> @@ -151,7 +151,7 @@ headers</description> generated. If the criteria aren't met, no header will be sent, and the effect will be as though this directive wasn't even specified.</p> - </usage> + </usage> </directivesynopsis> <directivesynopsis> diff --git a/docs/manual/mod/mod_ext_filter.xml b/docs/manual/mod/mod_ext_filter.xml index 1d0e206593..8a1ea12377 100644 --- a/docs/manual/mod/mod_ext_filter.xml +++ b/docs/manual/mod/mod_ext_filter.xml @@ -242,7 +242,7 @@ delivery to the client</description> escape blanks which should be part of a program argument. Any backslashes which are part of the argument must be escaped with backslash themselves. In addition to the standard CGI environment - variables, DOCUMENT_URI, DOCUMENT_PATH_INFO, and + variables, DOCUMENT_URI, DOCUMENT_PATH_INFO, and QUERY_STRING_UNESCAPED will also be set for the program.</dd> <dt><code>mode=<var>mode</var></code></dt> diff --git a/docs/manual/mod/mod_file_cache.xml b/docs/manual/mod/mod_file_cache.xml index b279cb5372..d5d10c899b 100644 --- a/docs/manual/mod/mod_file_cache.xml +++ b/docs/manual/mod/mod_file_cache.xml @@ -124,7 +124,7 @@ <note><title>Note</title> <p>Don't bother asking for a directive which recursively - caches all the files in a directory. Try this instead... See the + caches all the files in a directory. Try this instead... See the <directive module="core">Include</directive> directive, and consider this command:</p> diff --git a/docs/manual/mod/mod_headers.xml b/docs/manual/mod/mod_headers.xml index 2f6b9e18d6..837573939b 100644 --- a/docs/manual/mod/mod_headers.xml +++ b/docs/manual/mod/mod_headers.xml @@ -313,25 +313,25 @@ headers</description> components of the server may have stored their response headers in either the table that corresponds to <code>onsuccess</code> or the table that corresponds to <code>always</code>. "Always" in this context refers to - whether headers you add will be sent during both a successful and unsucessful + whether headers you add will be sent during both a successful and unsucessful response, but if your action is a function of an existing header, you will have to read on for further complications.</p> - <p> The default value of <code>onsuccess</code> may need to be changed to + <p> The default value of <code>onsuccess</code> may need to be changed to <code>always</code> under the circumstances similar to those listed below. Note also that repeating this directive with both conditions makes sense in - some scenarios because <code>always</code> is not a superset of + some scenarios because <code>always</code> is not a superset of <code>onsuccess</code> with respect to existing headers:</p> <ul> - <li> You're adding a header to a non-success (non-2xx) response, such - as a redirect, in which case only the table corresponding to + <li> You're adding a header to a non-success (non-2xx) response, such + as a redirect, in which case only the table corresponding to <code>always</code> is used in the ultimate response.</li> <li> You're modifying or removing a header generated by a CGI script, - in which case the CGI scripts are in the table corresponding to + in which case the CGI scripts are in the table corresponding to <code>always</code> and not in the default table.</li> - <li> You're modifying or removing a header generated by some piece of - the server but that header is not being found by the default + <li> You're modifying or removing a header generated by some piece of + the server but that header is not being found by the default <code>onsuccess</code> condition.</li> </ul> diff --git a/docs/manual/mod/mod_heartbeat.xml b/docs/manual/mod/mod_heartbeat.xml index 3a488d0879..d1485fc90b 100644 --- a/docs/manual/mod/mod_heartbeat.xml +++ b/docs/manual/mod/mod_heartbeat.xml @@ -41,7 +41,7 @@ <usage> <note><!-- FIXME: -->This document is still under development.</note> -</usage> +</usage> </directivesynopsis> </modulesynopsis> diff --git a/docs/manual/mod/mod_heartmonitor.xml b/docs/manual/mod/mod_heartmonitor.xml index a0c81ded66..6ba3380a64 100644 --- a/docs/manual/mod/mod_heartmonitor.xml +++ b/docs/manual/mod/mod_heartmonitor.xml @@ -41,7 +41,7 @@ <usage> <note><!-- FIXME: -->This document is still under development.</note> -</usage> +</usage> </directivesynopsis> <directivesynopsis> @@ -53,7 +53,7 @@ <usage> <note><!-- FIXME: -->This document is still under development.</note> -</usage> +</usage> </directivesynopsis> </modulesynopsis> diff --git a/docs/manual/mod/mod_imagemap.xml b/docs/manual/mod/mod_imagemap.xml index bedc73f204..fab7a715d4 100644 --- a/docs/manual/mod/mod_imagemap.xml +++ b/docs/manual/mod/mod_imagemap.xml @@ -32,7 +32,7 @@ <p>This module processes <code>.map</code> files, thereby replacing the functionality of the <code>imagemap</code> CGI program. Any directory or document type configured to use the - handler <code>imap-file</code> (using either + handler <code>imap-file</code> (using either <directive module="mod_mime">AddHandler</directive> or <directive module="core">SetHandler</directive>) will be processed by this module.</p> diff --git a/docs/manual/mod/mod_include.xml b/docs/manual/mod/mod_include.xml index 4dd0ac70b9..7bf6c63bdd 100644 --- a/docs/manual/mod/mod_include.xml +++ b/docs/manual/mod/mod_include.xml @@ -174,7 +174,7 @@ >SSIUndefinedEcho</directive> directive. Any dates printed are subject to the currently configured <code>timefmt</code>.</p> - <p>Attributes:</p> + <p>Attributes:</p> <dl> <dt><code>var</code></dt> @@ -197,7 +197,7 @@ <p>The <code>decoding</code> attribute must <em>precede</em> the corresponding <code>var</code> attribute to be effective.</p> </dd> - + <dt><code>encoding</code></dt> <dd><p>Specifies how Apache should encode special characters contained in the variable before outputting them. If set @@ -434,7 +434,7 @@ <em>precede</em> the corresponding <code>var</code> attribute to be effective.</p> </dd> - + <dt><code>encoding</code></dt> <dd><p>Specifies how Apache should encode special characters contained in the variable before setting them. The default is @@ -631,7 +631,7 @@ <dt><code><var>string1</var> = <var>string2</var><br /> <var>string1</var> == <var>string2</var><br /> <var>string1</var> != <var>string2</var></code></dt> - + <dd><p>Compare <var>string1</var> with <var>string2</var>. If <var>string2</var> has the form <code>/<var>string2</var>/</code> then it is treated as a regular expression. Regular expressions are @@ -737,7 +737,7 @@ parsed expression tokenizer information, the parse tree and how it is evaluated into the output sent to the client.</p> </note> - + <note><title>Escaping slashes in regex strings</title> <p>All slashes which are not intended to act as delimiters in your regex must be escaped. This is regardless of their meaning to the regex engine.</p> @@ -829,7 +829,7 @@ directive]"</default> <p>You may want to use this option if you have 2 servers parsing the output of a file each processing different commands (possibly at - different times).</p> + different times).</p> <example><title>Example</title> SSIStartTag "<%"<br /> @@ -837,8 +837,8 @@ directive]"</default> </example> <p>The example given above, which also specifies a matching - <directive module="mod_include">SSIEndTag</directive>, will - allow you to use SSI directives as shown in the example + <directive module="mod_include">SSIEndTag</directive>, will + allow you to use SSI directives as shown in the example below:</p> <example><title>SSI directives with alternate start and end tags</title> @@ -861,7 +861,7 @@ displayed</description> <compatibility>Available in version 2.0.30 and later.</compatibility> <usage> -<p>This directive changes the format in which date strings are displayed +<p>This directive changes the format in which date strings are displayed when echoing <code>DATE</code> environment variables. The <var>formatstring</var> is as in <code>strftime(3)</code> from the C standard library.</p> @@ -972,23 +972,23 @@ server.</description> if already present, or set if the header is not already present. This can be used to enable caching of the output. <directive>SSILastModified</directive> can take on the following values:</p> - + <dl> - + <dt><code>off</code></dt> <dd>The <code>Last-Modified</code> header will be stripped from responses, unless the <directive module="mod_include">XBitHack</directive> directive is set to <code>full</code> as described below.</dd> - + <dt><code>on</code></dt> <dd>The <code>Last-Modified</code> header will be respected if already present in a response, and added to the response if the response is a file and the header is missing. The <directive module="mod_include">SSILastModified</directive> directive takes precedence over <directive module="mod_include">XBitHack</directive>.</dd> - + </dl> - + </usage> </directivesynopsis> @@ -1005,7 +1005,7 @@ server.</description> new <a href="../expr.html">ap_expr</a> syntax for conditional expressions in <code>#if</code> flow control elements. This directive allows to switch to the <a href="#legacyexpr">old syntax</a> which is compatible - with Apache HTTPD version 2.2.x and earlier. + with Apache HTTPD version 2.2.x and earlier. </p> </usage> </directivesynopsis> @@ -1040,14 +1040,14 @@ set</description> returned file to be the last modified time of the file. If it is not set, then no last-modified date is sent. Setting this bit allows clients and proxies to cache the result of - the request. + the request. <note><title>Note</title> <p>You would not want to use the full option, unless you assure the group-execute bit is unset for every SSI script which might <code >#include</code> a CGI or otherwise produces different output on each hit (or could potentially change on subsequent requests).</p> - + <p>The <directive module="mod_include">SSILastModified</directive> directive takes precedence over the <directive module="mod_include">XBitHack</directive> directive when diff --git a/docs/manual/mod/mod_info.xml b/docs/manual/mod/mod_info.xml index 4bd6037bc9..0bfd6d645b 100644 --- a/docs/manual/mod/mod_info.xml +++ b/docs/manual/mod/mod_info.xml @@ -72,9 +72,9 @@ configuration</description> this module should <strong>only</strong> be used in a controlled environment and always with caution.</p> - <p>You will probably want to use <module>mod_authz_host</module> + <p>You will probably want to use <module>mod_authz_host</module> to limit access to your server configuration information.</p> - + <example><title>Access control</title> <Location /server-info><br /> <indent> @@ -95,12 +95,12 @@ configuration</description> the directives understood by that module, the hooks implemented by that module, and the relevant directives from the current configuration.</p> - + <p>Other views of the configuration information are available by appending a query to the <code>server-info</code> request. For example, <code>http://your.host.example.com/server-info?config</code> will show all configuration directives.</p> - + <dl> <dt><code>?<module-name></code></dt> <dd>Only information relevant to the named module</dd> diff --git a/docs/manual/mod/mod_lbmethod_byrequests.xml b/docs/manual/mod/mod_lbmethod_byrequests.xml index 10cb7f806e..a9a718153b 100644 --- a/docs/manual/mod/mod_lbmethod_byrequests.xml +++ b/docs/manual/mod/mod_lbmethod_byrequests.xml @@ -76,7 +76,7 @@ candidate lbstatus -= total factor</code></pre> </example> <p>If a balancer is configured as follows:</p> - + <table style="data"> <tr><th>worker</th> <th>a</th> diff --git a/docs/manual/mod/mod_lbmethod_bytraffic.xml b/docs/manual/mod/mod_lbmethod_bytraffic.xml index 989328b9c2..ddf982dbba 100644 --- a/docs/manual/mod/mod_lbmethod_bytraffic.xml +++ b/docs/manual/mod/mod_lbmethod_bytraffic.xml @@ -52,7 +52,7 @@ provides the <code>bytraffic</code> load balancing method..</p> or produced.</p> <p>If a balancer is configured as follows:</p> - + <table style="data"> <tr><th>worker</th> <th>a</th> diff --git a/docs/manual/mod/mod_lbmethod_heartbeat.xml b/docs/manual/mod/mod_lbmethod_heartbeat.xml index 71eaf16624..7e831c55e5 100644 --- a/docs/manual/mod/mod_lbmethod_heartbeat.xml +++ b/docs/manual/mod/mod_lbmethod_heartbeat.xml @@ -46,7 +46,7 @@ <usage> <note><!-- FIXME: -->This document is still under development.</note> -</usage> +</usage> </directivesynopsis> </modulesynopsis> diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml index 323e17eea2..7d850fb4c3 100644 --- a/docs/manual/mod/mod_ldap.xml +++ b/docs/manual/mod/mod_ldap.xml @@ -203,7 +203,7 @@ by other LDAP modules</description> <section id="usingssltls"><title>Using SSL/TLS</title> - <p>The ability to create an SSL and TLS connections to an LDAP server + <p>The ability to create an SSL and TLS connections to an LDAP server is defined by the directives <directive module="mod_ldap"> LDAPTrustedGlobalCert</directive>, <directive module="mod_ldap"> LDAPTrustedClientCert</directive> and <directive module="mod_ldap"> @@ -350,8 +350,8 @@ by other LDAP modules</description> binary DER or Base64 (PEM) encoded files.</p> <p>Both CA and client certificates may be specified globally - (LDAPTrustedGlobalCert) or per-connection (LDAPTrustedClientCert). - When any settings are specified per-connection, the global + (LDAPTrustedGlobalCert) or per-connection (LDAPTrustedClientCert). + When any settings are specified per-connection, the global settings are superceded.</p> <p>The documentation for the SDK claims to support both SSL and @@ -472,7 +472,7 @@ by other LDAP modules</description> <directivesynopsis> <name>LDAPOpCacheEntries</name> -<description>Number of entries used to cache LDAP compare +<description>Number of entries used to cache LDAP compare operations</description> <syntax>LDAPOpCacheEntries <var>number</var></syntax> <default>LDAPOpCacheEntries 1024</default> @@ -533,7 +533,7 @@ valid</description> <code>LDAPReferralHopLimit</code> works in conjunction with this directive to limit the number of referral hops to follow before terminating the LDAP query. When referral processing is enabled client credentials will be provided, via a rebind callback, for any LDAP server - requiring them. </p> + requiring them. </p> </usage> </directivesynopsis> @@ -643,17 +643,17 @@ connection client certificates.