diff options
| author | Jeff Trawick <trawick@apache.org> | 2014-04-16 20:44:14 +0000 |
|---|---|---|
| committer | Jeff Trawick <trawick@apache.org> | 2014-04-16 20:44:14 +0000 |
| commit | f61c5b3128dea0d6007572f4b329b2e6ea1a698a (patch) | |
| tree | 988fe6adf7239e8f2aa205395da97511173c5771 | |
| parent | b15cf070233d0420a504980c466bc359ab8026b0 (diff) | |
| download | httpd-f61c5b3128dea0d6007572f4b329b2e6ea1a698a.tar.gz | |
Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054
mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith
(Thanks gsmith for the Windows build bits!)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68
145 files changed, 2993 insertions, 242 deletions
diff --git a/Apache-apr2.dsw b/Apache-apr2.dsw index da295a5dd3..44b193e1d7 100644 --- a/Apache-apr2.dsw +++ b/Apache-apr2.dsw @@ -132,6 +132,9 @@ Package=<4> Project_Dep_Name mod_authn_socache End Project Dependency Begin Project Dependency + Project_Dep_Name mod_authnz_fcgi + End Project Dependency + Begin Project Dependency Project_Dep_Name mod_authz_core End Project Dependency Begin Project Dependency @@ -1033,6 +1036,24 @@ Package=<4> ############################################################################### +Project: "mod_authnz_fcgi"=.\modules\aaa\mod_authnz_fcgi.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name libapr + End Project Dependency + Begin Project Dependency + Project_Dep_Name libhttpd + End Project Dependency +}}} + +############################################################################### + Project: "mod_authnz_ldap"=.\modules\aaa\mod_authnz_ldap.dsp - Package Owner=<4> Package=<5> diff --git a/Apache.dsw b/Apache.dsw index 9ea521ca33..6ac0075f81 100644 --- a/Apache.dsw +++ b/Apache.dsw @@ -144,6 +144,9 @@ Package=<4> Project_Dep_Name mod_authn_socache End Project Dependency Begin Project Dependency + Project_Dep_Name mod_authnz_fcgi + End Project Dependency + Begin Project Dependency Project_Dep_Name mod_authnz_ldap End Project Dependency Begin Project Dependency @@ -1243,6 +1246,27 @@ Package=<4> ############################################################################### +Project: "mod_authnz_fcgi"=.\modules\aaa\mod_authnz_fcgi.dsp - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name libapr + End Project Dependency + Begin Project Dependency + Project_Dep_Name libaprutil + End Project Dependency + Begin Project Dependency + Project_Dep_Name libhttpd + End Project Dependency +}}} + +############################################################################### + Project: "mod_authnz_ldap"=.\modules\aaa\mod_authnz_ldap.dsp - Package Owner=<4> Package=<5> @@ -2,6 +2,10 @@ Changes with Apache 2.4.10 + *) mod_authnz_fcgi: New module to enable FastCGI authorizer + applications to authenticate and/or authorize clients. + [Jeff Trawick] + *) mod_proxy: Do not try to parse the regular expressions passed by ProxyPassMatch as URL as they do not follow their syntax. PR 56074. [Ruediger Pluem] diff --git a/CMakeLists.txt b/CMakeLists.txt index 9a4c1181ae..d3d16e5a4a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -203,6 +203,7 @@ SET(MODULE_LIST "modules/aaa/mod_authn_dbm+I+DBM-based authentication control" "modules/aaa/mod_authn_file+A+file-based authentication control" "modules/aaa/mod_authn_socache+I+Cached authentication control" + "modules/aaa/mod_authnz_fcgi+I+FastCGI authorizer-based authentication and authorization" "modules/aaa/mod_authnz_ldap+i+LDAP based authentication" "modules/aaa/mod_authz_core+A+core authorization provider vector module" "modules/aaa/mod_authz_dbd+I+SQL based authorization and Login/Session support" @@ -110,19 +110,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: trunk patch: http://svn.apache.org/r1587255 +1: druggeri, ylavic, covener - * Merge mod_authnz_fcgi from trunk. - trunk: - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c - http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml - and a line each in CMakeLists.txt and modules/aaa/config.m4 - (It was never added to other build systems.) - See the 2.4.x patch mergeinfo for trunk revisions. I've also added a tiny - part of r1522544 to create an entry in os/win32/BaseAddr.ref. - 2.4.x patch: http://people.apache.org/~trawick/authnz_fcgi-2.4.txt - The patch includes generated doc changes in order to carry eol-style. - +1: trawick, jim - +1: gsmith, please include r1588054 (tradional Win build) - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/build/installwinconf.awk b/build/installwinconf.awk index d8db0fc603..3362734129 100644 --- a/build/installwinconf.awk +++ b/build/installwinconf.awk @@ -106,6 +106,7 @@ BEGIN { print "#LoadModule authn_dbm_module modules/mod_authn_dbm.so" > dstfl; print "LoadModule authn_file_module modules/mod_authn_file.so" > dstfl; print "#LoadModule authn_socache_module modules/mod_authn_socache.so" > dstfl; + print "#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so" > dstfl; print "#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so" > dstfl; print "LoadModule authz_core_module modules/mod_authz_core.so" > dstfl; print "#LoadModule authz_dbd_module modules/mod_authz_dbd.so" > dstfl; diff --git a/docs/manual/mod/allmodules.xml b/docs/manual/mod/allmodules.xml index 7b6dddb5ea..592dce2a02 100644 --- a/docs/manual/mod/allmodules.xml +++ b/docs/manual/mod/allmodules.xml @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml</modulefile> <modulefile>mod_authn_file.xml</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.de b/docs/manual/mod/allmodules.xml.de index bfb4670af1..9918fdf759 100644 --- a/docs/manual/mod/allmodules.xml.de +++ b/docs/manual/mod/allmodules.xml.de @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml</modulefile> <modulefile>mod_authn_file.xml</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.es b/docs/manual/mod/allmodules.xml.es index 13464adb3d..42ed94fb4c 100644 --- a/docs/manual/mod/allmodules.xml.es +++ b/docs/manual/mod/allmodules.xml.es @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml</modulefile> <modulefile>mod_authn_file.xml</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.fr b/docs/manual/mod/allmodules.xml.fr index 8089a956c6..df497e7de1 100644 --- a/docs/manual/mod/allmodules.xml.fr +++ b/docs/manual/mod/allmodules.xml.fr @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml.fr</modulefile> <modulefile>mod_authn_file.xml.fr</modulefile> <modulefile>mod_authn_socache.xml.fr</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml.fr</modulefile> <modulefile>mod_authz_core.xml.fr</modulefile> <modulefile>mod_authz_dbd.xml.fr</modulefile> diff --git a/docs/manual/mod/allmodules.xml.ja b/docs/manual/mod/allmodules.xml.ja index 689232048a..2df837f0a4 100644 --- a/docs/manual/mod/allmodules.xml.ja +++ b/docs/manual/mod/allmodules.xml.ja @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml.ja</modulefile> <modulefile>mod_authn_file.xml.ja</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.ko b/docs/manual/mod/allmodules.xml.ko index ad0e81aebc..e49c185a00 100644 --- a/docs/manual/mod/allmodules.xml.ko +++ b/docs/manual/mod/allmodules.xml.ko @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml.ko</modulefile> <modulefile>mod_authn_file.xml.ko</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.tr b/docs/manual/mod/allmodules.xml.tr index 2b75cac3b9..1079ac8f19 100644 --- a/docs/manual/mod/allmodules.xml.tr +++ b/docs/manual/mod/allmodules.xml.tr @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml</modulefile> <modulefile>mod_authn_file.xml</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/allmodules.xml.zh-cn b/docs/manual/mod/allmodules.xml.zh-cn index 7b6dddb5ea..592dce2a02 100644 --- a/docs/manual/mod/allmodules.xml.zh-cn +++ b/docs/manual/mod/allmodules.xml.zh-cn @@ -17,6 +17,7 @@ <modulefile>mod_authn_dbm.xml</modulefile> <modulefile>mod_authn_file.xml</modulefile> <modulefile>mod_authn_socache.xml</modulefile> + <modulefile>mod_authnz_fcgi.xml</modulefile> <modulefile>mod_authnz_ldap.xml</modulefile> <modulefile>mod_authz_core.xml</modulefile> <modulefile>mod_authz_dbd.xml</modulefile> diff --git a/docs/manual/mod/core.html.de b/docs/manual/mod/core.html.de index 4a0ea71f17..0f1a99d81b 100644 --- a/docs/manual/mod/core.html.de +++ b/docs/manual/mod/core.html.de @@ -575,6 +575,7 @@ HTTP-Response-Headern</td></tr> <tr><th><a href="directive-dict.html#Context">Kontext:</a></th><td>Serverkonfiguration</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Kompatibilität:</a></th><td>Available in Apache 2.4.2 and later</td></tr> </table><p>Die Dokumentation zu dieser Direktive wurde noch nicht übersetzt. Bitte schauen Sie in die englische Version.</p><h3>Siehe auch</h3> @@ -1226,7 +1227,6 @@ Fehlermeldungen</a></li> <tr><th><a href="directive-dict.html#Context">Kontext:</a></th><td>Serverkonfiguration, Virtual Host</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Modul:</a></th><td>core</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Kompatibilität:</a></th><td>Available in Apache httpd 2.3.9 and later</td></tr> </table><p>Die Dokumentation zu dieser Direktive wurde noch nicht übersetzt. Bitte schauen Sie in die englische Version.</p><h3>Siehe auch</h3> diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index ec3702b2b5..1082d68f11 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -667,6 +667,7 @@ headers</td></tr> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.4.2 and later</td></tr> </table> <p>The <code class="directive">DefaultRuntimeDir</code> directive sets the directory in which the server will create various run-time files @@ -1750,9 +1751,9 @@ filenames</td></tr> <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. In order to prevent confusion, numbered (unnamed) backreferences are ignored. Use named groups instead.</p> -<pre class="prettyprint lang-config"><FileMatch ^(?<sitename>[^/]+)> +<pre class="prettyprint lang-config"><FilesMatch ^(?<sitename>[^/]+)> require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example -</FileMatch></pre> +</FilesMatch></pre> <h3>See also</h3> diff --git a/docs/manual/mod/core.html.es b/docs/manual/mod/core.html.es index 7879ea0409..414bab462a 100644 --- a/docs/manual/mod/core.html.es +++ b/docs/manual/mod/core.html.es @@ -594,6 +594,7 @@ headers</td></tr> <tr><th><a href="directive-dict.html#Context">Contexto:</a></th><td>server config</td></tr> <tr><th><a href="directive-dict.html#Status">Estado:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Módulo:</a></th><td>core</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilidad:</a></th><td>Available in Apache 2.4.2 and later</td></tr> </table><p>The documentation for this directive has not been translated yet. Please have a look at the English version.</p><h3>Consulte también</h3> diff --git a/docs/manual/mod/core.html.fr b/docs/manual/mod/core.html.fr index 43e5b7bf2d..c8ee75680c 100644 --- a/docs/manual/mod/core.html.fr +++ b/docs/manual/mod/core.html.fr @@ -31,6 +31,8 @@ <a href="../ja/mod/core.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="../tr/mod/core.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Fonctionnalités de base du serveur HTTP Apache toujours disponibles</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Core</td></tr></table> @@ -127,8 +129,6 @@ d'acceptation</var></code></td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 sous Windows et 2.1.5 -sur les autres plates-formes.</td></tr> </table> <p>Cette directive permet d'effectuer une optimisation de la socket d'écoute d'un type de protocole en fonction du système @@ -695,6 +695,7 @@ dans la réponse HTTP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.4.2 du serveur HTTP Apache</td></tr> </table> <p>La directive <code class="directive">DefaultRuntimeDir</code> permet de définir le répertoire dans lequel le serveur va créer les différents @@ -1470,7 +1471,6 @@ personnalisation des réponses</a></li> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.9 d'Apache</td></tr> </table> <p>La directive <code class="directive">ErrorLogFormat</code> permet de spécifier quelles informations supplémentaires vont être enregistrées @@ -1873,9 +1873,9 @@ spécifiés sous la forme d'expressions rationnelles</td></tr> nommées) sont ignorées. Vous devez utiliser à la place des groupes nommés.</p> -<pre class="prettyprint lang-config"><FileMatch ^(?<sitename>[^/]+)> +<pre class="prettyprint lang-config"><FilesMatch ^(?<sitename>[^/]+)> require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example -</FileMatch></pre> +</FilesMatch></pre> @@ -2331,8 +2331,6 @@ avant de fermer une connexion persistante</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>La spécification d'une valeur en millisecondes est -possible depuis les versions 2.3.2 et supérieures d'Apache httpd</td></tr> </table> <p>Le nombre de secondes pendant lesquelles Apache httpd va attendre une requête avant de fermer la connexion. Le délai peut être défini en diff --git a/docs/manual/mod/core.html.ja.utf8 b/docs/manual/mod/core.html.ja.utf8 index 16a3105197..6089e05492 100644 --- a/docs/manual/mod/core.html.ja.utf8 +++ b/docs/manual/mod/core.html.ja.utf8 @@ -545,6 +545,7 @@ <tr><th><a href="directive-dict.html#Context">コンテã‚スト:</a></th><td>サーãƒè¨å®šãƒ•ã‚¡ã‚¤ãƒ«</td></tr> <tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>core</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>Available in Apache 2.4.2 and later</td></tr> </table><p>ã“ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ã®è§£èª¬æ–‡æ›¸ã¯ ã¾ã 翻訳ã•ã‚Œã¦ã„ã¾ã›ã‚“。英語版をã”覧ãã ã•ã„。 </p><h3>å‚ç…§</h3> @@ -1169,7 +1170,6 @@ for a complete reference and more examples.</li> <tr><th><a href="directive-dict.html#Context">コンテã‚スト:</a></th><td>サーãƒè¨å®šãƒ•ã‚¡ã‚¤ãƒ«, ãƒãƒ¼ãƒãƒ£ãƒ«ãƒ›ã‚¹ãƒˆ</td></tr> <tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Core</td></tr> <tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>core</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>Available in Apache httpd 2.3.9 and later</td></tr> </table><p>ã“ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ã®è§£èª¬æ–‡æ›¸ã¯ ã¾ã 翻訳ã•ã‚Œã¦ã„ã¾ã›ã‚“。英語版をã”覧ãã ã•ã„。 </p><h3>å‚ç…§</h3> diff --git a/docs/manual/mod/core.html.tr.utf8 b/docs/manual/mod/core.html.tr.utf8 index 2e91a2f020..058498b3eb 100644 --- a/docs/manual/mod/core.html.tr.utf8 +++ b/docs/manual/mod/core.html.tr.utf8 @@ -31,6 +31,7 @@ <a href="../ja/mod/core.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="../tr/mod/core.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son deÄŸiÅŸiklikler için Ä°ngilizce sürüm geçerlidir.