</description> typically controls how long the LDAP client library will wait for the TCP connection to the LDAP server to complete.</p> - <p> If a connection is not successful with the timeout period, either an error will be - returned or the LDAP client library will attempt to connect to a secondary LDAP - server if one is specified (via a space-separated list of hostnames in the + <p> If a connection is not successful with the timeout period, either an error will be + returned or the LDAP client library will attempt to connect to a secondary LDAP + server if one is specified (via a space-separated list of hostnames in the <directive module="mod_ldap">AuthLDAPURL</directive>).</p> - <p>The default is 10 seconds, if the LDAP client library linked with the + <p>The default is 10 seconds, if the LDAP client library linked with the server supports the LDAP_OPT_NETWORK_TIMEOUT option.</p> <note>LDAPConnectionTimeout is only available when the LDAP client library linked - with the server supports the LDAP_OPT_NETWORK_TIMEOUT - (or LDAP_OPT_CONNECT_TIMEOUT) option, and the ultimate behavior is + with the server supports the LDAP_OPT_NETWORK_TIMEOUT + (or LDAP_OPT_CONNECT_TIMEOUT) option, and the ultimate behavior is dictated entirely by the LDAP client library. </note> </usage> @@ -691,8 +691,8 @@ connection client certificates.</description> <contextlist><context>server config</context></contextlist> <usage> - <p>Specifies whether to force the verification of a - server certificate when establishing an SSL connection to the + <p>Specifies whether to force the verification of a + server certificate when establishing an SSL connection to the LDAP server.</p> </usage> </directivesynopsis> @@ -708,11 +708,11 @@ connection client certificates.</description> <usage> <p>Specifies the maximum age, in seconds, that a pooled LDAP connection can remain idle - and still be available for use. Connections are cleaned up when they are next needed, + and still be available for use. Connections are cleaned up when they are next needed, not asynchronously.</p> - <p>A setting of 0 causes connections to never be saved in the backend - connection pool. The default value of -1, and any other negative value, + <p>A setting of 0 causes connections to never be saved in the backend + connection pool. The default value of -1, and any other negative value, allows connections of any age to be reused.</p> <note><p>This timeout defaults to units of seconds, but accepts @@ -730,22 +730,22 @@ connection client certificates.</description> <contextlist><context>server config</context></contextlist> <usage> - <p>Turns on SDK-specific LDAP debug options that generally cause the LDAP - SDK to log verbose trace information to the main Apache error log. + <p>Turns on SDK-specific LDAP debug options that generally cause the LDAP + SDK to log verbose trace information to the main Apache error log. The trace messages from the LDAP SDK provide gory details that can be useful during debugging of connectivity problems with backend LDAP servers</p> - <p>This option is only configurable when Apache HTTP Server is linked with - an LDAP SDK that implements <code>LDAP_OPT_DEBUG</code> or - <code>LDAP_OPT_DEBUG_LEVEL</code>, such as OpenLDAP (a value of 7 is verbose) + <p>This option is only configurable when Apache HTTP Server is linked with + an LDAP SDK that implements <code>LDAP_OPT_DEBUG</code> or + <code>LDAP_OPT_DEBUG_LEVEL</code>, such as OpenLDAP (a value of 7 is verbose) or Tivoli Directory Server (a value of 65535 is verbose).</p> <note type="warning"> - <p>The logged information will likely contain plaintext credentials being used or + <p>The logged information will likely contain plaintext credentials being used or validated by LDAP authentication, so care should be taken in protecting and purging the error log when this directive is used.</p> </note> - + </usage> </directivesynopsis> diff --git a/docs/manual/mod/mod_log_config.xml b/docs/manual/mod/mod_log_config.xml index ed7d15aa00..136f9dcd42 100644 --- a/docs/manual/mod/mod_log_config.xml +++ b/docs/manual/mod/mod_log_config.xml @@ -151,9 +151,9 @@ <td>The process ID of the child that serviced the request.</td></tr> <tr><td><code>%{<var>format</var>}P</code></td> - <td>The process ID or thread ID of the child that serviced the + <td>The process ID or thread ID of the child that serviced the request. Valid formats are <code>pid</code>, <code>tid</code>, - and <code>hextid</code>. <code>hextid</code> requires APR 1.2.0 or + and <code>hextid</code>. <code>hextid</code> requires APR 1.2.0 or higher. </td></tr> @@ -173,7 +173,7 @@ for the final status.</td></tr> <tr><td><code>%t</code></td> - <td>Time the request was received, in the format <code>[18/Sep/2011:19:18:28 -0400]</code>. + <td>Time the request was received, in the format <code>[18/Sep/2011:19:18:28 -0400]</code>. The last number indicates the timezone offset from GMT</td></tr> <tr><td><code>%{<var>format</var>}t</code></td> @@ -248,7 +248,7 @@ comma-separated list of status codes immediately following the "%". The status code list may be peceded by a "<code>!</code>" to indicate negation.</p> - + <table border="1" style="zebra"> <columnspec><column width=".2"/><column width=".8"/></columnspec> @@ -260,9 +260,9 @@ <td>Logs <code>User-agent</code> on 400 errors and 501 errors only. For other status codes, the literal string <code>"-"</code> will be logged.</td></tr> - + <tr><td><code>%!200,304,302{Referer}i</code></td> - <td>Logs <code>Referer</code> on all requests that do + <td>Logs <code>Referer</code> on all requests that do <em>not</em> return one of the three specified codes, "<code>-</code>" otherwise. </td></tr> @@ -415,7 +415,7 @@ <note type="warning"><title>Note</title> <p>When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform - may allow the use of back slashes. In general it is a good idea to always + may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.</p> </note></dd> </dl> @@ -452,7 +452,7 @@ example, if you want to record requests for all GIF images on your server in a separate logfile but not in your main log, you can use:</p> - + <example> SetEnvIf Request_URI \.gif$ gif-image<br /> CustomLog gif-requests.log common env=gif-image<br /> @@ -493,7 +493,7 @@ previous <directive>LogFormat</directive> directive as described below.</p> - <p>The second form of the <directive>LogFormat</directive> + <p>The second form of the <directive>LogFormat</directive> directive associates an explicit <var>format</var> with a <var>nickname</var>. This <var>nickname</var> can then be used in subsequent <directive>LogFormat</directive> or diff --git a/docs/manual/mod/mod_log_forensic.xml b/docs/manual/mod/mod_log_forensic.xml index ad5831c7a9..ab9ac6d69a 100644 --- a/docs/manual/mod/mod_log_forensic.xml +++ b/docs/manual/mod/mod_log_forensic.xml @@ -136,7 +136,7 @@ version 2.1</compatibility> <note><title>Note</title> <p>When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashes are used even though the platform - may allow the use of back slashes. In general it is a good idea to always + may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.</p> </note></dd> </dl> diff --git a/docs/manual/mod/mod_lua.xml b/docs/manual/mod/mod_lua.xml index d8682111bf..ef02cc2069 100644 --- a/docs/manual/mod/mod_lua.xml +++ b/docs/manual/mod/mod_lua.xml @@ -32,14 +32,14 @@ request processing</description> <compatibility>2.3 and later</compatibility> <summary> -<p>This module allows the server to be extended with scripts written in the +<p>This module allows the server to be extended with scripts written in the Lua programming language. The extension points (hooks) available with <module>mod_lua</module> include many of the hooks available to natively compiled Apache HTTP Server modules, such as mapping requests to -files, generating dynamic responses, access control, authentication, and +files, generating dynamic responses, access control, authentication, and authorization</p> -<p>More information on the Lua programming language can be found at the +<p>More information on the Lua programming language can be found at the <a href="http://www.lua.org/">the Lua website</a>.</p> <note><code>mod_lua</code> is still in experimental state. @@ -77,8 +77,8 @@ ending in <code>.lua</code> by invoking that file's <section id="writinghandlers"><title>Writing Handlers</title> <p> In the Apache HTTP Server API, the handler is a specific kind of hook -responsible for generating the response. Examples of modules that include a -handler are <module>mod_proxy</module>, <module>mod_cgi</module>, +responsible for generating the response. Examples of modules that include a +handler are <module>mod_proxy</module>, <module>mod_cgi</module>, and <module>mod_status</module>.</p> <p><code>mod_lua</code> always looks to invoke a Lua function for the handler, rather than @@ -90,9 +90,9 @@ something like this:</p> require "string" ---[[ - This is the default method name for Lua handlers, see the optional - function-name in the LuaMapHandler directive to choose a different +--[[ + This is the default method name for Lua handlers, see the optional + function-name in the LuaMapHandler directive to choose a different entry point. --]] function handle(r) @@ -109,7 +109,7 @@ function handle(r) end else r:puts("unknown HTTP method " .. r.method) - end + end end </pre></example> @@ -128,8 +128,8 @@ handlers (or hooks, or filters) in the same script. <section id="writinghooks"><title>Writing Hooks</title> <p>Hook functions are how modules (and Lua scripts) participate in the -processing of requests. Each type of hook exposed by the server exists for -a specific purposes such as mapping requests to the filesystem, +processing of requests. Each type of hook exposed by the server exists for +a specific purposes such as mapping requests to the filesystem, performing access control, or setting mimetypes. General purpose hooks that simply run at handy times in the request lifecycle exist as well.</p> @@ -158,7 +158,7 @@ end --[[ example hook that rewrites one URI to another URI. It returns a apache2.DECLINED to give other URL mappers a chance to work on the substitution, including the core translate_name hook which maps based - on the DocumentRoot. + on the DocumentRoot. Note: It is currently undefined as to whether this runs before or after mod_alias. @@ -183,7 +183,7 @@ end <dd> <p>The request_rec is mapped in as a userdata. It has a metatable which lets you do useful things with it. For the most part it - has the same fields as the request_rec struct (see httpd.h + has the same fields as the request_rec struct (see httpd.h until we get better docs here) many of which are writeable as well as readable. (The table fields' content can be changed, but the fields themselves cannot be set to different tables.)</p> @@ -314,7 +314,7 @@ end <example> r:addoutputfilter(name|function) -- add an output filter </example> - + <example> r:parseargs() -- returns a lua table containing the request's query string arguments @@ -334,7 +334,7 @@ end </example> </dd> </dl> - + </section> <section id="logging"><title>Logging Functions</title> @@ -403,16 +403,16 @@ end <usage> <p>Specify the lifecycle scope of the Lua interpreter which will be used by handlers in this "Directory." The default is "once"</p> - + <dl> <dt>once:</dt> <dd>use the interpreter once and throw it away.</dd> - - <dt>request:</dt> <dd>use the interpreter to handle anything based on - the same file within this request, which is also + + <dt>request:</dt> <dd>use the interpreter to handle anything based on + the same file within this request, which is also request scoped.</dd> - + <dt>conn:</dt> <dd>Same as request but attached to the connection_rec</dd> - + <dt>server:</dt> <dd>This one is different than others because the server scope is quite long lived, and multiple threads will have the same server_rec. To accommodate this @@ -445,7 +445,7 @@ end to the file /scripts/photos.lua and invoke the handler function handle_show on the lua vm after loading that file.</p> - + <example> LuaMapHandler /bingo /scripts/wombat.lua </example> @@ -464,9 +464,9 @@ end </contextlist> <override>All</override> <usage><p>Add a path to lua's module search path. Follows the same - conventions as lua. This just munges the package.path in the + conventions as lua. This just munges the package.path in the lua vms.</p> - + <example><title>Examples:</title> LuaPackagePath /scripts/lib/?.lua<br /> LuaPackagePath /scripts/lib/?/init.lua @@ -485,9 +485,9 @@ end <usage> <p>Add a path to lua's shared library search path. Follows the same - conventions as lua. This just munges the package.cpath in the + conventions as lua. This just munges the package.cpath in the lua vms.</p> - + </usage> </directivesynopsis> @@ -507,12 +507,12 @@ end ones) each time that file is needed, and reloads it if the modified time indicates it is newer than the one it has already loaded. The other values cause it to keep the file - cached forever (don't stat and replace) or to never cache the + cached forever (don't stat and replace) or to never cache the file.</p> - + <p>In general stat or forever is good for production, and stat or never for development.</p> - + <example><title>Examples:</title> LuaCodeCache stat<br /> LuaCodeCache forever<br /> @@ -534,7 +534,7 @@ end <usage><p> Add a hook (at APR_HOOK_MIDDLE) to the translate name phase of request processing. The hook function receives a single - argument, the request_rec, and should return a status code, + argument, the request_rec, and should return a status code, which is either an HTTP error code, or the constants defined in the apache2 module: apache2.OK, apache2.DECLINED, or apache2.DONE. </p> diff --git a/docs/manual/mod/mod_mime.xml b/docs/manual/mod/mod_mime.xml index 4f13810169..7edfe134fe 100644 --- a/docs/manual/mod/mod_mime.xml +++ b/docs/manual/mod/mod_mime.xml @@ -204,11 +204,11 @@ module="mod_mime_magic">MimeMagicFile</directive></seealso> displayed as such. This information, also, is transmitted in HTTP headers.</p> - <p>The character set, language, encoding and mime type are all - used in the process of content negotiation (See + <p>The character set, language, encoding and mime type are all + used in the process of content negotiation (See <module>mod_negotiation</module>) to determine which document to give to the client, when there are - alternative documents in more than one character set, language, + alternative documents in more than one character set, language, encoding or mime type. All filename extensions associations created with <directive module="mod_mime">AddCharset</directive>, <directive module="mod_mime">AddEncoding</directive>, <directive @@ -533,10 +533,10 @@ type</description> <note> It is recommended that new media types be added using the - <directive>AddType</directive> directive rather than changing the + <directive>AddType</directive> directive rather than changing the <directive module="mod_mime">TypesConfig</directive> file. </note> - + <example><title>Example</title> AddType image/gif .gif </example> @@ -567,8 +567,8 @@ type</description> the content returned by the server.</p> <p>This directive primarily configures the content types generated for - static files served out of the filesystem. For resources other than - static files, where the generator of the response typically specifies + static files served out of the filesystem. For resources other than + static files, where the generator of the response typically specifies a Content-Type, this directive has no effect.</p> </usage> @@ -824,7 +824,7 @@ extensions</description> <compatibility>RemoveInputFilter is only available in Apache 2.0.26 and later.</compatibility> -<usage> +<usage> <p>The <directive>RemoveInputFilter</directive> directive removes any input <a href="../filter.html">filter</a> associations for files with the given extensions. @@ -875,7 +875,7 @@ extensions</description> <compatibility>RemoveOutputFilter is only available in Apache 2.0.26 and later.</compatibility> -<usage> +<usage> <p>The <directive>RemoveOutputFilter</directive> directive removes any output <a href="../filter.html">filter</a> associations for files with the given extensions. diff --git a/docs/manual/mod/mod_negotiation.xml b/docs/manual/mod/mod_negotiation.xml index 73fa3664a9..ef9593b1f5 100644 --- a/docs/manual/mod/mod_negotiation.xml +++ b/docs/manual/mod/mod_negotiation.xml @@ -153,7 +153,7 @@ Negotiation</a></seealso> <code>document.html.de</code>, respectively. The type map file will be called <code>document.html.var</code>, and will contain the following:</p> - + <example> URI: document.html<br /> <br /> @@ -208,7 +208,7 @@ Negotiation</a></seealso> <directivesynopsis> <name>CacheNegotiatedDocs</name> -<description>Allows content-negotiated documents to be +<description>Allows content-negotiated documents to be cached by proxy servers</description> <syntax>CacheNegotiatedDocs On|Off</syntax> <default>CacheNegotiatedDocs Off</default> @@ -232,7 +232,7 @@ cached by proxy servers</description> <directivesynopsis> <name>ForceLanguagePriority</name> -<description>Action to take if a single acceptable document is not +<description>Action to take if a single acceptable document is not found</description> <syntax>ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback]</syntax> <default>ForceLanguagePriority Prefer</default> diff --git a/docs/manual/mod/mod_nw_ssl.xml b/docs/manual/mod/mod_nw_ssl.xml index cfe3d1f791..9a152dcec4 100644 --- a/docs/manual/mod/mod_nw_ssl.xml +++ b/docs/manual/mod/mod_nw_ssl.xml @@ -31,7 +31,7 @@ <summary> <p>This module enables SSL encryption for a specified port. It - takes advantage of the SSL encryption functionality that is + takes advantage of the SSL encryption functionality that is built into the NetWare operating system.</p> </summary> @@ -58,7 +58,7 @@ <usage> <p>Specifies a list of client certificate files (DER format) that are used when creating a proxied SSL connection. Each - client certificate used by a server must be listed separately + client certificate used by a server must be listed separately in its own <code>.der</code> file.</p> </usage> </directivesynopsis> @@ -70,10 +70,10 @@ <contextlist><context>server config</context></contextlist> <usage> - <p>Allow a connection that was created on the specified address + <p>Allow a connection that was created on the specified address and/or port to be upgraded to an SSL connection upon request from - the client. The address and/or port must have already be defined - previously with a <directive module="mpm_common">Listen</directive> + the client. The address and/or port must have already be defined + previously with a <directive module="mpm_common">Listen</directive> directive.</p> </usage> </directivesynopsis> diff --git a/docs/manual/mod/mod_proxy_ajp.xml b/docs/manual/mod/mod_proxy_ajp.xml index bfe59602a6..8a9db925bc 100644 --- a/docs/manual/mod/mod_proxy_ajp.xml +++ b/docs/manual/mod/mod_proxy_ajp.xml @@ -32,7 +32,7 @@ <summary> <p>This module <em>requires</em> the service of <module - >mod_proxy</module>. It provides support for the + >mod_proxy</module>. It provides support for the <code>Apache JServ Protocol version 1.3</code> (hereafter <em>AJP13</em>).</p> @@ -52,8 +52,8 @@ <seealso><a href="../env.html">Environment Variable documentation</a></seealso> <section id="env"><title>Environment Variables</title> - <p>Environment variables whose names have the prefix <code>AJP_</code> - are forwarded to the origin server as AJP request attributes + <p>Environment variables whose names have the prefix <code>AJP_</code> + are forwarded to the origin server as AJP request attributes (with the AJP_ prefix removed from the name of the key).</p> </section> @@ -296,7 +296,7 @@ AJP13_FORWARD_REQUEST := </pre></example> <p>The <code>request_headers</code> have the following structure: </p><example><pre> -req_header_name := +req_header_name := sc_req_header_name | (string) [see below for how this is parsed] sc_req_header_name := 0xA0xx (integer) @@ -352,7 +352,7 @@ attribute_value := (string) <tr><td>BASELINE_CONTROL</td><td>26</td></tr> <tr><td>MKACTIVITY</td><td>27</td></tr> </table> - <p>Later version of ajp13, will transport + <p>Later version of ajp13, will transport additional methods, even if they are not in this list.</p> </section> <section><title>protocol, req_uri, remote_addr, remote_host, server_name, diff --git a/docs/manual/mod/mod_proxy_balancer.xml b/docs/manual/mod/mod_proxy_balancer.xml index 90eef4500f..97fed36667 100644 --- a/docs/manual/mod/mod_proxy_balancer.xml +++ b/docs/manual/mod/mod_proxy_balancer.xml @@ -61,7 +61,7 @@ <p>At present, there are 3 load balancer scheduler algorithms available for use: Request Counting, Weighted Traffic Counting and Pending Request Counting. These are controlled via the <code>lbmethod</code> value of - the Balancer definition. See the <directive module="mod_proxy">ProxyPass</directive> + the Balancer definition. See the <directive module="mod_proxy">ProxyPass</directive> directive for more information, especially regarding how to configure the Balancer and BalancerMembers.</p> </section> @@ -132,14 +132,14 @@ <!-- ============= BALANCER_SESSION_ROUTE ================ --> <dt><var><a name="balancer_session_route" id="balancer_session_route">BALANCER_SESSION_ROUTE</a></var></dt> <dd> - <p>This is assigned the <var>route</var> parsed from the current + <p>This is assigned the <var>route</var> parsed from the current request.</p> </dd> <!-- ============= BALANCER_NAME ========================= --> <dt><var><a name="balancer_name" id="balancer_name">BALANCER_NAME</a></var></dt> <dd> - <p>This is assigned the name of the balancer used for the current + <p>This is assigned the name of the balancer used for the current request. The value is something like <code>balancer://foo</code>.</p> </dd> @@ -153,7 +153,7 @@ <!-- ============= BALANCER_WORKER_ROUTE ================= --> <dt><var><a name="balancer_worker_route" id="balancer_worker_route">BALANCER_WORKER_ROUTE</a></var></dt> <dd> - <p>This is assigned the <var>route</var> of the worker that will be + <p>This is assigned the <var>route</var> of the worker that will be used for the current request.</p> </dd> @@ -172,7 +172,7 @@ <section id="balancer_manager"> <title>Enabling Balancer Manager Support</title> - <p>This module <em>requires</em> the service of + <p>This module <em>requires</em> the service of <module>mod_status</module>. Balancer manager enables dynamic update of balancer members. You can use balancer manager to change the balance diff --git a/docs/manual/mod/mod_proxy_express.xml b/docs/manual/mod/mod_proxy_express.xml index 1ca43e184f..50c991024b 100644 --- a/docs/manual/mod/mod_proxy_express.xml +++ b/docs/manual/mod/mod_proxy_express.xml @@ -39,7 +39,7 @@ dynamic growth, but is intended to handle much, much larger numbers of backends. It is ideally suited as a front-end HTTP switch.</p> - + <p>This module <em>requires</em> the service of <module >mod_proxy</module>.</p> @@ -74,7 +74,7 @@ </summary> <seealso><module>mod_proxy</module></seealso> - + <directivesynopsis> <name>ProxyExpressEnable</name> <description>Enable the module functionality.</description> @@ -107,7 +107,7 @@ <note><title>Note</title> <p>The file is constructed from a plain text file format using - the <code><a href="../programs/httxt2dbm.html">httxt2dbm</a></code> + the <code><a href="../programs/httxt2dbm.html">httxt2dbm</a></code> utility.</p> <example><title>ProxyExpress map file</title> diff --git a/docs/manual/mod/mod_proxy_fcgi.xml b/docs/manual/mod/mod_proxy_fcgi.xml index 150c44f32b..5de04b121e 100644 --- a/docs/manual/mod/mod_proxy_fcgi.xml +++ b/docs/manual/mod/mod_proxy_fcgi.xml @@ -32,7 +32,7 @@ <summary> <p>This module <em>requires</em> the service of <module - >mod_proxy</module>. It provides support for the + >mod_proxy</module>. It provides support for the <a href="http://www.fastcgi.com/">FastCGI</a> protocol.</p> <p>Thus, in order to get the ability of handling the <code>FastCGI</code> @@ -40,7 +40,7 @@ <module>mod_proxy_fcgi</module> have to be present in the server.</p> <p>Unlike <a href="http://httpd.apache.org/mod_fcgid/">mod_fcgid</a> - and <a href="http://www.fastcgi.com/">mod_fastcgi</a>, + and <a href="http://www.fastcgi.com/">mod_fastcgi</a>, <module>mod_proxy_fcgi</module> has no provision for starting the application process; <program>fcgistarter</program> is provided for that purpose.</p> @@ -65,10 +65,10 @@ </example> <p>This application should be able to handle multiple concurrent - connections. <module>mod_proxy</module> enables connection reuse by + connections. <module>mod_proxy</module> enables connection reuse by default, so after a request has been completed the connection will be held open by that httpd child process and won't be reused until that - httpd process routes another request to the application. If the + httpd process routes another request to the application. If the FastCGI application is unable to handle enough concurrent connections from httpd, requests can block waiting for the application to close an existing connection. One way to resolve this is to disable connection @@ -80,7 +80,7 @@ </example> <p>The balanced gateway needs <module>mod_proxy_balancer</module> and - at least one load balancer algorithm module, such as + at least one load balancer algorithm module, such as <module>mod_lbmethod_byrequests</module>, in addition to the proxy modules listed above. <module>mod_lbmethod_byrequests</module> is the default, and will be used for this example configuration.</p> diff --git a/docs/manual/mod/mod_proxy_fdpass.xml b/docs/manual/mod/mod_proxy_fdpass.xml index cad8cfc769..5d61836d79 100644 --- a/docs/manual/mod/mod_proxy_fdpass.xml +++ b/docs/manual/mod/mod_proxy_fdpass.xml @@ -35,19 +35,19 @@ >mod_proxy</module>. It provides support for the passing the socket of the client to another process.</p> - <p><code>mod_proxy_fdpass</code> uses the ability of AF_UNIX domain - sockets to <a href="http://www.freebsd.org/cgi/man.cgi?query=recv">pass an + <p><code>mod_proxy_fdpass</code> uses the ability of AF_UNIX domain + sockets to <a href="http://www.freebsd.org/cgi/man.cgi?query=recv">pass an open file descriptor</a> to allow another process to finish handling a request. </p> - <p>The module has a <code>proxy_fdpass_flusher</code> provider interface, + <p>The module has a <code>proxy_fdpass_flusher</code> provider interface, which allows another module to optionally send the response headers, or even the start of the response body. The default flush provider disables keep-alive, and sends the response headers, letting the external process just send a response body.</p> - <p>At this time the only data passed to the external process is the client - socket. To receive a client socket, call recvfrom with an allocated + <p>At this time the only data passed to the external process is the client + socket. To receive a client socket, call recvfrom with an allocated <a href="http://www.kernel.org/doc/man-pages/online/pages/man3/cmsg.3.html" ><code>struct cmsghdr</code></a>. Future versions of this module may include more data after the client socket, but this is not implemented at this time. diff --git a/docs/manual/mod/mod_proxy_ftp.xml b/docs/manual/mod/mod_proxy_ftp.xml index 9c2e012f52..77582e711b 100644 --- a/docs/manual/mod/mod_proxy_ftp.xml +++ b/docs/manual/mod/mod_proxy_ftp.xml @@ -154,7 +154,7 @@ See the <directive>ProxyFtpListOnWildcard</directive> directive. </p> </section> <!