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Apache HTTP Sunucusunda daima mevcut olan çekirdek özellikler</td></tr> <tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Çekirdek</td></tr></table> diff --git a/docs/manual/mod/core.xml.de b/docs/manual/mod/core.xml.de index e92ffab752..bbee8f3c56 100644 --- a/docs/manual/mod/core.xml.de +++ b/docs/manual/mod/core.xml.de @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?> -<!-- English Revision: 344972:1584704 (outdated) --> +<!-- English Revision: 344972:1587884 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/core.xml.es b/docs/manual/mod/core.xml.es index 7f05b1bbab..6b7df8793f 100644 --- a/docs/manual/mod/core.xml.es +++ b/docs/manual/mod/core.xml.es @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<!-- English Revision: 1040494:1584704 (outdated) --> +<!-- English Revision: 1040494:1587884 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/core.xml.fr b/docs/manual/mod/core.xml.fr index bcc49ee5ff..715c915972 100644 --- a/docs/manual/mod/core.xml.fr +++ b/docs/manual/mod/core.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1585830 --> +<!-- English Revision: 1585830:1587884 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/core.xml.ja b/docs/manual/mod/core.xml.ja index 9cffc713a8..1bd86215d0 100644 --- a/docs/manual/mod/core.xml.ja +++ b/docs/manual/mod/core.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 669847:1584704 (outdated) --> +<!-- English Revision: 669847:1587884 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/core.xml.tr b/docs/manual/mod/core.xml.tr index 088b65734d..1a29a50236 100644 --- a/docs/manual/mod/core.xml.tr +++ b/docs/manual/mod/core.xml.tr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?> -<!-- English Revision: 1562488:1584704 (outdated) --> +<!-- English Revision: 1562488:1587884 (outdated) --> <!-- ===================================================== Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr> Reviewed by: Orhan Berent <berent belgeler.gen.tr> diff --git a/docs/manual/mod/directives.html.de b/docs/manual/mod/directives.html.de index 974e9430df..e3fd688816 100644 --- a/docs/manual/mod/directives.html.de +++ b/docs/manual/mod/directives.html.de @@ -139,6 +139,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 3191bee5e9..82944fe485 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -140,6 +140,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.es b/docs/manual/mod/directives.html.es index d2e8a4c1a2..eb8614ca2d 100644 --- a/docs/manual/mod/directives.html.es +++ b/docs/manual/mod/directives.html.es @@ -142,6 +142,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.fr b/docs/manual/mod/directives.html.fr index 5e6643cd3f..d9ea45e734 100644 --- a/docs/manual/mod/directives.html.fr +++ b/docs/manual/mod/directives.html.fr @@ -140,6 +140,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.ja.utf8 b/docs/manual/mod/directives.html.ja.utf8 index 8df22d7b12..0d4b135bd3 100644 --- a/docs/manual/mod/directives.html.ja.utf8 +++ b/docs/manual/mod/directives.html.ja.utf8 @@ -137,6 +137,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.ko.euc-kr b/docs/manual/mod/directives.html.ko.euc-kr index af96649826..8e98c6150f 100644 --- a/docs/manual/mod/directives.html.ko.euc-kr +++ b/docs/manual/mod/directives.html.ko.euc-kr @@ -137,6 +137,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.tr.utf8 b/docs/manual/mod/directives.html.tr.utf8 index d99a7a03c2..41af73a7e2 100644 --- a/docs/manual/mod/directives.html.tr.utf8 +++ b/docs/manual/mod/directives.html.tr.utf8 @@ -136,6 +136,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/directives.html.zh-cn.utf8 b/docs/manual/mod/directives.html.zh-cn.utf8 index 2358ae7173..f4b5d70ada 100644 --- a/docs/manual/mod/directives.html.zh-cn.utf8 +++ b/docs/manual/mod/directives.html.zh-cn.utf8 @@ -135,6 +135,8 @@ <li><a href="mod_authn_socache.html#authncachesocache">AuthnCacheSOCache</a></li> <li><a href="mod_authn_socache.html#authncachetimeout">AuthnCacheTimeout</a></li> <li><a href="mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> <li><a href="mod_authn_core.html#authtype">AuthType</a></li> <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li> <li><a href="mod_authz_dbd.html#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li> diff --git a/docs/manual/mod/index.html.de b/docs/manual/mod/index.html.de index e11e54ec57..18fbe0885e 100644 --- a/docs/manual/mod/index.html.de +++ b/docs/manual/mod/index.html.de @@ -92,6 +92,8 @@ HTTP headers</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.en b/docs/manual/mod/index.html.en index 126a5a67de..63582b0b63 100644 --- a/docs/manual/mod/index.html.en +++ b/docs/manual/mod/index.html.en @@ -88,6 +88,8 @@ HTTP headers</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.es b/docs/manual/mod/index.html.es index cdb70dede6..ecb69788b5 100644 --- a/docs/manual/mod/index.html.es +++ b/docs/manual/mod/index.html.es @@ -93,6 +93,8 @@ HTTP headers</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.fr b/docs/manual/mod/index.html.fr index 456060b9c5..49b10a0d88 100644 --- a/docs/manual/mod/index.html.fr +++ b/docs/manual/mod/index.html.fr @@ -95,6 +95,8 @@ DBM</dd> texte</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Gère un cache des données d'authentification pour diminuer la charge des serveurs d'arrière-plan</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Permet d'utiliser un annuaire LDAP pour l'authentification HTTP de base.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Autorisation basique</dd> @@ -168,7 +170,7 @@ HTTP</dd> Includes ou SSI)</dd> <dt><a href="mod_info.html">mod_info</a></dt><dd>Affiche une présentation complète de la configuration du serveur</dd> -<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>Extensions ISAPI au coeur d'Apache pour Windows</dd> +<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>Extensions ISAPI dans Apache pour Windows</dd> <dt><a href="mod_lbmethod_bybusyness.html" id="L" name="L">mod_lbmethod_bybusyness</a></dt><dd>Algorithme de planification avec répartition de charge de l'attribution des requêtes en attente pour le module <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code></dd> diff --git a/docs/manual/mod/index.html.ja.utf8 b/docs/manual/mod/index.html.ja.utf8 index 48934d00d1..912ba03a3f 100644 --- a/docs/manual/mod/index.html.ja.utf8 +++ b/docs/manual/mod/index.html.ja.utf8 @@ -86,6 +86,8 @@ CGI スクリプトを実行ã™ã‚‹æ©Ÿèƒ½ã‚’æä¾›</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>テã‚ストファイルを用ã„ãŸãƒ¦ãƒ¼ã‚¶èªè¨¼</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.ko.euc-kr b/docs/manual/mod/index.html.ko.euc-kr index 8ce388fe83..dc5846c070 100644 --- a/docs/manual/mod/index.html.ko.euc-kr +++ b/docs/manual/mod/index.html.ko.euc-kr @@ -85,6 +85,8 @@ address)</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>¹®ÀÚÆÄÀÏÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ÀÎÁõ</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.tr.utf8 b/docs/manual/mod/index.html.tr.utf8 index db2ceb6002..a660060c1f 100644 --- a/docs/manual/mod/index.html.tr.utf8 +++ b/docs/manual/mod/index.html.tr.utf8 @@ -84,6 +84,8 @@ HTTP headers</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/index.html.zh-cn.utf8 b/docs/manual/mod/index.html.zh-cn.utf8 index c1afbfcdab..016ce922c3 100644 --- a/docs/manual/mod/index.html.zh-cn.utf8 +++ b/docs/manual/mod/index.html.zh-cn.utf8 @@ -83,6 +83,8 @@ HTTP headers</dd> <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd> <dt><a href="mod_authn_socache.html">mod_authn_socache</a></dt><dd>Manages a cache of authentication credentials to relieve the load on backends</dd> +<dt><a href="mod_authnz_fcgi.html">mod_authnz_fcgi</a></dt><dd>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</dd> <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database for HTTP Basic authentication.</dd> <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd> diff --git a/docs/manual/mod/mod_authnz_fcgi.html b/docs/manual/mod/mod_authnz_fcgi.html new file mode 100644 index 0000000000..b45dc4a8ae --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.html @@ -0,0 +1,5 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: mod_authnz_fcgi.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 diff --git a/docs/manual/mod/mod_authnz_fcgi.html.en b/docs/manual/mod/mod_authnz_fcgi.html.en new file mode 100644 index 0000000000..c59aeebe0e --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.html.en @@ -0,0 +1,556 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>mod_authnz_fcgi - Apache HTTP Server</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body> +<div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.gif" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Modules</a></div> +<div id="page-content"> +<div id="preamble"><h1>Apache Module mod_authnz_fcgi</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p> +</div> +<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</td></tr> +<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authnz_fcgi_module</td></tr> +<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authnz_fcgi.c</td></tr></table> +<h3>Summary</h3> + + <p>This module allows FastCGI authorizer applications to + authenticate users and authorize access to resources. It supports + generic FastCGI authorizers which participate in a single phase + for authentication and authorization as well as Apache httpd-specific + authenticators and authorizors which participate in one or both + phases.</p> + + <p>FastCGI authorizers can authenticate using user id and password, + such as for Basic authentication, or can authenticate using arbitrary + mechanisms.</p> +</div> +<div id="quickview"><h3 class="directives">Directives</h3> +<ul id="toc"> +<li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li> +</ul> +<h3>Topics</h3> +<ul id="topics"> +<li><img alt="" src="../images/down.gif" /> <a href="#invocations">Invocation modes</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#examples">Additional examples</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#limitations">Limitations</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li> +</ul><h3>See also</h3> +<ul class="seealso"> +<li><a href="../howto/auth.html">Authentication, Authorization, +and Access Control</a></li> +<li><code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code></li> +<li><code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code></li> +</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="invocations" id="invocations">Invocation modes</a></h2> + + <p>The invocation modes for FastCGI authorizers supported by this + module are distinguished by two characteristics, <em>type</em> and + auth <em>mechanism</em>.</p> + + <p><em>Type</em> is simply <code>authn</code> for authentication, + <code>authz</code> for authorization, or <code>authnz</code> for + combined authentication and authorization.</p> + + <p>Auth <em>mechanism</em> refers to the Apache httpd configuration + mechanisms and processing phases, and can be <code> + AuthBasicProvider</code>, <code>Require</code>, or <code> + check_user_id</code>. The first two of these + correspond to the directives used to enable participation in the + appropriate processing phase.</p> + + <p>Descriptions of each mode:</p> + + <dl> + <dt><em>Type</em> <code>authn</code>, <em>mechanism</em> + <code>AuthBasicProvider</code></dt> + + <dd>In this mode, + <code>FCGI_ROLE</code> is set to <code>AUTHORIZER</code> and + <code>FCGI_APACHE_ROLE</code> is set to <code>AUTHENTICATOR</code>. + The application must be defined as provider type <em>authn</em> + using <code class="directive"><a href="#authnzfcgidefineprovider"> + AuthnzFcgiDefineProvider</a></code> and enabled with + <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>. + When invoked, the application is + expected to authenticate the client using the provided user id and + password. Example application: + +<pre class="prettyprint lang-perl">#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" ) { + print "Status: 200\n"; + print "Variable-AUTHN_1: authn_01\n"; + print "Variable-AUTHN_2: authn_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + } +}</pre> + + + Example configuration: +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/ +<Location /protected/> + AuthType Basic + AuthName "Restricted" + AuthBasicProvider FooAuthn + Require ... +</Location></pre> + + </dd> + + <dt><em>Type</em> <code>authz</code>, <em>mechanism</em> + <code>Require</code></dt> + <dd>In this mode, <code>FCGI_ROLE</code> is set to <code> + AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to + <code>AUTHORIZER</code>. The application must be defined as + provider type <em>authz</em> using <code class="directive"><a href="#authnzfcgidefineprovider"> + AuthnzFcgiDefineProvider</a></code>. When invoked, the application + is expected to authorize the client using the provided user id and other + request data. Example application: +<pre class="prettyprint lang-perl">#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if $ENV{'REMOTE_PASSWD'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ($ENV{'REMOTE_USER'} eq "foo1") { + print "Status: 200\n"; + print "Variable-AUTHZ_1: authz_01\n"; + print "Variable-AUTHZ_2: authz_02\n"; + print "\n"; + } + else { + print "Status: 403\n\n"; + } +}</pre> + + + Example configuration: +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/ +<Location /protected/> + AuthType ... + AuthName ... + AuthBasicProvider ... + Require FooAuthz +</Location></pre> + + </dd> + + <dt><em>Type</em> <code>authnz</code>, <em>mechanism</em> + <code>AuthBasicProvider</code> <em>+</em> <code>Require</code></dt> + + <dd>In this mode, which supports the web server-agnostic FastCGI + <code>AUTHORIZER</code> protocol, <code>FCGI_ROLE</code> is set to + <code>AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is not set. + The application must be defined as provider type <em>authnz</em> + using <code class="directive"><a href="#authnzfcgidefineprovider"> + AuthnzFcgiDefineProvider</a></code>. The application is expected to + handle both authentication and authorization in the same invocation + using the user id, password, and other request data. The invocation + occurs during the Apache httpd API authentication phase. If the + application returns 200 and the same provider is invoked during the + authorization phase (via <code class="directive">Require</code>), mod_authnz_fcgi + will return success for the authorization phase without invoking the + application. Example application: +<pre class="prettyprint lang-perl">#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'}; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" && + $ENV{'REQUEST_URI'} =~ m%/bar/.