-- /wildcard --> - + <directivesynopsis> <name>ProxyFtpListOnWildcard</name> <description>Whether wildcards in requested filenames trigger a file listing</description> diff --git a/docs/manual/mod/mod_proxy_scgi.xml b/docs/manual/mod/mod_proxy_scgi.xml index 1010f336a6..4fd0b53250 100644 --- a/docs/manual/mod/mod_proxy_scgi.xml +++ b/docs/manual/mod/mod_proxy_scgi.xml @@ -59,7 +59,7 @@ </example> <p>The balanced gateway needs <module>mod_proxy_balancer</module> and - at least one load balancer algorithm module, such as + at least one load balancer algorithm module, such as <module>mod_lbmethod_byrequests</module>, in addition to the proxy modules listed above. <module>mod_lbmethod_byrequests</module> is the default, and will be used for this example configuration.</p> diff --git a/docs/manual/mod/mod_ratelimit.xml b/docs/manual/mod/mod_ratelimit.xml index 614e5369a2..079c4464b5 100644 --- a/docs/manual/mod/mod_ratelimit.xml +++ b/docs/manual/mod/mod_ratelimit.xml @@ -1,13 +1,13 @@ -<?xml version="1.0"?> +<?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> +<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> <!-- $LastChangedRevision$ --> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 + The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at @@ -24,7 +24,7 @@ The sequence of tags is important and must be followed in order for the document to validate. --> -<modulesynopsis metafile="mod_ratelimit.xml.meta"> +<modulesynopsis metafile="mod_ratelimit.xml.meta"> <name>mod_ratelimit</name> <description>Bandwidth Rate Limiting for Clients</description> <status>Extension</status> @@ -33,8 +33,8 @@ the document to validate. --> <summary> -<p>Provides a <code>rate_limit</code> filter to limit client bandwidth. -The connection speed to be simulated is specified, in kb/s, using the environment +<p>Provides a <code>rate_limit</code> filter to limit client bandwidth. +The connection speed to be simulated is specified, in kb/s, using the environment variable <code>rate-limit</code>.</p> <example><title>Example Configuration</title> diff --git a/docs/manual/mod/mod_remoteip.xml b/docs/manual/mod/mod_remoteip.xml index 40104b743b..695f4b2205 100644 --- a/docs/manual/mod/mod_remoteip.xml +++ b/docs/manual/mod/mod_remoteip.xml @@ -23,8 +23,8 @@ <modulesynopsis metafile="mod_remoteip.xml.meta"> <name>mod_remoteip</name> -<description>Replaces the apparent client remote IP address and hostname -for the request with the IP address list presented by a proxies or a load +<description>Replaces the apparent client remote IP address and hostname +for the request with the IP address list presented by a proxies or a load balancer via the request headers. </description> @@ -33,12 +33,12 @@ balancer via the request headers. <identifier>remoteip_module</identifier> <summary> - <p>This module is used to treat the remote host which initiated the + <p>This module is used to treat the remote host which initiated the request as the originating remote host as identified by httpd for the purposes of authorization and logging, even where that remote host is behind a load balancer, front end server, or proxy server.</p> - <p>The module replaces the apparent remote (client) IP/hostname for + <p>The module replaces the apparent remote (client) IP/hostname for the request with the IP address reported in the request header configured with the <directive>RemoteIPHeader</directive> directive.</p> @@ -48,8 +48,8 @@ balancer via the request headers. and <directive module="mod_authz_host" type="section">Require ip</directive>, is reported by <module>mod_status</module>, and is recorded by <module>mod_log_config</module> <code>%a</code> and <code>%h</code> - directives. It also determines the machine probed for an inetd - identity by <module>mod_ident</module> based on the + directives. It also determines the machine probed for an inetd + identity by <module>mod_ident</module> based on the <directive module="mod_ident">IdentityCheck</directive> configuration.</p> <note type="warning">It is critical to only enable this behavior from @@ -66,19 +66,19 @@ balancer via the request headers. <section id="processing"><title>Remote IP Processing</title> <p>Apache identifies the client with the connection's remote_ip value, - and the connection remote_host and remote_logname are derived from this - value. These fields play a role in authentication, authorization and + and the connection remote_host and remote_logname are derived from this + value. These fields play a role in authentication, authorization and logging and other purposes by other loadable modules.</p> <p>mod_remoteip replaces the true remote_ip with the advertised remote_ip as provided by a proxy, for every evaluation of the client that occurs in the - server, and resets the remote_host and remote_logname values to trigger a + server, and resets the remote_host and remote_logname values to trigger a fresh dns or ident query of the remote IP address.</p> - <p>When multiple, comma delimited remote IP addresses are listed in the + <p>When multiple, comma delimited remote IP addresses are listed in the header value, they are processed in Right-to-Left order. Processing halts when a given remote IP address is not trusted to present the - preceeding IP address. The header field is updated to this remaining + preceeding IP address. The header field is updated to this remaining list of unconfirmed IP addresses, or if all IP addresses were trusted, this header is removed from the request altogether.</p> @@ -97,7 +97,7 @@ balancer via the request headers. All internal addresses 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (and IPv6 addresses outside of the public 2000::/3 block) are only evaluated by mod_remoteip when <directive>RemoteIPInternalProxy</directive> - internal (intranet) proxies are registered.</note> + internal (intranet) proxies are registered.</note> </section> @@ -108,10 +108,10 @@ balancer via the request headers. <contextlist><context>server config</context><context>virtual host</context></contextlist> <usage> - <p>The <directive>RemoteIPHeader</directive> directive triggers + <p>The <directive>RemoteIPHeader</directive> directive triggers <module>mod_remoteip</module> to treat the value of the specified <var>header-field</var> header as the client IP address, or list - of intermediate client IP addresses, subject to further configuration + of intermediate client IP addresses, subject to further configuration of the <directive>RemoteIPInternalProxy</directive> and <directive>RemoteIPTrustedProxy</directive> directives. Unless these other directives are used, <module>mod_remoteip</module> will trust all @@ -138,7 +138,7 @@ balancer via the request headers. or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the client IP. Unlike the <directive>RemoteIPTrustedProxy</directive> directive, any IP address - presented in this header, including private intranet addresses, are + presented in this header, including private intranet addresses, are trusted when passed from these proxies.</p> <example><title>Internal (Load Balancer) Example</title> @@ -188,7 +188,7 @@ balancer via the request headers. a header into which <module>mod_remoteip</module> will collect a list of all of the intermediate client IP addresses trusted to resolve the actual remote IP. Note that intermediate <directive>RemoteIPTrustedProxy</directive> - addresses are recorded in this header, while any intermediate + addresses are recorded in this header, while any intermediate <directive>RemoteIPInternalProxy</directive> addresses are discarded.</p> <example><title>Example</title> @@ -208,10 +208,10 @@ balancer via the request headers. <p>The <directive>RemoteIPTrustedProxy</directive> directive adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value of the client IP. Unlike the - <directive>RemoteIPInternalProxy</directive> directive, any intranet + <directive>RemoteIPInternalProxy</directive> directive, any intranet or private IP address reported by such proxies, including the 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public - 2000::/3 block) are not trusted as the remote IP, and are left in the + 2000::/3 block) are not trusted as the remote IP, and are left in the <directive>RemoteIPHeader</directive> header's value.</p> <example><title>Trusted (Load Balancer) Example</title> diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml index 80d3593889..a77091a542 100644 --- a/docs/manual/mod/mod_rewrite.xml +++ b/docs/manual/mod/mod_rewrite.xml @@ -32,21 +32,21 @@ URLs on the fly</description> <identifier>rewrite_module</identifier> <summary> - <p>The <module>mod_rewrite</module> module uses a rule-based rewriting + <p>The <module>mod_rewrite</module> module uses a rule-based rewriting engine, based on a regular-expression parser, to rewrite requested URLs on - the fly. By default, <module>mod_rewrite</module> maps a URL to a filesystem + the fly. By default, <module>mod_rewrite</module> maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.</p> - <p><module>mod_rewrite</module> provides a flexible and powerful way to - manipulate URLs using an unlimited number of rules. Each rule can have an + <p><module>mod_rewrite</module> provides a flexible and powerful way to + manipulate URLs using an unlimited number of rules. Each rule can have an unlimited number of attached rule conditions, to allow you to rewrite URL - based on server variables, environment variables, HTTP headers, or time + based on server variables, environment variables, HTTP headers, or time stamps.</p> <p><module>mod_rewrite</module> operates on the full URL path, including the - path-info section. A rewrite rule can be invoked in - <code>httpd.conf</code> or in <code>.htaccess</code>. The path generated - by a rewrite rule can include a query string, or can lead to internal - sub-processing, external request redirection, or internal proxy + path-info section. A rewrite rule can be invoked in + <code>httpd.conf</code> or in <code>.htaccess</code>. The path generated + by a rewrite rule can include a query string, or can lead to internal + sub-processing, external request redirection, or internal proxy throughput.</p> <p>Further details, discussion, and examples, are provided in the @@ -142,7 +142,7 @@ later</compatibility> <dl> <dt><code>Inherit</code></dt> <dd> - + <p>This forces the current configuration to inherit the configuration of the parent. In per-virtual-server context, this means that the maps, conditions and rules of the main @@ -157,7 +157,7 @@ later</compatibility> of local rules - has no influence on this behavior. If local rules forced the rewriting to stop, the inherited rules won't be processed.</p> - + <note type="warning"> Rules inherited from the parent scope are applied <strong>after</strong> rules specified in the child scope. @@ -167,10 +167,10 @@ later</compatibility> <dt><code>InheritBefore</code></dt> <dd> <p> Like <code>Inherit</code> above, but the rules from the parent scope - are applied <strong>before</strong> rules specified in the child scope. + are applied <strong>before</strong> rules specified in the child scope. Available in Apache HTTP Server 2.3.10 and later.</p> </dd> - + </dl> </usage> @@ -245,7 +245,7 @@ Apache HTTP Server 2.0.41 and later</compatibility> <dt>dbm</dt> <dd>Looks up an entry in a dbm file containing name, value pairs. Hash is constructed from a plain text file format using - the <code><a href="../programs/httxt2dbm.html">httxt2dbm</a></code> + the <code><a href="../programs/httxt2dbm.html">httxt2dbm</a></code> utility. (<a href="../rewrite/rewritemap.html#dbm">Details ...</a>)</dd> <dt>int</dt> @@ -283,13 +283,13 @@ Apache HTTP Server 2.0.41 and later</compatibility> that result in the substitution of a relative path. When you use a <directive module="mod_rewrite">RewriteRule</directive> in a <code>.htaccess</code> file, <module>mod_rewrite</module> strips off - the local directory prefix before processing, then rewrites the rest of + the local directory prefix before processing, then rewrites the rest of the URL. When the rewrite is completed, <module>mod_rewrite</module> automatically adds the local directory prefix (or the - <directive>RewriteBase</directive> when set) back on to the substitution + <directive>RewriteBase</directive> when set) back on to the substitution before handing it back to the core of the server as if it were the original URL.</p> - + <p>This directive is <em>required</em> for per-directory rewrites whose context is a directory made available via the <directive module="mod_alias">Alias</directive> directive, when the substitution uses a relative path.</p> @@ -300,9 +300,9 @@ Apache HTTP Server 2.0.41 and later</compatibility> <code>.htaccess</code> file where you want to use <directive module="mod_rewrite">RewriteRule</directive> directives.</p> - <p>The example below demonstrates how to map - http://example.com/myapp/index.html to - /home/www/example/newsite.html, in a <code>.htaccess</code> file. This + <p>The example below demonstrates how to map + http://example.com/myapp/index.html to + /home/www/example/newsite.html, in a <code>.htaccess</code> file. This assumes that the content available at http://example.com/ is on disk at /home/www/example/</p> <example> @@ -452,7 +452,7 @@ RewriteRule ^index\.html$ newsite.html Most are documented elsewhere in the Manual or in the CGI specification.</p> - <p>SERVER_NAME and SERVER_PORT depend on the values of + <p>SERVER_NAME and SERVER_PORT depend on the values of <directive module="core">UseCanonicalName</directive> and <directive module="core">UseCanonicalPhysicalPort</directive> respectively.</p> @@ -485,7 +485,7 @@ RewriteRule ^index\.html$ newsite.html browser to the server (e.g., "<code>GET /index.html HTTP/1.1</code>"). This does not include any additional headers sent by the - browser. This value has not been unescaped + browser. This value has not been unescaped (decoded), unlike most other variables below.</dd> <dt><code>REQUEST_URI</code></dt> @@ -499,9 +499,9 @@ RewriteRule ^index\.html$ newsite.html <dd>The full local filesystem path to the file or script matching the request, if this has already - been determined by the server at the time - <code>REQUEST_FILENAME</code> is referenced. Otherwise, - such as when used in virtual host context, the same + been determined by the server at the time + <code>REQUEST_FILENAME</code> is referenced. Otherwise, + such as when used in virtual host context, the same value as <code>REQUEST_URI</code>.</dd> <dt><code>HTTPS</code></dt> @@ -685,7 +685,7 @@ RewriteRule ^index\.html$ newsite.html numerically compared to the <em>CondPattern</em>. True if the <em>TestString</em> is numerically greater than or equal to the <em>CondPattern</em>.</li> - + <li>'<strong>-gt</strong>' (is numerically <strong>g</strong>reater <strong>t</strong>han)<br /> The <em>TestString</em> is treated as an integer, and is @@ -701,7 +701,7 @@ RewriteRule ^index\.html$ newsite.html to the <em>CondPattern</em>. Avoid confusion with the <strong>-l</strong> by using the <strong>-L</strong> or <strong>-h</strong> variant.</li> - + <li>'<strong>-lt</strong>' (is numerically <strong>l</strong>ess <strong>t</strong>han)<br /> The <em>TestString</em> is treated as an integer, and is @@ -902,16 +902,16 @@ RewriteRule ^/$ /homepage.std.html [L] RewriteRule.</p> <note><title>What is matched?</title> - <p>In <directive module="core">VirtualHost</directive> context, + <p>In <directive module="core">VirtualHost</directive> context, The <em>Pattern</em> will initially be matched against the part of the URL after the hostname and port, and before the query string (e.g. "/app1/index.html").</p> <p>In <directive module="core">Directory</directive> and htaccess context, - the <em>Pattern</em> will initially be matched against the + the <em>Pattern</em> will initially be matched against the <em>filesystem</em> path, after removing the prefix that lead the server - to the current <directive>RewriteRule</directive> (e.g. "app1/index.html" + to the current <directive>RewriteRule</directive> (e.g. "app1/index.html" or "index.html" depending on where the directives are defined).</p> - + <p>If you wish to match against the hostname, port, or query string, use a <directive module="mod_rewrite">RewriteCond</directive> with the <code>%{HTTP_HOST}</code>, <code>%{SERVER_PORT}</code>, or @@ -937,12 +937,12 @@ restriction is required for security reasons.</li> per-directory prefix (which always is the same for a specific directory) is automatically <em>removed</em> for the RewriteRule pattern matching and automatically <em>added</em> after any relative (not starting with a -slash or protocol name) substitution encounters the end of a rule set. -See the <directive module="mod_rewrite">RewriteBase</directive> -directive for more information regarding what prefix will be added back to +slash or protocol name) substitution encounters the end of a rule set. +See the <directive module="mod_rewrite">RewriteBase</directive> +directive for more information regarding what prefix will be added back to relative substutions.</li> -<li> If you wish to match against the full URL-path in a per-directory +<li> If you wish to match against the full URL-path in a per-directory (htaccess) RewriteRule, use the <code>%{REQUEST_URI}</code> variable in a <directive>RewriteCond</directive>.</li> @@ -1100,14 +1100,14 @@ cannot use <code>$N</code> in the substitution string! </tr> <tr> <td>cookie|CO=<em>NAME</em>:<em>VAL</em></td> - <td>Sets a cookie in the client browser. Full syntax is: + <td>Sets a cookie in the client browser. Full syntax is: CO=<em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>[:<em>secure</em>[:<em>httponly</em>]]]] <em><a href="../rewrite/flags.html#flag_co">details ...</a></em> </td> </tr> <tr> <td>discardpath|DPI</td> <td>Causes the PATH_INFO portion of the rewritten URI to be - discarded. <em><a href="../rewrite/flags.html#flag_dpi">details + discarded. <em><a href="../rewrite/flags.html#flag_dpi">details ...</a></em></td> </tr> <tr> diff --git a/docs/manual/mod/mod_session.xml b/docs/manual/mod/mod_session.xml index c65870cc29..e81286b5f3 100644 --- a/docs/manual/mod/mod_session.xml +++ b/docs/manual/mod/mod_session.xml @@ -42,7 +42,7 @@ interface. Sessions can be used for keeping track of whether a user has been logged in, or for other per user information that should be kept available across requests.</p> - + <p>Sessions may be stored on the server, or may be stored on the browser. Sessions may also be optionally encrypted for added security. These features are divided into several modules in addition to @@ -55,7 +55,7 @@ <p>Sessions may be manipulated from other modules that depend on the session, or the session may be read from and written to using environment variables and HTTP headers, as appropriate.</p> - + </summary> <seealso><module>mod_session_cookie</module></seealso> <seealso><module>mod_session_crypto</module></seealso> @@ -64,10 +64,10 @@ <section id="whatisasession"><title>What is a session?</title> <p>At the core of the session interface is a table of key and value pairs that are made accessible across browser requests.</p> - + <p>These pairs can be set to any valid string, as needed by the application making use of the session.</p> - + </section> <section id="whocanuseasession"><title>Who can use a session?</title> <p>The session interface is primarily developed for the use by other @@ -82,31 +82,31 @@ <p>Apache can be configured to keep track of per user sessions stored on a particular server or group of servers. This functionality is similar to the sessions available in typical application servers.</p> - + <p>If configured, sessions are tracked through the use of a session ID that is stored inside a cookie, or extracted from the parameters embedded within the URL query string, as found in a typical GET request.</p> - + <p>As the contents of the session are stored exclusively on the server, there is an expectation of privacy of the contents of the session. This does have performance and resource implications should a large number of sessions be present, or where a large number of webservers have to share sessions with one another.</p> - + <p>The <module>mod_session_dbd</module> module allows the storage of user sessions within a SQL database via <module>mod_dbd</module>.</p> </section> <!-- /serversession --> - + <section id="browsersession"><title>Keeping sessions on the browser</title> <p>Where keeping track of a session on a server is too resource intensive or inconvenient, the option exists to store the contents of the session within a cookie on the client browser instead.</p> - + <p>This has the advantage that minimal resources are required on the server to keep track of sessions, and multiple servers within a server farm have no need to share session information.</p> - + <p>The contents of the session however are exposed to the client, with a corresponding risk of a loss of privacy. The <module>mod_session_crypto</module> module can be configured to encrypt the @@ -118,11 +118,11 @@ </section> <!-- /browsersession --> <section id="basicexamples"><title>Basic Examples</title> - + <p>Creating a session is as simple as turning the session on, and deciding where the session will be stored. In this example, the session will be stored on the browser, in a cookie called <code>session</code>.</p> - + <example><title>Browser based session</title> Session On<br /> SessionCookieName session path=/<br /> @@ -132,7 +132,7 @@ following example shows how values can be injected into the session through the use of a predetermined HTTP response header called <code>X-Replace-Session</code>.</p> - + <example><title>Writing to a session</title> Session On<br /> SessionCookieName session path=/<br /> @@ -142,7 +142,7 @@ <p>The header should contain name value pairs expressed in the same format as a query string in a URL, as in the example below. Setting a key to the empty string has the effect of removing that key from the session.</p> - + <example><title>CGI to write to a session</title> #!/bin/bash<br /> echo "Content-Type: text/plain"<br /> @@ -155,7 +155,7 @@ environment variable. By default, the session is kept private, so this has to be explicitly turned on with the <directive module="mod_session">SessionEnv</directive> directive.</p> - + <example><title>Read from a session</title> Session On<br /> SessionEnv On<br /> @@ -168,32 +168,32 @@ </section> <section id="sessionprivacy"><title>Session Privacy</title> - + <p>Using the "show cookies" feature of your browser, you would have seen a clear text representation of the session. This could potentially be a problem should the end user need to be kept unaware of the contents of the session, or where a third party could gain unauthorised access to the data within the session.</p> - + <p>The contents of the session can be optionally encrypted before being placed on the browser using the <module>mod_session_crypto</module> module.</p> - + <example><title>Browser based encrypted session</title> Session On<br /> SessionCryptoPassphrase secret<br /> SessionCookieName session path=/<br /> </example> - + <p>The session will be automatically decrypted on load, and encrypted on save by Apache, the underlying application using the session need have no knowledge that encryption is taking place.</p> - + <p>Sessions stored on the server rather than on the browser can also be encrypted as needed, offering privacy where potentially sensitive information is being shared between webservers in a server farm using the <module>mod_session_dbd</module> module.</p> - + </section> <section id="cookieprivacy"><title>Cookie Privacy</title> @@ -201,7 +201,7 @@ ability to restrict cookie transport to SSL protected pages only, or to prevent browser based javascript from gaining access to the contents of the cookie.</p> - + <note type="warning"><title>Warning</title> <p>Some of the HTTP cookie privacy features are either non-standard, or are not implemented consistently across browsers. The session modules @@ -214,13 +214,13 @@ <p>Standard cookie parameters can be specified after the name of the cookie, as in the example below.</p> - + <example><title>Setting cookie parameters</title> Session On<br /> SessionCryptoPassphrase secret<br /> SessionCookieName session path=/private;domain=example.com;httponly;secure;<br /> </example> - + <p>In cases where the Apache server forms the frontend for backend origin servers, it is possible to have the session cookies removed from the incoming HTTP headers using the <directive module="mod_session_cookie">SessionCookieRemove</directive> directive. @@ -246,7 +246,7 @@ AuthName realm<br /> ...<br /> </example> - + <p>See the <module>mod_auth_form</module> module for documentation and complete examples.</p> @@ -289,7 +289,7 @@ the session, the session will time out and be removed. Where a session is used to stored user login details, this has the effect of logging the user out automatically after the given time.</p> - + <p>Setting the maxage to zero disables session expiry.</p> </usage> </directivesynopsis> @@ -310,7 +310,7 @@ <p>If set to <var>On</var>, the <directive>SessionEnv</directive> directive causes the contents of the session to be written to a CGI environment variable called <var>HTTP_SESSION</var>.</p> - + <p>The string is written in the URL query format, for example:</p> <example> @@ -335,13 +335,13 @@ <p>The <directive>SessionHeader</directive> directive defines the name of an HTTP response header which, if present, will be parsed and written to the current session.</p> - + <p>The header value is expected to be in the URL query format, for example:</p> <example> <code>key1=foo&key2=&key3=bar</code> </example> - + <p>Where a key is set to the empty string, that key will be removed from the session.</p> @@ -365,7 +365,7 @@ website more efficient, by targeting a more precise URL space for which a session should be maintained. By default, all URLs within the directory or location are included in the session.</p> - + <note type="warning"><title>Warning</title> <p>This directive has a similar purpose to the <var>path</var> attribute in HTTP cookies, but should not be confused with this attribute. This diff --git a/docs/manual/mod/mod_session_cookie.xml b/docs/manual/mod/mod_session_cookie.xml index a048c33ac5..5eadd4ffdb 100644 --- a/docs/manual/mod/mod_session_cookie.xml +++ b/docs/manual/mod/mod_session_cookie.xml @@ -40,38 +40,38 @@ <p>This submodule of <module>mod_session</module> provides support for the storage of user sessions on the remote browser within HTTP cookies.</p> - + <p>Using cookies to store a session removes the need for the server or a group of servers to store the session locally, or collaborate to share a session, and can be useful for high traffic environments where a server based session might be too resource intensive.</p> - + <p>If session privacy is required, the <module>mod_session_crypto</module> module can be used to encrypt the contents of the session before writing the session to the client.</p> - + <p>For more details on the session interface, see the documentation for the <module>mod_session</module> module.</p> - + </summary> <seealso><module>mod_session</module></seealso> <seealso><module>mod_session_crypto</module></seealso> <seealso><module>mod_session_dbd</module></seealso> <section id="basicexamples"><title>Basic Examples</title> - + <p>To create a simple session and store it in a cookie called <var>session</var>, configure the session as follows:</p> - + <example><title>Browser based session</title> Session On<br /> SessionCookieName session path=/<br /> </example> - + <p>For more examples on how the session can be configured to be read from and written to by a CGI application, see the <module>mod_session</module> examples section.