*%) { + print "Status: 200\n"; + print "Variable-AUTHNZ_1: authnz_01\n"; + print "Variable-AUTHNZ_2: authnz_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + } +}</pre> + + + Example configuration: +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/ +<Location /protected/> + AuthType Basic + AuthName "Restricted" + AuthBasicProvider FooAuthnz + Require FooAuthnz +</Location></pre> + + </dd> + + <dt><em>Type</em> <code>authn</code>, <em>mechanism</em> + <code>check_user_id</code></dt> + + <dd>In this mode, <code>FCGI_ROLE</code> is set to <code> + AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to + <code>AUTHENTICATOR</code>. The application must be defined as + provider type <em>authn</em> using <code class="directive"><a href="#authnzfcgidefineprovider"> + AuthnzFcgiDefineProvider</a></code>. <code class="directive"><a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></code> + specifies when it is called. Example application: +<pre class="prettyprint lang-perl">#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + + # This authorizer assumes that the RequireBasicAuth option of + # AuthnzFcgiCheckAuthnProvider is On: + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" ) { + print "Status: 200\n"; + print "Variable-AUTHNZ_1: authnz_01\n"; + print "Variable-AUTHNZ_2: authnz_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + # If a response body is written here, it will be returned to + # the client. + } +}</pre> + + + Example configuration: +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/ +<Location /protected/> + AuthType ... + AuthName ... + AuthnzFcgiCheckAuthnProvider FooAuthn \ + Authoritative On \ + RequireBasicAuth Off \ + UserExpr "%{reqenv:REMOTE_USER}" + Require ... +</Location></pre> + + </dd> + + </dl> + +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="examples" id="examples">Additional examples</a></h2> + + <ol> + <li>If your application supports the separate authentication and + authorization roles (<code>AUTHENTICATOR</code> and <code>AUTHORIZER</code>), define + separate providers as follows, even if they map to the same + application: + +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/ +AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10102/</pre> + + + Specify the authn provider on + <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> + and the authz provider on + <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>: + +<pre class="prettyprint lang-config">AuthType Basic +AuthName "Restricted" +AuthBasicProvider FooAuthn +Require FooAuthz</pre> + + </li> + + <li>If your application supports the generic <code>AUTHORIZER</code> role + (authentication and authorizer in one invocation), define a + single provider as follows: + +<pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/</pre> + + + Specify the authnz provider on both <code class="directive">AuthBasicProvider</code> + and <code class="directive">Require</code>: + +<pre class="prettyprint lang-config">AuthType Basic +AuthName "Restricted" +AuthBasicProvider FooAuthnz +Require FooAuthnz</pre> + + </li> +</ol> +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="limitations" id="limitations">Limitations</a></h2> + + <p>The following are potential features which are not currently + implemented:</p> + + <dl> + <dt>Apache httpd access checker</dt> + <dd>The Apache httpd API <em>access check</em> phase is a separate + phase from authentication and authorization. Some other FastCGI + implementations implement this phase, which is denoted by the + setting of <code>FCGI_APACHE_ROLE</code> to <code>ACCESS_CHECKER</code>.</dd> + + <dt>Local (Unix) sockets or pipes</dt> + <dd>Only TCP sockets are currently supported.</dd> + + <dt>Support for mod_authn_socache</dt> + <dd>mod_authn_socache interaction should be implemented for + applications which participate in Apache httpd-style + authentication.</dd> + + <dt>Support for digest authentication using AuthDigestProvider</dt> + <dd>This is expected to be a permanent limitation as there is + no authorizer flow for retrieving a hash.</dd> + + <dt>Application process management</dt> + <dd>This is expected to be permanently out of scope for + this module. Application processes must be controlled by + other means. For example, <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code> can be used to + start them.</dd> + + <dt>AP_AUTH_INTERNAL_PER_URI</dt> + <dd>All providers are currently registered as + AP_AUTH_INTERNAL_PER_CONF, which means that checks are not + performed again for internal subrequests with the same + access control configuration as the initial request.</dd> + + <dt>Protocol data charset conversion</dt> + <dd>If mod_authnz_fcgi runs in an EBCDIC compilation + environment, all FastCGI protocol data is written in EBCDIC + and expected to be received in EBCDIC.</dd> + + <dt>Multiple requests per connection</dt> + <dd>Currently the connection to the FastCGI authorizer is + closed after every phase of processing. For example, if the + authorizer handles separate <em>authn</em> and <em>authz</em> + phases then two connections will be used.</dd> + + <dt>URI Mapping</dt> + <dd>URIs from clients can't be mapped, such as with the <code class="directive"> + ProxyPass</code> used with FastCGI responders.</dd> + + </dl> + +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="logging" id="logging">Logging</a></h2> + + <ol> + <li>Processing errors are logged at log level <code>error</code> + and higher.</li> + <li>Messages written by the application are logged at log + level <code>warn</code>.</li> + <li>General messages for debugging are logged at log level + <code>debug</code>.</li> + <li>Environment variables passed to the application are + logged at log level <code>trace2</code>. The value of the + <code>REMOTE_PASSWD</code> variable will be obscured, + but <strong>any other sensitive data will be visible in the + log</strong>.</li> + <li>All I/O between the module and the FastCGI application, + including all environment variables, will be logged in printable + and hex format at log level <code>trace5</code>. <strong>All + sensitive data will be visible in the log.</strong></li> + </ol> + + <p><code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> can be used + to configure a log level specific to mod_authnz_fcgi. For + example:</p> + +<pre class="prettyprint lang-config">LogLevel info authnz_fcgi:trace8</pre> + + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="AuthnzFcgiCheckAuthnProvider" id="AuthnzFcgiCheckAuthnProvider">AuthnzFcgiCheckAuthnProvider</a> <a name="authnzfcgicheckauthnprovider" id="authnzfcgicheckauthnprovider">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr> +</table> + <p>This directive is used to enable a FastCGI authorizer to + handle a specific processing phase of authentication or + authorization.</p> + + <p>Some capabilities of FastCGI authorizers require enablement + using this directive instead of + <code class="directive">AuthBasicProvider</code>:</p> + + <ul> + <li>Non-Basic authentication; generally, determining the user + id of the client and returning it from the authorizer; see the + <code>UserExpr</code> option below</li> + <li>Selecting a custom response code; for a non-200 response + from the authorizer, the code from the authorizer will be the + status of the response</li> + <li>Setting the body of a non-200 response; if the authorizer + provides a response body with a non-200 response, that body + will be returned to the client; up to 8192 bytes of text are + supported</li> + </ul> + + <dl> + <dt><em>provider-name</em></dt> + <dd>This is the name of a provider defined with <code class="directive"> + AuthnzFcgiDefineProvider</code>.</dd> + + <dt><code>None</code></dt> + <dd>Specify <code>None</code> to disable a provider enabled + with this directive in an outer scope, such as in a parent + directory.</dd> + + <dt><em>option</em></dt> + <dd>The following options are supported: + + <dl> + <dt>Authoritative On|Off (default On)</dt> + <dd>This controls whether or not other modules are allowed + to run when this module has a FastCGI authorizer configured + and it fails the request.</dd> + + <dt>DefaultUser <em>userid</em></dt> + <dd>When the authorizer returns success and <code>UserExpr</code> + is configured and evaluates to an empty string (e.g., authorizer + didn't return a variable), this value will be used as the user + id. This is typically used when the authorizer has a concept of + guest, or unauthenticated, users and guest users are mapped to + some specific user id for logging and other purposes.</dd> + + <dt>RequireBasicAuth On|Off (default Off)</dt> + <dd>This controls whether or not Basic auth is required + before passing the request to the authorizer. If required, + the authorizer won't be invoked without a user id and + password; 401 will be returned for a request without that.</dd> + + <dt>UserExpr <em>expr</em> (no default)</dt> + <dd>When Basic authentication isn't provided by the client + and the authorizer determines the user, this expression, + evaluated after calling the authorizer, determines the + user. The expression follows <a href="../expr.html"> + ap_expr syntax</a> and must resolve to a string. A typical + use is to reference a <code>Variable-<em>XXX</em></code> + setting returned by the authorizer using an option like + <code>UserExpr "%{reqenv:<em>XXX</em>}"</code>. If + this option is specified and the user id can't be retrieved + using the expression after a successful authentication, the + request will be rejected with a 500 error.</dd> + + </dl> + </dd> + </dl> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="AuthnzFcgiDefineProvider" id="AuthnzFcgiDefineProvider">AuthnzFcgiDefineProvider</a> <a name="authnzfcgidefineprovider" id="authnzfcgidefineprovider">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr> +</table> + <p>This directive is used to define a FastCGI application as + a provider for a particular phase of authentication or + authorization.</p> + + <dl> + <dt><em>type</em></dt> + <dd>This must be set to <em>authn</em> for authentication, + <em>authz</em> for authentication, or <em>authnz</em> for + a generic FastCGI authorizer which performs both checks.</dd> + + <dt><em>provider-name</em></dt> + <dd>This is used to assign a name to the provider which is + used in other directives such as + <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> + and + <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>.</dd> + + <dt><em>backend-address</em></dt> + <dd>This specifies the address of the application, in the form + <em>fcgi://hostname:port/</em>. The application process(es) + must be managed independently, such as with + <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code>.</dd> + </dl> + +</div> +</div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_authnz_fcgi.xml b/docs/manual/mod/mod_authnz_fcgi.xml new file mode 100644 index 0000000000..e04e0d0ab6 --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.xml @@ -0,0 +1,523 @@ +<?xml version="1.0"?> +<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> +<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> +<!-- $LastChangedRevision:$ --> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<modulesynopsis metafile="mod_authnz_fcgi.xml.meta"> + +<name>mod_authnz_fcgi</name> +<description>Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization</description> +<status>Extension</status> +<sourcefile>mod_authnz_fcgi.c</sourcefile> +<identifier>authnz_fcgi_module</identifier> + +<summary> + <p>This module allows FastCGI authorizer applications to + authenticate users and authorize access to resources. It supports + generic FastCGI authorizers which participate in a single phase + for authentication and authorization as well as Apache httpd-specific + authenticators and authorizors which participate in one or both + phases.</p> + + <p>FastCGI authorizers can authenticate using user id and password, + such as for Basic authentication, or can authenticate using arbitrary + mechanisms.</p> +</summary> + +<seealso><a href="../howto/auth.html">Authentication, Authorization, +and Access Control</a></seealso> +<seealso><module>mod_auth_basic</module></seealso> +<seealso><program>fcgistarter</program></seealso> + +<section id="invocations"><title>Invocation modes</title> + + <p>The invocation modes for FastCGI authorizers supported by this + module are distinguished by two characteristics, <em>type</em> and + auth <em>mechanism</em>.</p> + + <p><em>Type</em> is simply <code>authn</code> for authentication, + <code>authz</code> for authorization, or <code>authnz</code> for + combined authentication and authorization.</p> + + <p>Auth <em>mechanism</em> refers to the Apache httpd configuration + mechanisms and processing phases, and can be <code> + AuthBasicProvider</code>, <code>Require</code>, or <code> + check_user_id</code>. The first two of these + correspond to the directives used to enable participation in the + appropriate processing phase.