</p> - + <p>For documentation on how the session can be used to store username and password details, see the <module>mod_auth_form</module> module.</p> @@ -93,12 +93,12 @@ optional attributes of an RFC2109 compliant cookie inside which the session will be stored. RFC2109 cookies are set using the <code>Set-Cookie</code> HTTP header. </p> - + <p>An optional list of cookie attributes can be specified, as per the example below. These attributes are inserted into the cookie as is, and are not interpreted by Apache. Ensure that your attributes are defined correctly as per the cookie specification. </p> - + <example><title>Cookie with attributes</title> Session On<br /> SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;<br /> @@ -123,12 +123,12 @@ optional attributes of an RFC2965 compliant cookie inside which the session will be stored. RFC2965 cookies are set using the <code>Set-Cookie2</code> HTTP header. </p> - + <p>An optional list of cookie attributes can be specified, as per the example below. These attributes are inserted into the cookie as is, and are not interpreted by Apache. Ensure that your attributes are defined correctly as per the cookie specification. </p> - + <example><title>Cookie2 with attributes</title> Session On<br /> SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;<br /> @@ -151,7 +151,7 @@ <usage> <p>The <directive>SessionCookieRemove</directive> flag controls whether the cookies containing the session will be removed from the headers during request processing.</p> - + <p>In a reverse proxy situation where the Apache server acts as a server frontend for a backend origin server, revealing the contents of the session cookie to the backend could be a potential privacy violation. When set to on, the session cookie will be diff --git a/docs/manual/mod/mod_session_crypto.xml b/docs/manual/mod/mod_session_crypto.xml index 2ef8c333a6..b1e5cbfaef 100644 --- a/docs/manual/mod/mod_session_crypto.xml +++ b/docs/manual/mod/mod_session_crypto.xml @@ -41,37 +41,37 @@ <p>This submodule of <module>mod_session</module> provides support for the encryption of user sessions before being written to a local database, or written to a remote browser via an HTTP cookie.</p> - + <p>This can help provide privacy to user sessions where the contents of the session should be kept private from the user, or where protection is needed against the effects of cross site scripting attacks.</p> - + <p>For more details on the session interface, see the documentation for the <module>mod_session</module> module.</p> - + </summary> <seealso><module>mod_session</module></seealso> <seealso><module>mod_session_cookie</module></seealso> <seealso><module>mod_session_dbd</module></seealso> <section id="basicusage"><title>Basic Usage</title> - + <p>To create a simple encrypted session and store it in a cookie called <var>session</var>, configure the session as follows:</p> - + <example><title>Browser based encrypted session</title> Session On<br /> SessionCookieName session path=/<br /> SessionCryptoPassphrase secret </example> - + <p>The session will be encrypted with the given key. Different servers can be configured to share sessions by ensuring the same encryption key is used on each server.</p> - + <p>If the encryption key is changed, sessions will be invalidated automatically.</p> - + <p>For documentation on how the session can be used to store username and password details, see the <module>mod_auth_form</module> module.</p> @@ -146,7 +146,7 @@ <p>The cipher can be set to <var>3des192</var> or <var>aes256</var> using the <var>cipher</var> parameter as per the example below. If not set, the cipher defaults to <var>aes256</var>.</p> - + <example><title>Cipher</title> SessionCryptoPassphrase secret cipher=aes256 </example> diff --git a/docs/manual/mod/mod_session_dbd.xml b/docs/manual/mod/mod_session_dbd.xml index 7d3e62bd14..b1663ed66a 100644 --- a/docs/manual/mod/mod_session_dbd.xml +++ b/docs/manual/mod/mod_session_dbd.xml @@ -49,13 +49,13 @@ <p>SQL based sessions are hidden from the browser, and so offer a measure of privacy without the need for encryption.</p> - + <p>Different webservers within a server farm may choose to share a database, and so share sessions with one another.</p> - + <p>For more details on the session interface, see the documentation for the <module>mod_session</module> module.</p> - + </summary> <seealso><module>mod_session</module></seealso> <seealso><module>mod_session_crypto</module></seealso> @@ -67,7 +67,7 @@ <p>Before the <module>mod_session_dbd</module> module can be configured to maintain a session, the <module>mod_dbd</module> module must be configured to make the various database queries available to the server.</p> - + <p>There are four queries required to keep a session maintained, to select an existing session, to update an existing session, to insert a new session, and to delete an expired or empty session. These queries are configured as per the example below.</p> @@ -85,58 +85,58 @@ </section> <section id="anonymous"><title>Anonymous Sessions</title> - + <p>Anonymous sessions are keyed against a unique UUID, and stored on the browser within an HTTP cookie. This method is similar to that used by most application servers to store session information.</p> - + <p>To create a simple anonymous session and store it in a postgres database table called <var>apachesession</var>, and save the session ID in a cookie called <var>session</var>, configure the session as follows:</p> - + <example><title>SQL based anonymous session</title> Session On<br /> SessionDBDCookieName session path=/<br /> </example> - + <p>For more examples on how the session can be configured to be read from and written to by a CGI application, see the <module>mod_session</module> examples section.</p> - + <p>For documentation on how the session can be used to store username and password details, see the <module>mod_auth_form</module> module.</p> </section> <section id="peruser"><title>Per User Sessions</title> - + <p>Per user sessions are keyed against the username of a successfully authenticated user. It offers the most privacy, as no external handle to the session exists outside of the authenticated realm.</p> - + <p>Per user sessions work within a correctly configured authenticated environment, be that using basic authentication, digest authentication or SSL client certificates. Due to the limitations of who came first, the chicken or the egg, per user sessions cannot be used to store authentication credentials from a module like <module>mod_auth_form</module>.</p> - + <p>To create a simple per user session and store it in a postgres database table called <var>apachesession</var>, and with the session keyed to the userid, configure the session as follows:</p> - + <example><title>SQL based per user session</title> Session On<br /> SessionDBDPerUser On<br /> </example> - + </section> <section id="housekeeping"><title>Database Housekeeping</title> <p>Over the course of time, the database can be expected to start accumulating expired sessions. At this point, the <module>mod_session_dbd</module> module is not yet able to handle session expiry automatically.</p> - + <note type="warning"><title>Warning</title> <p>The administrator will need to set up an external process via cron to clean out expired sessions.</p> @@ -190,12 +190,12 @@ optional attributes of an RFC2965 compliant cookie inside which the session ID will be stored. RFC2965 cookies are set using the <code>Set-Cookie2</code> HTTP header. </p> - + <p>An optional list of cookie attributes can be specified, as per the example below. These attributes are inserted into the cookie as is, and are not interpreted by Apache. Ensure that your attributes are defined correctly as per the cookie specification. </p> - + <example><title>Cookie2 with attributes</title> Session On<br /> SessionDBDCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;<br /> diff --git a/docs/manual/mod/mod_setenvif.xml b/docs/manual/mod/mod_setenvif.xml index 33a0fd4da6..2e0fd11086 100644 --- a/docs/manual/mod/mod_setenvif.xml +++ b/docs/manual/mod/mod_setenvif.xml @@ -70,8 +70,8 @@ on characteristics of the request</description> <code>User-Agent</code> HTTP request header. The following two lines have the same effect:</p> <example> - BrowserMatchNoCase Robot is_a_robot<br /> - SetEnvIfNoCase User-Agent Robot is_a_robot<br /> + BrowserMatchNoCase Robot is_a_robot<br /> + SetEnvIfNoCase User-Agent Robot is_a_robot<br /> </example> <p>Some additional examples:</p> @@ -140,7 +140,7 @@ respect to case</description> <li>An HTTP request header field (see <a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC2616</a> for more information about these); for example: <code>Host</code>, - <code>User-Agent</code>, <code>Referer</code>, and + <code>User-Agent</code>, <code>Referer</code>, and <code>Accept-Language</code>. A regular expression may be used to specify a set of request headers.</li> @@ -301,7 +301,7 @@ results.</seealso> <name>SetEnvIfNoCase</name> <description>Sets environment variables based on attributes of the request without respect to case</description> -<syntax>SetEnvIfNoCase <em>attribute regex +<syntax>SetEnvIfNoCase <em>attribute regex [!]env-variable</em>[=<em>value</em>] [[!]<em>env-variable</em>[=<em>value</em>]] ...</syntax> <contextlist><context>server config</context> diff --git a/docs/manual/mod/mod_so.xml b/docs/manual/mod/mod_so.xml index 8b4fa97faf..cef79cb8da 100644 --- a/docs/manual/mod/mod_so.xml +++ b/docs/manual/mod/mod_so.xml @@ -28,7 +28,7 @@ modules into the server at start-up or restart time</description> <status>Extension</status> <sourcefile>mod_so.c</sourcefile> <identifier>so_module</identifier> -<compatibility>This is a Base module (always included) on +<compatibility>This is a Base module (always included) on Windows</compatibility> <summary> diff --git a/docs/manual/mod/mod_speling.xml b/docs/manual/mod/mod_speling.xml index 8fec10d9f7..4219c2f66c 100644 --- a/docs/manual/mod/mod_speling.xml +++ b/docs/manual/mod/mod_speling.xml @@ -66,7 +66,7 @@ misspellings.</description> <directivesynopsis> <name>CheckSpelling</name> -<description>Enables the spelling +<description>Enables the spelling module</description> <syntax>CheckSpelling on|off</syntax> <default>CheckSpelling Off</default> @@ -126,7 +126,7 @@ module</description> <override>Options</override> <usage> - <p>When set, this directive limits the action of the spelling correction to lower/upper case changes. + <p>When set, this directive limits the action of the spelling correction to lower/upper case changes. Other potential corrections are not performed.</p> </usage> diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 00a7c146a7..9a9b4a96fe 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -43,10 +43,10 @@ to provide the cryptography engine.</p> <section id="envvars"><title>Environment Variables</title> -<p>This module can be configured to provide several items of SSL information +<p>This module can be configured to provide several items of SSL information as additional environment variables to the SSI and CGI namespace. This information is not provided by default for performance reasons. (See -<directive>SSLOptions</directive> StdEnvVars, below.) The generated variables +<directive>SSLOptions</directive> StdEnvVars, below.) The generated variables are listed in the table below. For backward compatibility the information can be made available under different names, too. Look in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter for details on the @@ -146,7 +146,7 @@ REQUEST_URI REMOTE_USER</pre></note> <dt><code>ENV:<em>variablename</em></code></dt> <dd>This will expand to the standard environment variable <em>variablename</em>.</dd> - + <dt><code>HTTP:<em>headername</em></code></dt> <dd>This will expand to the value of the request header with name <em>headername</em>.</dd> @@ -158,7 +158,7 @@ REQUEST_URI REMOTE_USER</pre></note> <p>When <module>mod_ssl</module> is built into Apache or at least loaded (under DSO situation) additional functions exist for the <a -href="mod_log_config.html#formats">Custom Log Format</a> of +href="mod_log_config.html#formats">Custom Log Format</a> of <module>mod_log_config</module>. First there is an additional ``<code>%{</code><em>varname</em><code>}x</code>'' eXtension format function which can be used to expand any variables @@ -241,7 +241,7 @@ string in <module>mod_log_config</module>.</p> <directivesynopsis> <name>SSLPassPhraseDialog</name> -<description>Type of pass phrase dialog for encrypted private +<description>Type of pass phrase dialog for encrypted private keys</description> <syntax>SSLPassPhraseDialog <em>type</em></syntax> <default>SSLPassPhraseDialog builtin</default> @@ -278,7 +278,7 @@ query can be done in two ways which can be configured by dialog (i.e. when you use a single Pass Phrase for all N Private Key files this Pass Phrase is queried only once).</p></li> -<li><code>|/path/to/program [args...]</code> +<li><code>|/path/to/program [args...]</code> <p>This mode allows an external program to be used which acts as a pipe to a particular input device; the program is sent the standard @@ -319,9 +319,9 @@ SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter <directivesynopsis> <name>SSLRandomSeed</name> -<description>Pseudo Random Number Generator (PRNG) seeding +<description>Pseudo Random Number Generator (PRNG) seeding source</description> -<syntax>SSLRandomSeed <em>context</em> <em>source</em> +<syntax>SSLRandomSeed <em>context</em> <em>source</em> [<em>bytes</em>]</syntax> <contextlist><context>server config</context></contextlist> @@ -414,7 +414,7 @@ SSLRandomSeed connect file:/dev/urandom 1024<br /> <directivesynopsis> <name>SSLSessionCache</name> -<description>Type of the global/inter-process SSL Session +<description>Type of the global/inter-process SSL Session Cache</description> <syntax>SSLSessionCache <em>type</em></syntax> <default>SSLSessionCache none</default> @@ -527,9 +527,9 @@ SSLEngine on<br /> ...<br /> </VirtualHost> </example> -<p>In Apache 2.1 and later, <directive>SSLEngine</directive> can be set to -<code>optional</code>. This enables support for -<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>, Upgrading to TLS +<p>In Apache 2.1 and later, <directive>SSLEngine</directive> can be set to +<code>optional</code>. This enables support for +<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817.</p> </usage> </directivesynopsis> @@ -545,7 +545,7 @@ Within HTTP/1.1. At this time no web browsers support RFC 2817.</p> <p> This directive toggles the usage of the SSL library FIPS_mode flag. It must be set in the global server context and cannot be configured -with conflicting settings (SSLFIPS on followed by SSLFIPS off or +with conflicting settings (SSLFIPS on followed by SSLFIPS off or similar). The mode applies to all SSL library operations. </p> <p> @@ -571,7 +571,7 @@ by the applicable Security Policy. <usage> <p> -This directive can be used to control which versions of the SSL protocol +This directive can be used to control which versions of the SSL protocol will be accepted in new connections.</p> <p> The available (case-insensitive) <em>protocol</em>s are:</p> @@ -585,21 +585,21 @@ The available (case-insensitive) <em>protocol</em>s are:</p> <li><code>SSLv3</code> <p> This is the Secure Sockets Layer (SSL) protocol, version 3.0, from - the Netscape Corporation. + the Netscape Corporation. It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by almost all popular browsers.</p></li> <li><code>TLSv1</code> <p> This is the Transport Layer Security (TLS) protocol, version 1.0. It is the - successor to SSLv3 and is defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC2246</a>. + successor to SSLv3 and is defined in <a href="http://www.ietf.org/rfc/rfc2246.txt">RFC2246</a>. Which has been obsoleted by <a href="http://www.ietf.org/rfc/rfc4346.txt">RFC4346</a>.</p></li> <li><code>All</code> <p> This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a convenient way for enabling all protocols except one when used in - combination with the minus sign on a protocol as the example above + combination with the minus sign on a protocol as the example above shows.</p></li> </ul> <example><title>Example</title> @@ -611,7 +611,7 @@ SSLProtocol all -SSLv2 <directivesynopsis> <name>SSLCipherSuite</name> -<description>Cipher Suite available for negotiation in SSL +<description>Cipher Suite available for negotiation in SSL handshake</description> <syntax>SSLCipherSuite <em>cipher-spec</em></syntax> <default>SSLCipherSuite DEFAULT (depends on OpenSSL version)</default> @@ -864,7 +864,7 @@ SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt <directivesynopsis> <name>SSLCACertificatePath</name> -<description>Directory of PEM-encoded CA Certificates for +<description>Directory of PEM-encoded CA Certificates for Client Auth</description> <syntax>SSLCACertificatePath <em>directory-path</em></syntax> <contextlist><context>server config</context> @@ -890,7 +890,7 @@ SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/ <directivesynopsis> <name>SSLCACertificateFile</name> -<description>File of concatenated PEM-encoded CA Certificates +<description>File of concatenated PEM-encoded CA Certificates for Client Auth</description> <syntax>SSLCACertificateFile <em>file-path</em></syntax> <contextlist><context>server config</context> @@ -902,7 +902,7 @@ This directive sets the <em>all-in-one</em> file where you can assemble the Certificates of Certification Authorities (CA) whose <em>clients</em> you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of -preference. This can be used alternatively and/or additionally to +preference. This can be used alternatively and/or additionally to <directive module="mod_ssl">SSLCACertificatePath</directive>.</p> <example><title>Example</title> SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt @@ -912,7 +912,7 @@ SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt <directivesynopsis> <name>SSLCADNRequestFile</name> -<description>File of concatenated PEM-encoded CA Certificates +<description>File of concatenated PEM-encoded CA Certificates for defining acceptable CA names</description> <syntax>SSLCADNRequestFile <em>file-path</em></syntax> <contextlist><context>server config</context> @@ -957,7 +957,7 @@ SSLCADNRequestFile /usr/local/apache2/conf/ca-names.crt <directivesynopsis> <name>SSLCADNRequestPath</name> -<description>Directory of PEM-encoded CA Certificates for +<description>Directory of PEM-encoded CA Certificates for defining acceptable CA names</description> <syntax>SSLCADNRequestPath <em>directory-path</em></syntax> <contextlist><context>server config</context> @@ -986,7 +986,7 @@ SSLCADNRequestPath /usr/local/apache2/conf/ca-names.crt/ <directivesynopsis> <name>SSLCARevocationPath</name> -<description>Directory of PEM-encoded CA CRLs for +<description>Directory of PEM-encoded CA CRLs for Client Auth</description> <syntax>SSLCARevocationPath <em>directory-path</em></syntax> <contextlist><context>server config</context> @@ -1012,7 +1012,7 @@ SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/ <directivesynopsis> <name>SSLCARevocationFile</name> -<description>File of concatenated PEM-encoded CA CRLs for +<description>File of concatenated PEM-encoded CA CRLs for Client Auth</description> <syntax>SSLCARevocationFile <em>file-path</em></syntax> <contextlist><context>server config</context> @@ -1116,7 +1116,7 @@ SSLVerifyClient require <directivesynopsis> <name>SSLVerifyDepth</name> -<description>Maximum depth of CA Certificates in Client +<description>Maximum depth of CA Certificates in Client Certificate verification</description> <syntax>SSLVerifyDepth <em>number</em></syntax> <default>SSLVerifyDepth 1</default> @@ -1260,7 +1260,7 @@ SSLOptions +FakeBasicAuth -StrictRequire<br /> <directivesynopsis> <name>SSLRequireSSL</name> -<description>Deny access when SSL is not used for the +<description>Deny access when SSL is not used for the HTTP request</description> <syntax>SSLRequireSSL</syntax> <contextlist><context>directory</context> @@ -1282,7 +1282,7 @@ SSLRequireSSL <directivesynopsis> <name>SSLRequire</name> -<description>Allow access only when an arbitrarily complex +<description>Allow access only when an arbitrarily complex boolean expression is true</description> <syntax>SSLRequire <em>expression</em></syntax> <contextlist><context>directory</context> @@ -1499,8 +1499,8 @@ comes with mod_ssl to accomplish this task. </note> <example><title>Example</title> SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/ -</example> -</usage> +</example> +</usage> </directivesynopsis> @@ -1713,7 +1713,7 @@ for additional information. <directivesynopsis> <name>SSLProxyCipherSuite</name> -<description>Cipher Suite available for negotiation in SSL +<description>Cipher Suite available for negotiation in SSL proxy handshake</description> <syntax>SSLProxyCipherSuite <em>cipher-spec</em></syntax> <default>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</default> @@ -1731,7 +1731,7 @@ for additional information.</p> </directivesynopsis> <directivesynopsis> <name>SSLProxyCACertificatePath</name> -<description>Directory of PEM-encoded CA Certificates for +<description>Directory of PEM-encoded CA Certificates for Remote Server Auth</description> <syntax>SSLProxyCACertificatePath <em>directory-path</em></syntax> <contextlist><context>server config</context> @@ -1757,7 +1757,7 @@ SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/ <directivesynopsis> <name>SSLProxyCACertificateFile</name> -<description>File of concatenated PEM-encoded CA Certificates +<description>File of concatenated PEM-encoded CA Certificates for Remote Server Auth</description> <syntax>SSLProxyCACertificateFile <em>file-path</em></syntax> <contextlist><context>server config</context> @@ -1769,7 +1769,7 @@ This directive sets the <em>all-in-one</em> file where you can assemble the Certificates of Certification Authorities (CA) whose <em>remote servers</em> you deal with. These are used for Remote Server Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of -preference. This can be used alternatively and/or additionally to +preference. This can be used alternatively and/or additionally to <directive module="mod_ssl">SSLProxyCACertificatePath</directive>.</p> <example><title>Example</title> SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-server.crt @@ -1779,7 +1779,7 @@ SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-serve <directivesynopsis> <name>SSLProxyCARevocationPath</name> -<description>Directory of PEM-encoded CA CRLs for +<description>Directory of PEM-encoded CA CRLs for Remote Server Auth</description> <syntax>SSLProxyCARevocationPath <em>directory-path</em></syntax> <contextlist><context>server config</context> @@ -1805,7 +1805,7 @@ SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/ <directivesynopsis> <name>SSLProxyCARevocationFile</name> -<description>File of concatenated PEM-encoded CA CRLs for +<description>File of concatenated PEM-encoded CA CRLs for Remote Server Auth</description> <syntax>SSLProxyCARevocationFile <em>file-path</em></syntax> <contextlist><context>server config</context> diff --git a/docs/manual/mod/mod_status.xml b/docs/manual/mod/mod_status.xml index 4129db8ce8..20c7cc9049 100644 --- a/docs/manual/mod/mod_status.xml +++ b/docs/manual/mod/mod_status.xml @@ -64,8 +64,8 @@ performance</description> <li>The current hosts and requests being processed (*)</li> </ul> - <p>The lines marked "(*)" are only available if - <directive module="core">ExtendedStatus</directive> + <p>The lines marked "(*)" are only available if + <directive module="core">ExtendedStatus</directive> is <code>On</code>. In version 2.3.6, loading mod_status will toggle <directive module="core">ExtendedStatus</directive> On by default.</p> @@ -109,7 +109,7 @@ performance</description> accessing the page <code>http://your.server.name/server-status?auto</code>. This is useful when automatically run, see the Perl program - <code>log_server_status</code>, which you will find in the + <code>log_server_status</code>, which you will find in the <code>/support</code> directory of your Apache HTTP Server installation.</p> <note> @@ -125,7 +125,7 @@ performance</description> <section id="troubleshoot"> <title>Using server-status to troubleshoot</title> - + <p>The <code>server-status</code> page may be used as a starting place for troubleshooting a situation where your server is consuming all available resources (CPU or memory), and you wish to identify diff --git a/docs/manual/mod/mod_substitute.xml b/docs/manual/mod/mod_substitute.xml index 5507ff8044..0e0ab41e48 100644 --- a/docs/manual/mod/mod_substitute.xml +++ b/docs/manual/mod/mod_substitute.xml @@ -46,10 +46,10 @@ <usage> <p>The <directive>Substitute</directive> directive specifies a search and replace pattern to apply to the response body.</p> - + <p>The meaning of the pattern can be modified by using any combination of these flags:</p> - + <dl> <dt><code>i</code></dt> <dd>Perform a case-insensitive match.</dd> @@ -69,7 +69,7 @@ that the result of one substitution will ever match a pattern or regex of a subsequent one.</dd> </dl> - + <example><title>Example</title> <Location /> <indent> @@ -78,10 +78,10 @@ </indent> </Location> </example> - + <p>If either the pattern or the substitution contain a slash character then an alternative delimiter should be used:</p> - + <example><title>Example of using an alternate delimiter</title> <Location /> <indent> diff --git a/docs/manual/mod/mod_userdir.xml b/docs/manual/mod/mod_userdir.xml index faed9c3c35..4937aa9733 100644 --- a/docs/manual/mod/mod_userdir.xml +++ b/docs/manual/mod/mod_userdir.xml @@ -160,7 +160,7 @@ host</context></contextlist> directive was present.</p> <note><title>Merging details</title> - <p> Lists of specific enabled and disabled users are replaced, not merged, + <p> Lists of specific enabled and disabled users are replaced, not merged, from global to virtual host scope</p></note> </usage> diff --git a/docs/manual/mod/mod_usertrack.xml b/docs/manual/mod/mod_usertrack.xml index 734b866b98..173fd1ba75 100644 --- a/docs/manual/mod/mod_usertrack.xml +++ b/docs/manual/mod/mod_usertrack.xml @@ -68,20 +68,20 @@ <p>The domain string <strong>must</strong> begin with a dot, and <strong>must</strong> include at least one embedded dot. That is, - <code>.example.com</code> is legal, but <code>www.example.com</code> and + <code>.example.com</code> is legal, but <code>www.example.com</code> and <code>.com</code> are not.</p> <note>Most browsers in use today will not allow cookies to be set - for a two-part top level domain, such as <code>.co.uk</code>, + for a two-part top level domain, such as <code>.co.uk</code>, although such a domain ostensibly fulfills the requirements - above.<br /> - + above.<br /> + These domains are equivalent to top level domains such as <code>.com</code>, and allowing such cookies may be a security risk. Thus, if you are under a two-part top level domain, you should still use your actual domain, as you would with any other top level domain (for example <code>.example.co.uk</code>). - </note> + </note> <example> CookieDomain .example.com @@ -212,7 +212,7 @@ user-tracking cookie for all new requests. This directive can be used to turn this behavior on or off on a per-server or per-directory basis. By default, enabling - <module>mod_usertrack</module> will <strong>not</strong> + <module>mod_usertrack</module> will <strong>not</strong> activate cookies. </p> <example> diff --git a/docs/manual/mod/mod_version.xml b/docs/manual/mod/mod_version.xml index 1e8ae427b2..3b6b41a3b1 100644 --- a/docs/manual/mod/mod_version.xml +++ b/docs/manual/mod/mod_version.xml @@ -97,8 +97,8 @@ </IfVersion> </example> - <p>Besides the numerical comparison it is possible to match a - <glossary ref="regex">regular expression</glossary> + <p>Besides the numerical comparison it is possible to match a + <glossary ref="regex">regular expression</glossary> against the httpd version. There are two ways to write it:</p> <table style="zebra" border="1"> diff --git a/docs/manual/mod/mod_vhost_alias.xml b/docs/manual/mod/mod_vhost_alias.xml index 878bb0a682..35164eb648 100644 --- a/docs/manual/mod/mod_vhost_alias.xml +++ b/docs/manual/mod/mod_vhost_alias.xml @@ -35,7 +35,7 @@ hosting</description> the HTTP request to be used as part of the pathname to determine what files to serve. This allows for easy use of a huge number of virtual hosts with similar configurations.