</p> + + <p>Descriptions of each mode:</p> + + <dl> + <dt><em>Type</em> <code>authn</code>, <em>mechanism</em> + <code>AuthBasicProvider</code></dt> + + <dd>In this mode, + <code>FCGI_ROLE</code> is set to <code>AUTHORIZER</code> and + <code>FCGI_APACHE_ROLE</code> is set to <code>AUTHENTICATOR</code>. + The application must be defined as provider type <em>authn</em> + using <directive module="mod_authnz_fcgi"> + AuthnzFcgiDefineProvider</directive> and enabled with + <directive module="mod_auth_basic">AuthBasicProvider</directive>. + When invoked, the application is + expected to authenticate the client using the provided user id and + password. Example application: + +<highlight language="perl"> +#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" ) { + print "Status: 200\n"; + print "Variable-AUTHN_1: authn_01\n"; + print "Variable-AUTHN_2: authn_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + } +} +</highlight> + + Example configuration: +<highlight language="config"> +AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/ +<Location /protected/> + AuthType Basic + AuthName "Restricted" + AuthBasicProvider FooAuthn + Require ... +</Location> +</highlight> + </dd> + + <dt><em>Type</em> <code>authz</code>, <em>mechanism</em> + <code>Require</code></dt> + <dd>In this mode, <code>FCGI_ROLE</code> is set to <code> + AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to + <code>AUTHORIZER</code>. The application must be defined as + provider type <em>authz</em> using <directive module="mod_authnz_fcgi"> + AuthnzFcgiDefineProvider</directive>. When invoked, the application + is expected to authorize the client using the provided user id and other + request data. Example application: +<highlight language="perl"> +#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if $ENV{'REMOTE_PASSWD'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ($ENV{'REMOTE_USER'} eq "foo1") { + print "Status: 200\n"; + print "Variable-AUTHZ_1: authz_01\n"; + print "Variable-AUTHZ_2: authz_02\n"; + print "\n"; + } + else { + print "Status: 403\n\n"; + } +} +</highlight> + + Example configuration: +<highlight language="config"> +AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/ +<Location /protected/> + AuthType ... + AuthName ... + AuthBasicProvider ... + Require FooAuthz +</Location> +</highlight> + </dd> + + <dt><em>Type</em> <code>authnz</code>, <em>mechanism</em> + <code>AuthBasicProvider</code> <em>+</em> <code>Require</code></dt> + + <dd>In this mode, which supports the web server-agnostic FastCGI + <code>AUTHORIZER</code> protocol, <code>FCGI_ROLE</code> is set to + <code>AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is not set. + The application must be defined as provider type <em>authnz</em> + using <directive module="mod_authnz_fcgi"> + AuthnzFcgiDefineProvider</directive>. The application is expected to + handle both authentication and authorization in the same invocation + using the user id, password, and other request data. The invocation + occurs during the Apache httpd API authentication phase. If the + application returns 200 and the same provider is invoked during the + authorization phase (via <directive>Require</directive>), mod_authnz_fcgi + will return success for the authorization phase without invoking the + application. Example application: +<highlight language="perl"> +#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'}; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" && + $ENV{'REQUEST_URI'} =~ m%/bar/.*%) { + print "Status: 200\n"; + print "Variable-AUTHNZ_1: authnz_01\n"; + print "Variable-AUTHNZ_2: authnz_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + } +} +</highlight> + + Example configuration: +<highlight language="config"> +AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/ +<Location /protected/> + AuthType Basic + AuthName "Restricted" + AuthBasicProvider FooAuthnz + Require FooAuthnz +</Location> +</highlight> + </dd> + + <dt><em>Type</em> <code>authn</code>, <em>mechanism</em> + <code>check_user_id</code></dt> + + <dd>In this mode, <code>FCGI_ROLE</code> is set to <code> + AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to + <code>AUTHENTICATOR</code>. The application must be defined as + provider type <em>authn</em> using <directive module="mod_authnz_fcgi"> + AuthnzFcgiDefineProvider</directive>. <directive + module="mod_authnz_fcgi">AuthnzFcgiCheckAuthnProvider</directive> + specifies when it is called. Example application: +<highlight language="perl"> +#!/usr/bin/perl +use FCGI; +while (FCGI::accept >= 0) { + die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR"; + die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER"; + + # This authorizer assumes that the RequireBasicAuth option of + # AuthnzFcgiCheckAuthnProvider is On: + die if !$ENV{'REMOTE_PASSWD'}; + die if !$ENV{'REMOTE_USER'}; + + print STDERR "This text is written to the web server error log.\n"; + + if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") && + $ENV{'REMOTE_PASSWD'} eq "bar" ) { + print "Status: 200\n"; + print "Variable-AUTHNZ_1: authnz_01\n"; + print "Variable-AUTHNZ_2: authnz_02\n"; + print "\n"; + } + else { + print "Status: 401\n\n"; + # If a response body is written here, it will be returned to + # the client. + } +} +</highlight> + + Example configuration: +<highlight language="config"> +AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/ +<Location /protected/> + AuthType ... + AuthName ... + AuthnzFcgiCheckAuthnProvider FooAuthn \ + Authoritative On \ + RequireBasicAuth Off \ + UserExpr "%{reqenv:REMOTE_USER}" + Require ... +</Location> +</highlight> + </dd> + + </dl> + +</section> + +<section id="examples"><title>Additional examples</title> + + <ol> + <li>If your application supports the separate authentication and + authorization roles (<code>AUTHENTICATOR</code> and <code>AUTHORIZER</code>), define + separate providers as follows, even if they map to the same + application: + +<highlight language="config"> +AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/ +AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10102/ +</highlight> + + Specify the authn provider on + <directive module="mod_auth_basic">AuthBasicProvider</directive> + and the authz provider on + <directive module="mod_authz_core">Require</directive>: + +<highlight language="config"> +AuthType Basic +AuthName "Restricted" +AuthBasicProvider FooAuthn +Require FooAuthz +</highlight> + </li> + + <li>If your application supports the generic <code>AUTHORIZER</code> role + (authentication and authorizer in one invocation), define a + single provider as follows: + +<highlight language="config"> +AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/ +</highlight> + + Specify the authnz provider on both <directive>AuthBasicProvider</directive> + and <directive>Require</directive>: + +<highlight language="config"> +AuthType Basic +AuthName "Restricted" +AuthBasicProvider FooAuthnz +Require FooAuthnz +</highlight> + </li> +</ol> +</section> + +<section id="limitations"><title>Limitations</title> + + <p>The following are potential features which are not currently + implemented:</p> + + <dl> + <dt>Apache httpd access checker</dt> + <dd>The Apache httpd API <em>access check</em> phase is a separate + phase from authentication and authorization. Some other FastCGI + implementations implement this phase, which is denoted by the + setting of <code>FCGI_APACHE_ROLE</code> to <code>ACCESS_CHECKER</code>.</dd> + + <dt>Local (Unix) sockets or pipes</dt> + <dd>Only TCP sockets are currently supported.</dd> + + <dt>Support for mod_authn_socache</dt> + <dd>mod_authn_socache interaction should be implemented for + applications which participate in Apache httpd-style + authentication.</dd> + + <dt>Support for digest authentication using AuthDigestProvider</dt> + <dd>This is expected to be a permanent limitation as there is + no authorizer flow for retrieving a hash.</dd> + + <dt>Application process management</dt> + <dd>This is expected to be permanently out of scope for + this module. Application processes must be controlled by + other means. For example, <program>fcgistarter</program> can be used to + start them.</dd> + + <dt>AP_AUTH_INTERNAL_PER_URI</dt> + <dd>All providers are currently registered as + AP_AUTH_INTERNAL_PER_CONF, which means that checks are not + performed again for internal subrequests with the same + access control configuration as the initial request.</dd> + + <dt>Protocol data charset conversion</dt> + <dd>If mod_authnz_fcgi runs in an EBCDIC compilation + environment, all FastCGI protocol data is written in EBCDIC + and expected to be received in EBCDIC.</dd> + + <dt>Multiple requests per connection</dt> + <dd>Currently the connection to the FastCGI authorizer is + closed after every phase of processing. For example, if the + authorizer handles separate <em>authn</em> and <em>authz</em> + phases then two connections will be used.</dd> + + <dt>URI Mapping</dt> + <dd>URIs from clients can't be mapped, such as with the <directive> + ProxyPass</directive> used with FastCGI responders.</dd> + + </dl> + +</section> + +<section id="logging"><title>Logging</title> + + <ol> + <li>Processing errors are logged at log level <code>error</code> + and higher.</li> + <li>Messages written by the application are logged at log + level <code>warn</code>.</li> + <li>General messages for debugging are logged at log level + <code>debug</code>.</li> + <li>Environment variables passed to the application are + logged at log level <code>trace2</code>. The value of the + <code>REMOTE_PASSWD</code> variable will be obscured, + but <strong>any other sensitive data will be visible in the + log</strong>.</li> + <li>All I/O between the module and the FastCGI application, + including all environment variables, will be logged in printable + and hex format at log level <code>trace5</code>. <strong>All + sensitive data will be visible in the log.</strong></li> + </ol> + + <p><directive module="core">LogLevel</directive> can be used + to configure a log level specific to mod_authnz_fcgi. For + example:</p> + +<highlight language="config"> +LogLevel info authnz_fcgi:trace8 +</highlight> + +</section> + +<directivesynopsis> +<name>AuthnzFcgiDefineProvider</name> +<description>Defines a FastCGI application as a provider for +authentication and/or authorization</description> +<syntax>AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></syntax> +<default>none</default> +<contextlist><context>server config</context></contextlist> +<usage> + <p>This directive is used to define a FastCGI application as + a provider for a particular phase of authentication or + authorization.</p> + + <dl> + <dt><em>type</em></dt> + <dd>This must be set to <em>authn</em> for authentication, + <em>authz</em> for authentication, or <em>authnz</em> for + a generic FastCGI authorizer which performs both checks.</dd> + + <dt><em>provider-name</em></dt> + <dd>This is used to assign a name to the provider which is + used in other directives such as + <directive module="mod_auth_basic">AuthBasicProvider</directive> + and + <directive module="mod_authz_core">Require</directive>.</dd> + + <dt><em>backend-address</em></dt> + <dd>This specifies the address of the application, in the form + <em>fcgi://hostname:port/</em>. The application process(es) + must be managed independently, such as with + <program>fcgistarter</program>.</dd> + </dl> +</usage> +</directivesynopsis> + +<directivesynopsis> +<name>AuthnzFcgiCheckAuthnProvider</name> +<description>Enables a FastCGI application to handle the check_authn +authentication hook.</description> +<syntax>AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</syntax> +<default>none</default> +<contextlist><context>directory</context></contextlist> +<usage> + <p>This directive is used to enable a FastCGI authorizer to + handle a specific processing phase of authentication or + authorization.</p> + + <p>Some capabilities of FastCGI authorizers require enablement + using this directive instead of + <directive>AuthBasicProvider</directive>:</p> + + <ul> + <li>Non-Basic authentication; generally, determining the user + id of the client and returning it from the authorizer; see the + <code>UserExpr</code> option below</li> + <li>Selecting a custom response code; for a non-200 response + from the authorizer, the code from the authorizer will be the + status of the response</li> + <li>Setting the body of a non-200 response; if the authorizer + provides a response body with a non-200 response, that body + will be returned to the client; up to 8192 bytes of text are + supported</li> + </ul> + + <dl> + <dt><em>provider-name</em></dt> + <dd>This is the name of a provider defined with <directive> + AuthnzFcgiDefineProvider</directive>.</dd> + + <dt><code>None</code></dt> + <dd>Specify <code>None</code> to disable a provider enabled + with this directive in an outer scope, such as in a parent + directory.</dd> + + <dt><em>option</em></dt> + <dd>The following options are supported: + + <dl> + <dt>Authoritative On|Off (default On)</dt> + <dd>This controls whether or not other modules are allowed + to run when this module has a FastCGI authorizer configured + and it fails the request.</dd> + + <dt>DefaultUser <em>userid</em></dt> + <dd>When the authorizer returns success and <code>UserExpr</code> + is configured and evaluates to an empty string (e.g., authorizer + didn't return a variable), this value will be used as the user + id. This is typically used when the authorizer has a concept of + guest, or unauthenticated, users and guest users are mapped to + some specific user id for logging and other purposes.</dd> + + <dt>RequireBasicAuth On|Off (default Off)</dt> + <dd>This controls whether or not Basic auth is required + before passing the request to the authorizer. If required, + the authorizer won't be invoked without a user id and + password; 401 will be returned for a request without that.</dd> + + <dt>UserExpr <em>expr</em> (no default)</dt> + <dd>When Basic authentication isn't provided by the client + and the authorizer determines the user, this expression, + evaluated after calling the authorizer, determines the + user. The expression follows <a href="../expr.html"> + ap_expr syntax</a> and must resolve to a string. A typical + use is to reference a <code>Variable-<em>XXX</em></code> + setting returned by the authorizer using an option like + <code>UserExpr "%{reqenv:<em>XXX</em>}"</code>. If + this option is specified and the user id can't be retrieved + using the expression after a successful authentication, the + request will be rejected with a 500 error.</dd> + + </dl> + </dd> + </dl> +</usage> +</directivesynopsis> + +</modulesynopsis> diff --git a/docs/manual/mod/mod_authnz_fcgi.xml.meta b/docs/manual/mod/mod_authnz_fcgi.xml.meta new file mode 100644 index 0000000000..9ce87949f2 --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.xml.meta @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- GENERATED FROM XML: DO NOT EDIT --> + +<metafile reference="mod_authnz_fcgi.xml"> + <basename>mod_authnz_fcgi</basename> + <path>/mod/</path> + <relpath>..</relpath> + + <variants> + <variant>en</variant> + </variants> +</metafile> diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en index 58bf9c3c4b..c32bab5c2e 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.en +++ b/docs/manual/mod/mod_authnz_ldap.html.en @@ -35,7 +35,7 @@ for HTTP Basic authentication.</td></tr> <tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.1 and later</td></tr></table> <h3>Summary</h3> - <p>This module provides authentication front-ends such as + <p>This module allows authentication front-ends such as <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> to authenticate users through an ldap directory.</p> @@ -350,7 +350,7 @@ for HTTP Basic authentication.</td></tr> <code>ldap-filter</code>. Other authorization types may also be used but may require that additional authorization modules be loaded.</p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the LDAP require directives.</p> <h3><a name="requser" id="requser">Require ldap-user</a></h3> @@ -848,7 +848,7 @@ authorization</td></tr> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.4.6.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><em>exec:</em> was added in 2.4.5.</td></tr> </table> <p>A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be @@ -858,14 +858,15 @@ authorization</td></tr> <p>If the value begins with exec: the resulting command will be executed and the first line returned to standard output by the program will be used as the password.</p> -<div class="example"><pre>#Password used as-is +<pre class="prettyprint lang-config">#Password used as-is AuthLDAPBindPassword secret #Run /path/to/program to get my password AuthLDAPBindPassword exec:/path/to/program #Run /path/to/otherProgram and provide arguments -AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre></div> +AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"</pre> + </div> diff --git a/docs/manual/mod/mod_authnz_ldap.html.fr b/docs/manual/mod/mod_authnz_ldap.html.fr index 1fe91d3031..dcecb930d5 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.fr +++ b/docs/manual/mod/mod_authnz_ldap.html.fr @@ -27,6 +27,8 @@ <p><span>Langues Disponibles: </span><a href="../en/mod/mod_authnz_ldap.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/mod/mod_authnz_ldap.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Permet d'utiliser un annuaire LDAP pour l'authentification HTTP de base.</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> diff --git a/docs/manual/mod/mod_authnz_ldap.xml.fr b/docs/manual/mod/mod_authnz_ldap.xml.fr index 0549a1b454..2a84e2840e 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml.fr +++ b/docs/manual/mod/mod_authnz_ldap.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1555539 --> +<!-- English Revision: 1555539:1587324 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authnz_ldap.xml.meta b/docs/manual/mod/mod_authnz_ldap.xml.meta index 4ec661a32d..7a6a237d9a 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml.meta +++ b/docs/manual/mod/mod_authnz_ldap.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en index 431ad7e25a..4ed0fe46c1 100644 --- a/docs/manual/mod/mod_authz_dbd.html.en +++ b/docs/manual/mod/mod_authz_dbd.html.en @@ -58,7 +58,7 @@ <ul id="topics"> <li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#login">Database Login</a></li> -<li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#client">Client Login integration</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#example">Configuration example</a></li> </ul><h3>See also</h3> <ul class="seealso"> @@ -79,7 +79,7 @@ authorization types with <code>dbd-group</code>, <code>dbd-login</code> and <code>dbd-logout</code>.</p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the DBD require directives.</p> <h3><a name="reqgroup" id="reqgroup">Require dbd-group</a></h3> @@ -132,13 +132,13 @@ supplying the necessary credentials).</p> For usage details, see the configuration example below.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> -<h2><a name="client" id="client">Client Login</a></h2> +<h2><a name="client" id="client">Client Login integration</a></h2> <p>Some administrators may wish to implement client-side session management that works in concert with the server-side login/logout capabilities offered by this module, for example, by setting or unsetting -an HTTP cookie or other such token when a user logs in or out. -To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an +an HTTP cookie or other such token when a user logs in or out.</p> +<p>To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an optional hook that will be run whenever a user's status is updated in the database. Other session management modules can then use the hook to implement functions that start and end client-side sessions.</p> diff --git a/docs/manual/mod/mod_authz_dbd.html.fr b/docs/manual/mod/mod_authz_dbd.html.fr index c8ac9d977e..ad9d39ab6e 100644 --- a/docs/manual/mod/mod_authz_dbd.html.fr +++ b/docs/manual/mod/mod_authz_dbd.html.fr @@ -27,6 +27,8 @@ <p><span>Langues Disponibles: </span><a href="../en/mod/mod_authz_dbd.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/mod/mod_authz_dbd.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation en groupe et reconnaissance d'identité avec base SQL</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> diff --git a/docs/manual/mod/mod_authz_dbd.xml.fr b/docs/manual/mod/mod_authz_dbd.xml.fr index f924484b8b..9fe54645bf 100644 --- a/docs/manual/mod/mod_authz_dbd.xml.fr +++ b/docs/manual/mod/mod_authz_dbd.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1555540 --> +<!-- English Revision: 1555540:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authz_dbd.xml.meta b/docs/manual/mod/mod_authz_dbd.xml.meta index 691db29ca9..8789f3f9ef 100644 --- a/docs/manual/mod/mod_authz_dbd.xml.meta +++ b/docs/manual/mod/mod_authz_dbd.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en index 0ff0316b1b..3e2531e751 100644 --- a/docs/manual/mod/mod_authz_dbm.html.en +++ b/docs/manual/mod/mod_authz_dbm.html.en @@ -62,7 +62,7 @@ a user is allowed to access a resource. mod_authz_dbm extends the authorization types with <code>dbm-group</code>.</p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the DBM require directives.</p> <h3><a name="reqgroup" id="reqgroup">Require dbm-group</a></h3> diff --git a/docs/manual/mod/mod_authz_dbm.html.fr b/docs/manual/mod/mod_authz_dbm.html.fr index e5c6a360be..62181aba89 100644 --- a/docs/manual/mod/mod_authz_dbm.html.fr +++ b/docs/manual/mod/mod_authz_dbm.html.fr @@ -28,6 +28,8 @@ <a href="../fr/mod/mod_authz_dbm.html" title="Français"> fr </a> | <a href="../ko/mod/mod_authz_dbm.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur les groupes à l'aide de fichiers DBM</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> diff --git a/docs/manual/mod/mod_authz_dbm.xml.fr b/docs/manual/mod/mod_authz_dbm.xml.fr index 07c70b09e6..2d46650f0e 100644 --- a/docs/manual/mod/mod_authz_dbm.xml.fr +++ b/docs/manual/mod/mod_authz_dbm.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision: 1555541 --> +<!-- English Revision: 1555541:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authz_dbm.xml.ko b/docs/manual/mod/mod_authz_dbm.xml.ko index 46642da375..3debe19593 100644 --- a/docs/manual/mod/mod_authz_dbm.xml.ko +++ b/docs/manual/mod/mod_authz_dbm.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 111480:1555541 (outdated) --> +<!-- English Revision: 111480:1587031 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_authz_dbm.xml.meta b/docs/manual/mod/mod_authz_dbm.xml.meta index c1c330875b..17b3985417 100644 --- a/docs/manual/mod/mod_authz_dbm.xml.meta +++ b/docs/manual/mod/mod_authz_dbm.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ko</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_authz_groupfile.html.en b/docs/manual/mod/mod_authz_groupfile.html.en index ae495f7bdc..db9b01df5c 100644 --- a/docs/manual/mod/mod_authz_groupfile.html.en +++ b/docs/manual/mod/mod_authz_groupfile.html.en @@ -62,7 +62,7 @@ authorization types with <code>group</code> and <code>group-file</code>. </p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the groupfile require directives.</p> <h3><a name="reqgroup" id="reqgroup">Require group</a></h3> diff --git a/docs/manual/mod/mod_authz_groupfile.html.fr b/docs/manual/mod/mod_authz_groupfile.html.fr index 7d5925983d..ce402d67e3 100644 --- a/docs/manual/mod/mod_authz_groupfile.html.fr +++ b/docs/manual/mod/mod_authz_groupfile.html.fr @@ -29,6 +29,8 @@ <a href="../ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="../ko/mod/mod_authz_groupfile.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur les groupes à l'aide de fichiers textes</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr> diff --git a/docs/manual/mod/mod_authz_groupfile.xml.fr b/docs/manual/mod/mod_authz_groupfile.xml.fr index a0ac51d178..7dc4bffdc0 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml.fr +++ b/docs/manual/mod/mod_authz_groupfile.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1555543 --> +<!-- English Revision: 1555543:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authz_groupfile.xml.ja b/docs/manual/mod/mod_authz_groupfile.xml.ja index a7d725591e..563b7d19ed 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml.ja +++ b/docs/manual/mod/mod_authz_groupfile.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 574882:1555543 (outdated) --> +<!-- English Revision: 574882:1587031 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_authz_groupfile.xml.ko b/docs/manual/mod/mod_authz_groupfile.xml.ko index e86d9490c0..9df5c9d87d 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml.ko +++ b/docs/manual/mod/mod_authz_groupfile.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 151408:1555543 (outdated) --> +<!-- English Revision: 151408:1587031 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_authz_groupfile.xml.meta b/docs/manual/mod/mod_authz_groupfile.xml.meta index 89964f81c0..b0b9f93f29 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml.meta +++ b/docs/manual/mod/mod_authz_groupfile.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> </variants> diff --git a/docs/manual/mod/mod_authz_host.html.en b/docs/manual/mod/mod_authz_host.html.en index 74048f2881..4a4559374b 100644 --- a/docs/manual/mod/mod_authz_host.html.en +++ b/docs/manual/mod/mod_authz_host.html.en @@ -79,7 +79,7 @@ address)</td></tr> access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.</p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the host require directives.</p> <h3><a name="reqip" id="reqip">Require ip</a></h3> @@ -162,6 +162,7 @@ Require host .net example.edu</pre> <h3><a name="reqlocal" id="reqlocal">Require local</a></h3> + <p>The <code>local</code> provider allows access to the server if any of the following conditions is true:</p> @@ -179,6 +180,7 @@ Require host .net example.edu</pre> + <h3><a name="proxy" id="proxy">Security Note</a></h3> <p>If you are proxying content to your server, you need to be aware diff --git a/docs/manual/mod/mod_authz_host.html.fr b/docs/manual/mod/mod_authz_host.html.fr index 2e209342ee..ff8a9e4855 100644 --- a/docs/manual/mod/mod_authz_host.html.fr +++ b/docs/manual/mod/mod_authz_host.html.fr @@ -27,6 +27,8 @@ <p><span>Langues Disponibles: </span><a href="../en/mod/mod_authz_host.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/mod/mod_authz_host.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisations de groupe basées sur l'hôte (nom ou adresse IP)</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr> diff --git a/docs/manual/mod/mod_authz_host.xml.fr b/docs/manual/mod/mod_authz_host.xml.fr index 2ea3f65588..e77ae868f3 100644 --- a/docs/manual/mod/mod_authz_host.xml.fr +++ b/docs/manual/mod/mod_authz_host.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1555545 --> +<!-- English Revision: 1555545:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authz_host.xml.meta b/docs/manual/mod/mod_authz_host.xml.meta index 2df68a979b..c67d019aa9 100644 --- a/docs/manual/mod/mod_authz_host.xml.meta +++ b/docs/manual/mod/mod_authz_host.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_authz_user.html.en b/docs/manual/mod/mod_authz_user.html.en index d53afe878a..dc2056f794 100644 --- a/docs/manual/mod/mod_authz_user.html.en +++ b/docs/manual/mod/mod_authz_user.html.en @@ -63,7 +63,7 @@ authorization types with <code>user</code> and <code>valid-user</code>. </p> - <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported + <p>Since v2.4.8, <a href="../expr.html">expressions</a> are supported within the user require directives.</p> <h3><a name="requser" id="requser">Require user</a></h3> diff --git a/docs/manual/mod/mod_authz_user.html.fr b/docs/manual/mod/mod_authz_user.html.fr index 4afd8ee73c..da7a81568e 100644 --- a/docs/manual/mod/mod_authz_user.html.fr +++ b/docs/manual/mod/mod_authz_user.html.fr @@ -29,6 +29,8 @@ <a href="../ja/mod/mod_authz_user.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="../ko/mod/mod_authz_user.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Autorisation basée sur l'utilisateur</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr> <tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>authz_user_module</td></tr> diff --git a/docs/manual/mod/mod_authz_user.xml.fr b/docs/manual/mod/mod_authz_user.xml.fr index 56e20baf01..b66ed557d3 100644 --- a/docs/manual/mod/mod_authz_user.xml.fr +++ b/docs/manual/mod/mod_authz_user.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision: 1555548 --> +<!-- English Revision: 1555548:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_authz_user.xml.ja b/docs/manual/mod/mod_authz_user.xml.ja index 0aa2348285..467ec87a2b 100644 --- a/docs/manual/mod/mod_authz_user.xml.ja +++ b/docs/manual/mod/mod_authz_user.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 635137:1555548 (outdated) --> +<!-- English Revision: 635137:1587031 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_authz_user.xml.ko b/docs/manual/mod/mod_authz_user.xml.ko index 2701653912..f602e175e9 100644 --- a/docs/manual/mod/mod_authz_user.xml.ko +++ b/docs/manual/mod/mod_authz_user.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 151408:1555548 (outdated) --> +<!-- English Revision: 151408:1587031 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_authz_user.xml.meta b/docs/manual/mod/mod_authz_user.xml.meta index d99cf96cb4..1798fdd837 100644 --- a/docs/manual/mod/mod_authz_user.xml.meta +++ b/docs/manual/mod/mod_authz_user.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> </variants> diff --git a/docs/manual/mod/mod_dir.html.en b/docs/manual/mod/mod_dir.html.en index aefd203022..128b5f881c 100644 --- a/docs/manual/mod/mod_dir.html.en +++ b/docs/manual/mod/mod_dir.html.en @@ -266,7 +266,7 @@ a directory</td></tr> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define a default URL for requests that don't map to a file</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>FallbackResource disabled | <var>local-url</var></code></td></tr> -<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>None - httpd will return 404 (Not Found)</code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>disabled - httpd will return 404 (Not Found)</code></td></tr> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Indexes</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> diff --git a/docs/manual/mod/mod_dir.html.fr b/docs/manual/mod/mod_dir.html.fr index ca0cc54901..a3f17ac58e 100644 --- a/docs/manual/mod/mod_dir.html.fr +++ b/docs/manual/mod/mod_dir.html.fr @@ -30,6 +30,8 @@ <a href="../ko/mod/mod_dir.