</p> - + <note><title>Note</title> <p>If <module>mod_alias</module> or <module>mod_userdir</module> are used for translating URIs to filenames, they will override the @@ -52,7 +52,7 @@ hosting</description> </summary> <seealso><directive module="core">UseCanonicalName</directive></seealso> -<seealso><a href="../vhosts/mass.html">Dynamically configured mass +<seealso><a href="../vhosts/mass.html">Dynamically configured mass virtual hosting</a></seealso> <section id="interpol"> @@ -77,7 +77,7 @@ hosting</description> <tr><td><code>%N.M</code></td> <td>insert (part of) the name</td></tr> - + </table> <p><code>N</code> and <code>M</code> are used to specify @@ -135,7 +135,7 @@ hosting</description> <code>http://www.example.com/directory/file.html</code> will be satisfied by the file <code>/usr/local/apache/vhosts/www.example.com/directory/file.html</code>. - </p> + </p> <p>For a very large number of virtual hosts it is a good idea to arrange the files to reduce the size of the @@ -203,7 +203,7 @@ hosting</description> <code>http://www.domain.example.com/directory/file.html</code> will be satisfied by the file <code>/usr/local/apache/vhosts/domain.example/directory/file.html</code>.</p> - + <p>The <directive module="mod_log_config">LogFormat</directive> directives <code>%V</code> and <code>%A</code> are useful in conjunction with this module.</p> @@ -227,9 +227,9 @@ for a given virtual host</description> value of the server name. The result of expanding <em>interpolated-directory</em> is used as the root of the document tree in a similar manner to the <directive - module="core">DocumentRoot</directive> directive's argument. + module="core">DocumentRoot</directive> directive's argument. If <em>interpolated-directory</em> is <code>none</code> then - <directive>VirtualDocumentRoot</directive> is turned off. This directive + <directive>VirtualDocumentRoot</directive> is turned off. This directive cannot be used in the same context as <directive module="mod_vhost_alias">VirtualDocumentRootIP</directive>.</p> diff --git a/docs/manual/mod/mpm_common.xml b/docs/manual/mod/mpm_common.xml index 2d94317482..3a5031628b 100644 --- a/docs/manual/mod/mpm_common.xml +++ b/docs/manual/mod/mpm_common.xml @@ -40,16 +40,16 @@ switch before dumping core</description> <usage> <p>This controls the directory to which Apache httpd attempts to switch before dumping core. If your operating system is configured to - create core files in the working directory of the crashing process, + create core files in the working directory of the crashing process, <directive>CoreDumpDirectory</directive> is necessary to change working - directory from the default <directive module="core">ServerRoot</directive> + directory from the default <directive module="core">ServerRoot</directive> directory, which should not be writable by the user the server runs as.</p> - <p>If you want a core dump for debugging, you can use this directive to + <p>If you want a core dump for debugging, you can use this directive to place it in a different location. This directive has no effect if your operating system is not configured to write core files to the working directory of the crashing processes.</p> - + <note><title>Core Dumps on Linux</title> <p>If Apache httpd starts as root and switches to another user, the Linux kernel <em>disables</em> core dumps even if the directory is @@ -66,8 +66,8 @@ switch before dumping core</description> </note> <note><title>Specific signals</title> - <p><directive>CoreDumpDirectory</directive> processing only occurs for - a select set of fatal signals: SIGFPE, SIGILL, SIGABORT, + <p><directive>CoreDumpDirectory</directive> processing only occurs for + a select set of fatal signals: SIGFPE, SIGILL, SIGABORT, SIGSEGV, and SIGBUS.</p> <p>On some operating systems, SIGQUIT also results in a core dump but does not go through <directive>CoreDumpDirectory</directive> or @@ -95,7 +95,7 @@ after a crash</description> configured with the <code>--enable-exception-hook</code> option. It enables a hook that allows external modules to plug in and do something after a child crashed.</p> - + <p>There are already two modules, <code>mod_whatkilledus</code> and <code>mod_backtrace</code> that make use of this hook. Please have a look at Jeff Trawick's <a @@ -117,7 +117,7 @@ will exit.</description> <usage> <p>The <directive>GracefulShutdownTimeout</directive> specifies - how many seconds after receiving a "graceful-stop" signal, a + how many seconds after receiving a "graceful-stop" signal, a server should continue to run, handling the existing connections.</p> <p>Setting this value to zero means that the server will wait @@ -222,14 +222,14 @@ The <var>protocol</var> argument was added in 2.1.5</compatibility> Listen [2001:db8::a00:20ff:fea7:ccea]:80 </example> - <p>The optional <var>protocol</var> argument is not required for most - configurations. If not specified, <code>https</code> is the default for - port 443 and <code>http</code> the default for all other ports. The + <p>The optional <var>protocol</var> argument is not required for most + configurations. If not specified, <code>https</code> is the default for + port 443 and <code>http</code> the default for all other ports. The protocol is used to determine which module should handle a request, and - to apply protocol specific optimizations with the + to apply protocol specific optimizations with the <directive module="core">AcceptFilter</directive> directive.</p> - <p>You only need to set the protocol if you are running on non-standard + <p>You only need to set the protocol if you are running on non-standard ports. For example, running an <code>https</code> site on port 8443:</p> <example> @@ -381,7 +381,7 @@ will handle during its life</description> <p>Maximum number of idle threads. Different MPMs deal with this directive differently.</p> - <p>For <module>worker</module>, the default is + <p>For <module>worker</module>, the default is <code>MaxSpareThreads 250</code>. This MPM deals with idle threads on a server-wide basis. If there are too many idle threads in the server then child processes are killed until the number of idle @@ -515,7 +515,7 @@ Apache HTTP Server</a></seealso> <usage> <p>Sets the server's TCP send buffer size to the number of bytes specified. It is often useful to set this past the OS's standard - default value on high speed, high latency conections + default value on high speed, high latency conections (<em>i.e.</em>, 100ms or so, such as transcontinental fast pipes).</p> <p>If set to the value of <code>0</code>, the server will use the @@ -611,7 +611,7 @@ Apache HTTP Server</a></seealso> there is usually little reason to adjust this parameter.</p> <p>The default value differs from MPM to MPM. <module>worker</module> - defaults to <code>StartServers 3</code>; <module>prefork</module> + defaults to <code>StartServers 3</code>; <module>prefork</module> defaults to <code>5</code>; <module>mpmt_os2</module> defaults to <code>2</code>.</p> </usage> @@ -717,8 +717,8 @@ and later</compatibility> <directivesynopsis> <name>ThreadStackSize</name> -<description>The size in bytes of the stack used by threads handling -client connections</description> +<description>The size in bytes of the stack used by threads handling +client connections</description> <syntax>ThreadStackSize <var>size</var></syntax> <default>65536 on NetWare; varies on other operating systems</default> <contextlist><context>server config</context></contextlist> @@ -729,11 +729,11 @@ client connections</description> <compatibility>Available in Apache HTTP Server 2.1 and later</compatibility> <usage> - <p>The <directive>ThreadStackSize</directive> directive sets the + <p>The <directive>ThreadStackSize</directive> directive sets the size of the stack (for autodata) of threads which handle client - connections and call modules to help process those connections. - In most cases the operating system default for stack size is - reasonable, but there are some conditions where it may need to be + connections and call modules to help process those connections. + In most cases the operating system default for stack size is + reasonable, but there are some conditions where it may need to be adjusted:</p> <ul> @@ -742,13 +742,13 @@ client connections</description> which use a relatively large amount of autodata storage. Those same modules may have worked fine on other platforms where the default thread stack size is larger. This type of crash is - resolved by setting <directive>ThreadStackSize</directive> to a - value higher than the operating system default. This type of - adjustment is necessary only if the provider of the third-party + resolved by setting <directive>ThreadStackSize</directive> to a + value higher than the operating system default. This type of + adjustment is necessary only if the provider of the third-party module specifies that it is required, or if diagnosis of an Apache httpd crash indicates that the thread stack size was too small.</li> - <li>On platforms where the default thread stack size is + <li>On platforms where the default thread stack size is significantly larger than necessary for the web server configuration, a higher number of threads per child process will be achievable if <directive>ThreadStackSize</directive> is @@ -761,9 +761,9 @@ client connections</description> the current <directive>ThreadStackSize</directive> setting.</li> <li>On Linux, this directive can only be used to increase the default - stack size, as the underlying system call uses the value as a - <em>minimum</em> stack size. The (often large) soft limit for - <code>ulimit -s</code> (8MB if unlimited) is used as the default stack + stack size, as the underlying system call uses the value as a + <em>minimum</em> stack size. The (often large) soft limit for + <code>ulimit -s</code> (8MB if unlimited) is used as the default stack size.</li> </ul> diff --git a/docs/manual/mod/mpmt_os2.xml b/docs/manual/mod/mpmt_os2.xml index c7da33ddfe..63a41290ef 100644 --- a/docs/manual/mod/mpmt_os2.xml +++ b/docs/manual/mod/mpmt_os2.xml @@ -36,7 +36,7 @@ involves spawning children as required to ensure there are always <directive module="mpm_common">StartServers</directive> processes accepting connections.</p> - + <p>Each child process consists of a a pool of worker threads and a main thread that accepts connections and passes them to the workers via a work queue. The worker thread pool is dynamic, managed by a diff --git a/docs/manual/mod/worker.xml b/docs/manual/mod/worker.xml index bd0baf1a69..f95f4c21f7 100644 --- a/docs/manual/mod/worker.xml +++ b/docs/manual/mod/worker.xml @@ -46,9 +46,9 @@ <seealso><a href="../bind.html">Setting which addresses and ports Apache HTTP Server uses</a></seealso> <section id="how-it-works"><title>How it Works</title> - <p>A single control process (the parent) is responsible for launching + <p>A single control process (the parent) is responsible for launching child processes. Each child process creates a fixed number of server - threads as specified in the <directive + threads as specified in the <directive module="mpm_common">ThreadsPerChild</directive> directive, as well as a listener thread which listens for connections and passes them to a server thread for processing when they arrive.</p> @@ -76,25 +76,25 @@ <p>Two directives set hard limits on the number of active child processes and the number of server threads in a child process, - and can only be changed by fully stopping the server and then + and can only be changed by fully stopping the server and then starting it again. <directive module="mpm_common">ServerLimit - </directive> is a hard limit on the number of active child - processes, and must be greater than or equal to the + </directive> is a hard limit on the number of active child + processes, and must be greater than or equal to the <directive module="mpm_common">MaxRequestWorkers</directive> directive divided by the <directive module="mpm_common"> - ThreadsPerChild</directive> directive. + ThreadsPerChild</directive> directive. <directive module="mpm_common">ThreadLimit</directive> is a hard limit of the number of server threads, and must be greater than - or equal to the <directive + or equal to the <directive module="mpm_common">ThreadsPerChild</directive> directive.</p> - <p>In addition to the set of active child processes, there may + <p>In addition to the set of active child processes, there may be additional child processes which are terminating, but where at least one server thread is still handling an existing client - connection. Up to <directive - module="mpm_common">MaxRequestWorkers</directive> terminating processes - may be present, though the actual number can be expected to be - much smaller. This behavior can be avoided by disabling the + connection. Up to <directive + module="mpm_common">MaxRequestWorkers</directive> terminating processes + may be present, though the actual number can be expected to be + much smaller. This behavior can be avoided by disabling the termination of individual child processes, which is achieved using the following:</p> |