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="../tr/mod/mod_dir.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Permet la redirection des adresses se terminant par un répertoire sans slash de fin et la mise à disposition des fichiers index de répertoire</td></tr> @@ -292,8 +294,8 @@ fin"</td></tr> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Définit une URL par défaut pour les requêtes qui ne ciblent aucun fichier</td></tr> -<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>FallbackResource disabled <var>url-locale</var></code></td></tr> -<tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>Aucune - httpd renvoie un code d'erreur 404 (Not Found)</code></td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>FallbackResource disabled | <var>url-locale</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>disabled - httpd renvoie un code d'erreur 404 (Not Found)</code></td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel, répertoire, .htaccess</td></tr> <tr><th><a href="directive-dict.html#Override">AllowOverride:</a></th><td>Indexes</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr> diff --git a/docs/manual/mod/mod_dir.xml.fr b/docs/manual/mod/mod_dir.xml.fr index 14e254f659..22d8999c62 100644 --- a/docs/manual/mod/mod_dir.xml.fr +++ b/docs/manual/mod/mod_dir.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision: 1577905 --> +<!-- English Revision: 1577905:1586470 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_dir.xml.ja b/docs/manual/mod/mod_dir.xml.ja index 7bb5f766f9..edb7e85433 100644 --- a/docs/manual/mod/mod_dir.xml.ja +++ b/docs/manual/mod/mod_dir.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 420990:1577905 (outdated) --> +<!-- English Revision: 420990:1586470 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_dir.xml.ko b/docs/manual/mod/mod_dir.xml.ko index ee529a3a8f..57df6ee4d6 100644 --- a/docs/manual/mod/mod_dir.xml.ko +++ b/docs/manual/mod/mod_dir.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 151408:1577905 (outdated) --> +<!-- English Revision: 151408:1586470 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_dir.xml.meta b/docs/manual/mod/mod_dir.xml.meta index e8a3ce0549..0fa52ec5c8 100644 --- a/docs/manual/mod/mod_dir.xml.meta +++ b/docs/manual/mod/mod_dir.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> <variant outdated="yes">tr</variant> diff --git a/docs/manual/mod/mod_dir.xml.tr b/docs/manual/mod/mod_dir.xml.tr index 537b8f9c2c..909302e02a 100644 --- a/docs/manual/mod/mod_dir.xml.tr +++ b/docs/manual/mod/mod_dir.xml.tr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?> -<!-- English Revision: 1554501:1577905 (outdated) --> +<!-- English Revision: 1554501:1586470 (outdated) --> <!-- ===================================================== Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr> Reviewed by: Orhan Berent <berent belgeler.gen.tr> diff --git a/docs/manual/mod/mod_filter.html.fr b/docs/manual/mod/mod_filter.html.fr index 117ce61ee8..8dd75f9e5e 100644 --- a/docs/manual/mod/mod_filter.html.fr +++ b/docs/manual/mod/mod_filter.html.fr @@ -435,7 +435,7 @@ particulier</td></tr> en spécifiant <code>change=no</code>. </p> - <p><var>drapeaux protocole</var> peut contenir un ou plusieurs + <p><var>drapeaux_protocole</var> peut contenir un ou plusieurs drapeaux parmi les suivants :</p> <dl> @@ -444,7 +444,7 @@ particulier</td></tr> taille</dd> <dt><code>change=1:1</code></dt> - <dd>>Le filtre modifie le contenu, mais pas sa taille</dd> + <dd>Le filtre modifie le contenu, mais pas sa taille</dd> <dt><code>byteranges=no</code></dt> <dd>Le filtre ne peut pas traiter de réponses à des sous-requêtes et diff --git a/docs/manual/mod/mod_headers.html.en b/docs/manual/mod/mod_headers.html.en index 8feb6873b9..a9274ab4cc 100644 --- a/docs/manual/mod/mod_headers.html.en +++ b/docs/manual/mod/mod_headers.html.en @@ -214,7 +214,8 @@ Header merge Cache-Control no-store env=NO_STORE</pre> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_headers</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Default condition was temporarily changed to "always" in 2.3.9 and 2.3.10. SetIfEmpty available since 2.4.7.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Default condition was temporarily changed to "always" in 2.3.9 and 2.3.10.<br /> +SetIfEmpty and note available in 2.4.7 and later.</td></tr> </table> <p>This directive can replace, merge or remove HTTP response headers. The header is modified just after the content handler @@ -303,7 +304,8 @@ Header merge Cache-Control no-store env=NO_STORE</pre> <dt><code>setifempty</code></dt> <dd>The request header is set, but only if there is no previous header - with this name. Available in 2.4.7 and later.</dd> + with this name.<br /> + Available in 2.4.7 and later.</dd> <dt><code>unset</code></dt> <dd>The response header of this name is removed, if it exists. @@ -314,7 +316,8 @@ Header merge Cache-Control no-store env=NO_STORE</pre> <dd>The value of the named response <var>header</var> is copied into an internal note whose name is given by <var>value</var>. This is useful if a header sent by a CGI or proxied resource is configured to be unset - but should also be logged.</dd> + but should also be logged.<br /> + Available in 2.4.7 and later.</dd> </dl> @@ -351,15 +354,18 @@ Header merge Cache-Control no-store env=NO_STORE</pre> designed to expose the values obtained by <code>getloadavg()</code> and this represents the current load average, the 5 minute average, and the 15 minute average. The value is preceded by <code>l=</code> with each - average separated by <code>/</code>. + average separated by <code>/</code>.<br /> + Available in 2.4.4 and later. </td></tr> <tr><td><code>%i</code></td> <td>The current idle percentage of httpd (0 to 100) based on available - processes and threads. The value is preceded by <code>i=</code>. + processes and threads. The value is preceded by <code>i=</code>.<br /> + Available in 2.4.4 and later. </td></tr> <tr class="odd"><td><code>%b</code></td> <td>The current busy percentage of httpd (0 to 100) based on available - processes and threads. The value is preceded by <code>b=</code>. + processes and threads. The value is preceded by <code>b=</code>.<br /> + Available in 2.4.4 and later. </td></tr> <tr><td><code>%{VARNAME}e</code></td> <td>The contents of the <a href="../env.html">environment @@ -470,7 +476,8 @@ Header merge Cache-Control no-store env=NO_STORE</pre> <dt><code>setifempty</code></dt> <dd>The request header is set, but only if there is no previous header - with this name. Available in 2.4.7 and later.</dd> + with this name.<br /> + Available in 2.4.7 and later.</dd> <dt><code>unset</code></dt> <dd>The request header of this name is removed, if it exists. If diff --git a/docs/manual/mod/mod_headers.html.fr b/docs/manual/mod/mod_headers.html.fr index 5aac11ac8f..05511fcc79 100644 --- a/docs/manual/mod/mod_headers.html.fr +++ b/docs/manual/mod/mod_headers.html.fr @@ -29,6 +29,8 @@ <a href="../ja/mod/mod_headers.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | <a href="../ko/mod/mod_headers.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Personnalisation des en-têtes de requêtes et de réponses HTTP</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> @@ -211,6 +213,12 @@ Header merge Cache-Control no-store env=NO_STORE</pre> <pre class="prettyprint lang-config">Header set Set-Cookie testcookie "expr=-z %{req:Cookie}"</pre> </li> + <li> + Ajoute un en-tête de mise en cache pour les réponses avec un + code d'état HTTP de 200 + <pre class="prettyprint lang-config">Header append Cache-Control s-maxage=600 "expr=%{REQUEST_STATUS} == 200"</pre> + + </li> </ol> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -237,24 +245,28 @@ disponible depuis la version 2.4.7 du serveur HTTP Apache.</td></tr> <p>L'argument optionnel <var>condition</var> permet de déterminer sur quelle table interne d'en-têtes de réponses cette directive va - opérer. D'autres composants du serveur peuvent avoir stocké leurs - en-têtes de réponses dans la table correspondant à - <code>onsuccess</code> ou dans celle correspondant à - <code>always</code>. Dans ce contexte, "Always" fait référence au - choix d'envoyer les en-têtes que vous ajoutez aux réponses, qu'elle - soient avec succès ou échouées ; par contre, si votre action est une - fonction d'un en-tête existant, vous devrez lire la documentation de - manière plus approfondie car dans ce cas, les choses se compliquent.</p> - - <p>Vous pouvez avoir à changer la valeur par défaut - <code>onsuccess</code> en <code>always</code> dans des circonstances - similaires à celles exposées plus loin. Notez aussi que la répétition + opérer. En dépit du nom, la valeur par défaut de + <code>onsuccess</code> ne limite <em>pas</em> une <var>action</var> + aux réponses avec un code d'état de 2xx. Les en-têtes définis sous + cette condition sont encore utilisés quand par exemple une requête + est mandatée ou générée par un programme CGI avec <em>succès</em>, + et ceci même dans le cas où ils ont généré un code d'échec.</p> + + <p>Lorsque votre action est une fonction agissant sur un en-tête + existant, vous pourrez être amené à spécifier une condition + <code>always</code>, en fonction de la table interne dans laquelle + l'en-tête original a été défini. La table qui correspond à + <code>always</code> est utilisée pour les réponses d'erreur générées + localement ainsi que pour les réponses qui ont abouti. + Notez aussi que la répétition de cette directive avec les deux conditions peut être pertinente dans certains scénarios, car <code>always</code> n'englobe pas <code>onsuccess</code> en ce qui concerne les en-têtes existants :</p> <ul> - <li>Vous ajoutez un en-tête à une réponse échouée (non-2xx), + <li>Vous ajoutez un en-tête à une réponse + générée localement et échouée + (non-2xx), une redirection par exemple, et dans ce cas, seule la table correspondant à <code>always</code> est utilisée dans la réponse définitive.</li> @@ -267,6 +279,12 @@ disponible depuis la version 2.4.7 du serveur HTTP Apache.</td></tr> condition par défaut <code>onsuccess</code>.</li> </ul> + <p>Outre le paramètre <var>condition</var> décrit ci-dessus, vous + pouvez limiter une action en fonction de codes d'état HTTP, par + exemple pour les requêtes mandatées ou générées par un programme + CGI. Voir l'exemple qui utilise %{REQUEST_STATUS} dans la section + ci-dessus.</p> + <p>L'action que cette directive provoque est déterminée par le premier argument (ou par le second argument si une <var>condition</var> est spécifiée). Il peut prendre @@ -377,17 +395,20 @@ disponible depuis la version 2.4.7 du serveur HTTP Apache.</td></tr> courante, ainsi que la charge moyenne pendant les cinq et les quinze dernières minutes. Chaque valeur est précédée de <code>l=</code> et séparée des autres par un slash - <code>/</code>. + <code>/</code>.<br /> + Disponible depuis la version 2.4.4 du serveur HTTP Apache. </td></tr> <tr><td><code>%i</code></td> <td>Le pourcentage de disponibilité de httpd (0 à 100) basé sur le nombre de threads et de processus disponibles. La valeur est - précédée de <code>i=</code>. + précédée de <code>i=</code>.<br /> + Disponible depuis la version 2.4.4 du serveur HTTP Apache. </td></tr> <tr class="odd"><td><code>%b</code></td> <td>Le pourcentage d'utilisation de httpd (0 à 100) basé sur le nombre de threads et de processus disponibles. La valeur est - précédée de <code>b=</code>. + précédée de <code>b=</code>.<br /> + Disponible depuis la version 2.4.4 du serveur HTTP Apache. </td></tr> <tr><td><code>%{NOM_VARIABLE}e</code></td> <td>Le contenu de la <a href="../env.html">variable @@ -435,8 +456,9 @@ disponible depuis la version 2.4.7 du serveur HTTP Apache.</td></tr> directives <code class="directive">Header</code> sont traitées juste avant l'envoi de la réponse sur le réseau. Cela signifie qu'il est possible de définir et/ou modifier la plupart des en-têtes, à - l'exception de ceux qui sont ajoutés par le filtre HTTP - d'en-tête, comme Content-Type.</p> + l'exception de certains en-têtes qui sont ajoutés par le filtre + d'en-tête HTTP. Avant la version 2.2.12, il n'était pas + possible de modifier l'en-tête Content-Type avec cette directive.</p> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> diff --git a/docs/manual/mod/mod_headers.xml.fr b/docs/manual/mod/mod_headers.xml.fr index d8cc35046a..7ed1791bd2 100644 --- a/docs/manual/mod/mod_headers.xml.fr +++ b/docs/manual/mod/mod_headers.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1586470 --> +<!-- English Revision: 1586470:1587098 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_headers.xml.ja b/docs/manual/mod/mod_headers.xml.ja index ce24d804c0..42c30ac6b5 100644 --- a/docs/manual/mod/mod_headers.xml.ja +++ b/docs/manual/mod/mod_headers.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 151408:1584082 (outdated) --> +<!-- English Revision: 151408:1587098 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_headers.xml.ko b/docs/manual/mod/mod_headers.xml.ko index fad4547432..ae7eeb45e2 100644 --- a/docs/manual/mod/mod_headers.xml.ko +++ b/docs/manual/mod/mod_headers.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 151408:1584082 (outdated) --> +<!-- English Revision: 151408:1587098 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_isapi.html.fr b/docs/manual/mod/mod_isapi.html.fr index 81a0164dca..b4c66b59bc 100644 --- a/docs/manual/mod/mod_isapi.html.fr +++ b/docs/manual/mod/mod_isapi.html.fr @@ -28,17 +28,16 @@ <a href="../fr/mod/mod_isapi.html" title="Français"> fr </a> | <a href="../ko/mod/mod_isapi.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> </div> -<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Extensions ISAPI au coeur d'Apache pour Windows</td></tr> +<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Extensions ISAPI dans Apache pour Windows</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Base</td></tr> <tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>isapi_module</td></tr> <tr><th><a href="module-dict.html#SourceFile">Fichier Source:</a></th><td>mod_isapi.c</td></tr> <tr><th><a href="module-dict.html#Compatibility">Compatibilité:</a></th><td>Win32 only</td></tr></table> <h3>Sommaire</h3> - <p>Ce module implémente l'API des extensions <strong>Internet Server</strong> - (l'application IIS de Microsoft). Il - permet à Apache pour Windows de servir les extensions <strong>Internet Server</strong> - (par exemple les modules .dll ISAPI), compte tenu des + <p>Ce module implémente l'API des extensions du Serveur Internet. Il + permet à Apache pour Windows de servir les extensions du Serveur + Internet (par exemple les modules .dll ISAPI), compte tenu des restrictions spécifiées.</p> <p>Les modules d'extension ISAPI (fichiers .dll) sont des modules @@ -82,8 +81,8 @@ gestionnaire était <code>isapi-isa</code> au lieu de <code>isapi-handler</code>. Depuis les versions de développement 2.3 du serveur Apache, <code>isapi-isa</code> n'est plus valide, et vous - devrez modifier votre configuration pour utiliser - <code>isapi-handler</code> à sa place.</div> + devrez éventuellement modifier votre configuration pour utiliser + <code>isapi-handler</code> à la place.</div> <p>Le serveur Apache ne propose aucun moyen de conserver en mémoire un module chargé. Vous pouvez cependant précharger et garder un @@ -93,7 +92,7 @@ <p>Que vous ayez ou non préchargé une extension ISAPI, ces dernières - sont toutes soumises aux mêmes restrictions et possèdent les mêmes + sont toutes soumises au mêmes restrictions et possèdent les mêmes permissions que les scripts CGI. En d'autres termes, <code class="directive"><a href="../mod/core.html#options">Options</a></code> <code>ExecCGI</code> doit être défini pour le répertoire qui contient le fichier .dll ISAPI.</p> @@ -120,8 +119,8 @@ <p>Si aucune option de configuration particulière n'est spécifiée, certains serveurs, comme Microsoft IIS, chargent l'extension ISAPI dans le serveur et la conservent en mémoire jusqu'à ce que - l'utilisation de cette dernière devienne trop élevée. Apache, en - revanche, charge et décharge réellement l'extension ISAPI chaque fois + l'utilisation de cette dernière devienne trop élevée. Apache, par + contre, charge et décharge réellement l'extension ISAPI chaque fois qu'elle est invoquée, si la directive <code class="directive"><a href="#isapicachefile">ISAPICacheFile</a></code> n'a pas été spécifiée. Ce n'est pas très performant, mais le modèle de mémoire d'Apache fait que cette méthode est la plus efficace. De nombreux modules @@ -237,11 +236,11 @@ <code>GetServerVariable</code>, ainsi que les valeurs <code>ALL_HTTP</code> et <code>ALL_RAW</code>.</p> - <p>Depuis Apache httpd 2.0+, <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> propose des + <p>Depuis httpd 2.0, <code class="module"><a href="../mod/mod_isapi.html">mod_isapi</a></code> propose des fonctionnalités supplémentaires introduites dans les versions actualisées de la spécification ISAPI, ainsi qu'une émulation limitée des entrées/sorties asynchrones et la sémantique - <code>TransmitFile</code>. Apache httpd supporte également le préchargement + <code>TransmitFile</code>. Apache httpd supporte aussi le préchargement des .dlls ISAPI à des fins de performances.</p> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -293,8 +292,8 @@ démarrage</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_isapi</td></tr> </table> - <p>Cette directive permet de spécifier une liste de noms de fichiers, séparés par des - espaces, devant être chargés au démarrage + <p>Cette directive permet de spécifier une liste, séparés par des + espaces, de noms de fichiers devant être chargés au démarrage du serveur Apache, et rester en mémoire jusqu'à l'arrêt du serveur. Cette directive peut être répétée pour chaque fichier .dll ISAPI souhaité. Le chemin complet du fichier doit être spécifié. Si le @@ -305,7 +304,7 @@ démarrage</td></tr> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="ISAPIFakeAsync" id="ISAPIFakeAsync">ISAPIFakeAsync</a> <a name="isapifakeasync" id="isapifakeasync">Directive</a></h2> <table class="directive"> -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Émulation du support des entrées/sorties asynchrones pour +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Emulation du support des entrées/sorties asynchrones pour les appels ISAPI</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntaxe:</a></th><td><code>ISAPIFakeAsync on|off</code></td></tr> <tr><th><a href="directive-dict.html#Default">Défaut:</a></th><td><code>ISAPIFakeAsync off</code></td></tr> diff --git a/docs/manual/mod/mod_isapi.xml.meta b/docs/manual/mod/mod_isapi.xml.meta index 913ae2ac73..b25e2edfdf 100644 --- a/docs/manual/mod/mod_isapi.xml.meta +++ b/docs/manual/mod/mod_isapi.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant outdated="yes">fr</variant> + <variant>fr</variant> <variant outdated="yes">ko</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_ldap.html.en b/docs/manual/mod/mod_ldap.html.en index b8f3d10226..2af457b7ff 100644 --- a/docs/manual/mod/mod_ldap.html.en +++ b/docs/manual/mod/mod_ldap.html.en @@ -582,7 +582,7 @@ valid</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> </table> - <p>This directive, if enabled by the <code>LDAPReferrals</code> directive, + <p>This directive, if enabled by the <code class="directive">LDAPReferrals</code> directive, limits the number of referral hops that are followed before terminating an LDAP query.</p> @@ -601,6 +601,7 @@ valid</td></tr> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>The <var>default</var> parameter is available in Apache 2.4.7 and later</td></tr> </table> <p>Some LDAP servers divide their directory among multiple domains and use referrals to direct a client when a domain boundary is crossed. This is similar to a HTTP redirect. @@ -608,8 +609,7 @@ valid</td></tr> explicitly configures the referral chasing in the underlying SDK.</p> - <p><code class="directive">LDAPReferrals</code> takes the takes the following values: - </p> + <p><code class="directive">LDAPReferrals</code> takes the following values:</p> <dl> <dt>"on"</dt> <dd> <p> When set to "on", the underlying SDK's referral chasing state @@ -626,10 +626,10 @@ valid</td></tr> registered.</p></dd> </dl> - <p> The directive <code>LDAPReferralHopLimit</code> works in conjunction with + <p>The directive <code class="directive">LDAPReferralHopLimit</code> works in conjunction with this directive to limit the number of referral hops to follow before terminating the LDAP query. When referral processing is enabled by a value of "On", client credentials will be provided, - via a rebind callback, for any LDAP server requiring them. </p> + via a rebind callback, for any LDAP server requiring them.</p> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> diff --git a/docs/manual/mod/mod_log_config.html.fr b/docs/manual/mod/mod_log_config.html.fr index 2b9249827f..d91a457579 100644 --- a/docs/manual/mod/mod_log_config.html.fr +++ b/docs/manual/mod/mod_log_config.html.fr @@ -307,7 +307,7 @@ d'Apache</a></li> fallait être très prudent lors de l'exploitation des journaux bruts.</p> - <p>A la différence de la version 1.3, dans httpd 2.0, les chaînes + <p>A la différence de la version 1.3, depuis httpd 2.0, les chaînes de format <code>%b</code> et <code>%B</code> ne représentent pas le nombre d'octets envoyés au client, mais simplement la taille en octets de la réponse HTTP (les deux étant différents, par exemple, diff --git a/docs/manual/mod/mod_log_config.html.tr.utf8 b/docs/manual/mod/mod_log_config.html.tr.utf8 index ef30b5777e..d46587ddd1 100644 --- a/docs/manual/mod/mod_log_config.html.tr.utf8 +++ b/docs/manual/mod/mod_log_config.html.tr.utf8 @@ -30,6 +30,7 @@ <a href="../ko/mod/mod_log_config.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="../tr/mod/mod_log_config.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son deÄŸiÅŸiklikler için Ä°ngilizce sürüm geçerlidir.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Sunucuya yapılan isteklerin günlük kayıtlarının tutulması </td></tr> <tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Temel</td></tr> diff --git a/docs/manual/mod/mod_log_config.xml.meta b/docs/manual/mod/mod_log_config.xml.meta index 483caf85ed..d3f68096ba 100644 --- a/docs/manual/mod/mod_log_config.xml.meta +++ b/docs/manual/mod/mod_log_config.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant outdated="yes">fr</variant> + <variant>fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> <variant outdated="yes">tr</variant> diff --git a/docs/manual/mod/mod_logio.html.en b/docs/manual/mod/mod_logio.html.en index 1774eaef2e..ce708a1f0c 100644 --- a/docs/manual/mod/mod_logio.html.en +++ b/docs/manual/mod/mod_logio.html.en @@ -82,7 +82,8 @@ <td>Bytes sent, including headers, cannot be zero.</td></tr> <tr><td><code>%S</code></td> <td>Bytes transferred (received and sent), including request and headers, - cannot be zero. This is the combination of %I and %O.</td></tr> + cannot be zero. This is the combination of %I and %O.<br /> + Available in Apache 2.4.7 and later</td></tr> </table> <p>Usually, the functionality is used like this:</p> diff --git a/docs/manual/mod/mod_logio.html.fr b/docs/manual/mod/mod_logio.html.fr index 1df6c0dc3b..cc4b0dc785 100644 --- a/docs/manual/mod/mod_logio.html.fr +++ b/docs/manual/mod/mod_logio.html.fr @@ -30,6 +30,8 @@ <a href="../ko/mod/mod_logio.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="../tr/mod/mod_logio.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Journalisation des octets en entrée et en sortie pour chaque requête</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> diff --git a/docs/manual/mod/mod_logio.html.tr.utf8 b/docs/manual/mod/mod_logio.html.tr.utf8 index 31304fe857..f5e07cffa6 100644 --- a/docs/manual/mod/mod_logio.html.tr.utf8 +++ b/docs/manual/mod/mod_logio.html.tr.utf8 @@ -30,6 +30,7 @@ <a href="../ko/mod/mod_logio.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="../tr/mod/mod_logio.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son deÄŸiÅŸiklikler için Ä°ngilizce sürüm geçerlidir.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Her isteÄŸin girdi ve çıktı uzunluklarının günlüklenmesi. </td></tr> <tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Eklenti</td></tr> diff --git a/docs/manual/mod/mod_logio.xml.fr b/docs/manual/mod/mod_logio.xml.fr index f6d341702b..5a94884866 100644 --- a/docs/manual/mod/mod_logio.xml.fr +++ b/docs/manual/mod/mod_logio.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1523269 --> +<!-- English Revision: 1523269:1587098 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_logio.xml.ja b/docs/manual/mod/mod_logio.xml.ja index 88fcbb9c35..b7d7e34abe 100644 --- a/docs/manual/mod/mod_logio.xml.ja +++ b/docs/manual/mod/mod_logio.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 420990:1523269 (outdated) --> +<!-- English Revision: 420990:1587098 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_logio.xml.ko b/docs/manual/mod/mod_logio.xml.ko index 1fa28a7ad6..92792ff9f9 100644 --- a/docs/manual/mod/mod_logio.xml.ko +++ b/docs/manual/mod/mod_logio.xml.ko @@ -1,7 +1,7 @@ <?xml version="1.0" encoding='EUC-KR' ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> -<!-- English Revision: 420990:1523269 (outdated) --> +<!-- English Revision: 420990:1587098 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_logio.xml.meta b/docs/manual/mod/mod_logio.xml.meta index ed5503c132..8ad0562e0e 100644 --- a/docs/manual/mod/mod_logio.xml.meta +++ b/docs/manual/mod/mod_logio.xml.meta @@ -8,9 +8,9 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> - <variant>tr</variant> + <variant outdated="yes">tr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_logio.xml.tr b/docs/manual/mod/mod_logio.xml.tr index befdffffdf..8d36c055d1 100644 --- a/docs/manual/mod/mod_logio.xml.tr +++ b/docs/manual/mod/mod_logio.xml.tr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?> -<!-- English Revision: 1523269 --> +<!-- English Revision: 1523269:1587098 (outdated) --> <!-- ===================================================== Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr> Reviewed by: Orhan Berent <berent belgeler.gen.tr> diff --git a/docs/manual/mod/mod_lua.html.en b/docs/manual/mod/mod_lua.html.en index 8fbe093f7f..1935ff9f18 100644 --- a/docs/manual/mod/mod_lua.html.en +++ b/docs/manual/mod/mod_lua.html.en @@ -1603,7 +1603,7 @@ end</pre> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.5.0 and later</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.4.5 and later</td></tr> </table> <p>Provides a means of adding a Lua function as an input filter. As with output filters, input filters work as coroutines, @@ -1688,7 +1688,7 @@ filters</a>" for more information. <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_lua</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.5.0 and later</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.4.5 and later</td></tr> </table> <p>Provides a means of adding a Lua function as an output filter. As with input filters, output filters work as coroutines, diff --git a/docs/manual/mod/mod_lua.html.fr b/docs/manual/mod/mod_lua.html.fr index d7b7b3fb04..da0697b0fd 100644 --- a/docs/manual/mod/mod_lua.html.fr +++ b/docs/manual/mod/mod_lua.html.fr @@ -27,6 +27,8 @@ <p><span>Langues Disponibles: </span><a href="../en/mod/mod_lua.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/mod/mod_lua.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Fournit des points d'entrée Lua dans différentes parties du traitement des requêtes httpd</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr> diff --git a/docs/manual/mod/mod_lua.xml.fr b/docs/manual/mod/mod_lua.xml.fr index f07cd6bf9f..6f98a84de0 100644 --- a/docs/manual/mod/mod_lua.xml.fr +++ b/docs/manual/mod/mod_lua.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1576896 --> +<!-- English Revision: 1576896:1587324 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_lua.xml.meta b/docs/manual/mod/mod_lua.xml.meta index b55c7710e9..8fc1a0efdf 100644 --- a/docs/manual/mod/mod_lua.xml.meta +++ b/docs/manual/mod/mod_lua.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_proxy.html.en b/docs/manual/mod/mod_proxy.html.en index bdb02ec506..1b7636601c 100644 --- a/docs/manual/mod/mod_proxy.html.en +++ b/docs/manual/mod/mod_proxy.html.en @@ -482,8 +482,7 @@ ProxyPass /examples http://backend.example.com/examples timeout=10</pre> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.5.0 - and later.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.5 and later.</td></tr> </table> <p>This directive will cause the current server/vhost to "inherit" ProxyPass Balancers and Workers defined in the main server. This can cause issues and @@ -530,8 +529,7 @@ ProxyPass /examples http://backend.example.com/examples timeout=10</pre> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later. - and later.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.</td></tr> </table> <p>This directive will cause the shared memory storage associated with the balancers and balancer members to be persisted across @@ -883,7 +881,7 @@ proxied resources</td></tr> identical to the <code class="directive"><a href="#proxy"><Proxy></a></code> directive, except it matches URLs using <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expressions</a>.</p> - <p>From 2.5.0 onwards, named groups and backreferences are captured and + <p>From 2.4.8 onwards, named groups and backreferences are captured and written to the environment with the corresponding name prefixed with "MATCH_" and in upper case. This allows elements of URLs to be referenced from within <a href="../expr.html">expressions</a> and modules like @@ -949,7 +947,7 @@ through</td></tr> <div class="note"><strong>Note: </strong>This directive cannot be used within a <code><Directory></code> context.</div> - + <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should usually be set <strong>off</strong> when using <code class="directive">ProxyPass</code>.</div> @@ -1264,7 +1262,8 @@ ProxyPass /mirror/foo http://backend.example.com</pre> and it depends on the backend application server that support sessions. If the backend application server uses different name for cookies and url encoded id (like servlet containers) use | to to separate them. - The first part is for the cookie the second for the path. + The first part is for the cookie the second for the path.<br /> + Available in Apache HTTP Server 2.4.4 and later. </td></tr> <tr><td>stickysessionsep</td> <td>"."</td> @@ -1295,7 +1294,7 @@ ProxyPass /mirror/foo http://backend.example.com</pre> <td>Off</td> <td>If set, an IO read timeout after a request is sent to the backend will force the worker into error state. Worker recovery behaves the same as other - worker errors. + worker errors.<br /> Available in Apache HTTP Server 2.4.5 and later. </td></tr> <tr><td>nonce</td> @@ -1322,7 +1321,8 @@ ProxyPass /mirror/foo http://backend.example.com</pre> in error state. There might be cases where an already overloaded backend can get into deeper trouble if the recovery of all workers is enforced without considering the retry parameter of each worker. In this case - set to <code>Off</code>. + set to <code>Off</code>.<br /> + Available in Apache HTTP Server 2.4.2 and later. </td></tr> </table> @@ -1407,7 +1407,7 @@ ProxyPassReverse /mirror/foo/ https://backend.example.com/</pre> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later. +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later. and later.</td></tr> </table> <p>This directive will cause the current server/vhost to "inherit" diff --git a/docs/manual/mod/mod_proxy.html.fr b/docs/manual/mod/mod_proxy.html.fr index 09642669ea..6007fdaf65 100644 --- a/docs/manual/mod/mod_proxy.html.fr +++ b/docs/manual/mod/mod_proxy.html.fr @@ -28,6 +28,8 @@ <a href="../fr/mod/mod_proxy.html" title="Français"> fr </a> | <a href="../ja/mod/mod_proxy.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Serveur mandataire/passerelle multi-protocole</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>proxy_module</td></tr> @@ -537,7 +539,7 @@ serveur HTTP Apache</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.5.0 du serveur +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible à partir de la version 2.4.5 du serveur HTTP Apache.</td></tr> </table> <p>Cette directive permet d'attribuer au serveur virtuel courant @@ -595,7 +597,7 @@ charge</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy</td></tr> <tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>BalancerPersist n'est disponible qu'à partir de la - version 2.5.0 du serveur HTTP Apache.</td></tr> + version 2.4.4 du serveur HTTP Apache.</td></tr> </table> <p>Cette directive permet de conserver le contenu de l'espace mémoire partagé associé aux répartiteurs de charge et à leurs @@ -1428,7 +1430,8 @@ ProxyPass /mirror/foo http://backend.example.com</pre> d'application d'arrière-plan utilise des noms différents pour les cookies et les identifiants codés d'URL (comme les conteneurs de servlet), séparez-les par le caractère '|'. La - première partie contient le cookie et la seconde le chemin. + première partie contient le cookie et la seconde le chemin.<br /> + Disponible depuis la version 2.4.4 du serveur HTTP Apache. </td></tr> <tr><td>stickysessionsep</td> <td>"."</td> @@ -1469,7 +1472,7 @@ ProxyPass /mirror/foo http://backend.example.com</pre> dépassé en entrée/sortie après envoi d'une requête au serveur d'arrière-plan va mettre le processus en état d'erreur. La sortie de cet état d'erreur se passe de la même façon que pour - les autres erreurs. + les autres erreurs.<br /> Disponible à partir de la version 2.4.5 du serveur HTTP Apache. </td></tr> <tr><td>nonce</td> @@ -1500,7 +1503,8 @@ ProxyPass /mirror/foo http://backend.example.com</pre> surchargé entre dans une situation critique si la relance de tous les membres est forcée sans tenir compte du paramètre retry de chaque membre. Dans ce cas, définissez ce paramètre à - <code>Off</code>. + <code>Off</code>.<br /> + Disponible depuis la version 2.4.2 du serveur HTTP Apache. </td></tr> </table> @@ -1559,8 +1563,7 @@ ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover souple, reportez-vous à la documentaion de la directive <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> et son drapeau <code>[P]</code>.</p> - <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis - httpd 2.2.9), en combinaison avec la directive + <p>Le mot-clé optionnel <var>interpolate</var>, en combinaison avec la directive <code class="directive">ProxyPassInterpolateEnv</code>, permet à ProxyPass d'interpoler les variables d'environnement à l'aide de la syntaxe <var>${VARNAME}</var>. Notez que de nombreuses variables @@ -1775,8 +1778,8 @@ ProxyPassReverseCookiePath / /mirror/foo/</pre> <code class="directive"><a href="#proxypass">ProxyPass</a></code> correspondante.</p> - <p>Le mot-clé optionnel <var>interpolate</var> (disponible depuis - httpd 2.2.9), utilisé en combinaison avec la directive + <p>Le mot-clé optionnel <var>interpolate</var>, en + combinaison avec la directive <code class="directive">ProxyPassInterpolateEnv</code>, permet l'interpolation des variables d'environnement spécifiées en utilisant le format <var>${VARNAME}</var> Notez que l'interpolation diff --git a/docs/manual/mod/mod_proxy.html.ja.utf8 b/docs/manual/mod/mod_proxy.html.ja.utf8 index 4108dd77b1..a4612de716 100644 --- a/docs/manual/mod/mod_proxy.html.ja.utf8 +++ b/docs/manual/mod/mod_proxy.html.ja.utf8 @@ -332,8 +332,7 @@ <tr><th><a href="directive-dict.html#Context">コンテã‚スト:</a></th><td>サーãƒè¨å®šãƒ•ã‚¡ã‚¤ãƒ«, ãƒãƒ¼ãƒãƒ£ãƒ«ãƒ›ã‚¹ãƒˆ</td></tr> <tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.5.0 - and later.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>BalancerInherit is only available in Apache HTTP Server 2.4.5 and later.</td></tr> </table><p>ã“ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ã®è§£èª¬æ–‡æ›¸ã¯ ã¾ã 翻訳ã•ã‚Œã¦ã„ã¾ã›ã‚“。英語版をã”覧ãã ã•ã„。 </p></div> @@ -356,8 +355,7 @@ <tr><th><a href="directive-dict.html#Context">コンテã‚スト:</a></th><td>サーãƒè¨å®šãƒ•ã‚¡ã‚¤ãƒ«, ãƒãƒ¼ãƒãƒ£ãƒ«ãƒ›ã‚¹ãƒˆ</td></tr> <tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later. - and later.</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>BalancerPersist is only available in Apache HTTP Server 2.4.4 and later.</td></tr> </table><p>ã“ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ã®è§£èª¬æ–‡æ›¸ã¯ ã¾ã 翻訳ã•ã‚Œã¦ã„ã¾ã›ã‚“。英語版をã”覧ãã ã•ã„。 </p></div> @@ -924,7 +922,7 @@ <tr><th><a href="directive-dict.html#Context">コンテã‚スト:</a></th><td>サーãƒè¨å®šãƒ•ã‚¡ã‚¤ãƒ«, ãƒãƒ¼ãƒãƒ£ãƒ«ãƒ›ã‚¹ãƒˆ</td></tr> <tr><th><a href="directive-dict.html#Status">ステータス:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">モジュール:</a></th><td>mod_proxy</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.5.0 and later. +<tr><th><a href="directive-dict.html#Compatibility">互æ›æ€§:</a></th><td>ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later. and later.</td></tr> </table><p>ã“ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ã®è§£èª¬æ–‡æ›¸ã¯ ã¾ã 翻訳ã•ã‚Œã¦ã„ã¾ã›ã‚“。英語版をã”覧ãã ã•ã„。 diff --git a/docs/manual/mod/mod_proxy.xml.fr b/docs/manual/mod/mod_proxy.xml.fr index 40d9c0fabd..6da4d554eb 100644 --- a/docs/manual/mod/mod_proxy.xml.fr +++ b/docs/manual/mod/mod_proxy.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision: 1586470 --> +<!-- English Revision: 1586470:1587324 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_proxy.xml.ja b/docs/manual/mod/mod_proxy.xml.ja index b6c2249c7e..be1a411418 100644 --- a/docs/manual/mod/mod_proxy.xml.ja +++ b/docs/manual/mod/mod_proxy.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 344971:1584684 (outdated) --> +<!-- English Revision: 344971:1587324 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/mod/mod_rewrite.html.en b/docs/manual/mod/mod_rewrite.html.en index 2bfeb6b3f8..fd376dd1b8 100644 --- a/docs/manual/mod/mod_rewrite.html.en +++ b/docs/manual/mod/mod_rewrite.html.en @@ -269,6 +269,8 @@ Alias /myapp /opt/myapp-1.2.3 IS_SUBREQ<br /> HTTPS<br /> REQUEST_SCHEME<br /> + REMOTE_ADDR<br /> + CONN_REMOTE_ADDR<br /> </td> </tr> </table> @@ -873,7 +875,7 @@ later</td></tr> <dt><code>InheritBefore</code></dt> <dd> <p> Like <code>Inherit</code> above, but the rules from the parent scope - are applied <strong>before</strong> rules specified in the child scope. + are applied <strong>before</strong> rules specified in the child scope.<br /> Available in Apache HTTP Server 2.3.10 and later.</p> </dd> @@ -884,8 +886,8 @@ later</td></tr> the configuration of the current configuration. It is equivalent to specifying <code>RewriteOptions Inherit</code> in all child configurations. See the <code>Inherit</code> option for more details - on how the parent-child relationships are handled. Available in Apache - HTTP Server 2.4.8 and later.</p> + on how the parent-child relationships are handled.<br /> + Available in Apache HTTP Server 2.4.8 and later.</p> </dd> <dt><code>InheritDownBefore</code></dt> @@ -893,7 +895,8 @@ later</td></tr> <p>Like <code>InheritDown</code> above, but the rules from the current scope are applied <strong>before</strong> rules specified in any child's - scope. Available in Apache HTTP Server 2.4.8 and later.</p> + scope.<br /> + Available in Apache HTTP Server 2.4.8 and later.</p> </dd> <dt><code>IgnoreInherit</code></dt> @@ -901,8 +904,8 @@ later</td></tr> <p>This option forces the current and child configurations to ignore all rules that would be inherited from a parent specifying - <code>InheritDown</code> or <code>InheritDownBefore</code>. Available - in Apache HTTP Server 2.4.8 and later.</p> + <code>InheritDown</code> or <code>InheritDownBefore</code>.<br /> + Available in Apache HTTP Server 2.4.8 and later.</p> </dd> <dt><code>AllowNoSlash</code></dt> @@ -916,8 +919,8 @@ later</td></tr> is set to off, the <code>AllowNoSlash</code> option can be enabled to ensure that rewrite rules are no longer ignored. This option makes it possible to apply rewrite rules within .htaccess files that match the directory without - a trailing slash, if so desired. Available in Apache HTTP Server 2.4.0 and - later.</p> + a trailing slash, if so desired.<br /> + Available in Apache HTTP Server 2.4.0 and later.</p> </dd> <dt><code>AllowAnyURI</code></dt> @@ -926,7 +929,7 @@ later</td></tr> <p>When <code class="directive"><a href="#rewriterule">RewriteRule</a></code> is used in <code>VirtualHost</code> or server context with version 2.2.22 or later of httpd, <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> - will only process the rewrite rules if the request URI is a <a href="./directive-dict.html#Syntax">URL-path</a>. This avoids + will only process the rewrite rules if the request URI is a <a href="directive-dict.html#Syntax">URL-path</a>. This avoids some security issues where particular rules could allow "surprising" pattern expansions (see <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317">CVE-2011-4317</a>). @@ -934,7 +937,8 @@ later</td></tr> <code>AllowAnyURI</code> option can be enabled, and <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> will apply the rule set to any request URI string, regardless of whether that string matches - the URL-path grammar required by the HTTP specification.</p> + the URL-path grammar required by the HTTP specification.<br /> + Available in Apache HTTP Server 2.4.3 and later.</p> <div class="warning"> <h3>Security Warning</h3> diff --git a/docs/manual/mod/mod_rewrite.html.fr b/docs/manual/mod/mod_rewrite.html.fr index 7153f24e50..5a305802f1 100644 --- a/docs/manual/mod/mod_rewrite.html.fr +++ b/docs/manual/mod/mod_rewrite.html.fr @@ -744,28 +744,18 @@ RewriteRule ...règles concernant tous ces hôtes...</pre> l'en-tête ``<code>User-Agent:</code>'' de la requête, vous pouvez utiliser ce qui suit : </p> -<pre class="prettyprint lang-config">RewriteCond %{HTTP_USER_AGENT} ^Mozilla -RewriteRule ^/$ /homepage.max.html [L] - -RewriteCond %{HTTP_USER_AGENT} ^Lynx -RewriteRule ^/$ /homepage.min.html [L] +<pre class="prettyprint lang-config">RewriteCond %{HTTP_USER_AGENT} (iPhone|Blackberry|Android) +RewriteRule ^/$ /homepage.mobile.html [L] RewriteRule ^/$ /homepage.std.html [L]</pre> <p>Explications : si vous utilisez un navigateur - (Netscape Navigator, Mozilla etc) qui s'identifie comme - 'Mozilla', vous accèderez à la page d'accueil max (qui - peut contenir des frames, ou d'autres ressources - particulières). - Si vous utilisez le navigateur Lynx (qui est un navigateur - en mode texte), vous accèderez à une page d'accueil min - (qui peut être une version conçue pour une navigation simple - basée sur le texte). - Si aucune de ces conditions n'est satisfaite (vous utilisez tout - autre navigateur, ou votre navigateur s'identifie de manière non - standard), vous accèderez à la page d'accueil std - (standard).</p> + qui s'identifie comme un navigateur de mobile (notez que cet + exemple est incomplet car il existe de nombreuses autres + plateformes mobiles), c'est la version mobile de la page + d'accueil qui sera servie. Dans le cas contraire, vous verrez + s'afficher la page d'accueil standard.</p> </div> @@ -951,7 +941,8 @@ la version version 2.1</td></tr> <p>Même effet que l'option <code>Inherit</code> ci-dessus, mais les règles spécifiées dans le niveau parent s'appliquent <strong>avant</strong> les règles spécifiées dans le niveau - enfant. Disponible depuis la version 2.3.10 du serveur HTTP + enfant.<br /> + Disponible depuis la version 2.3.10 du serveur HTTP Apache.</p> </dd> @@ -963,7 +954,8 @@ la version version 2.1</td></tr> spécifie <code>RewriteOptions Inherit</code> dans toutes les configurations enfants. Voir l'option <code>Inherit</code> pour plus de détails à propos de la manière dont les relations - parent-enfants sont traitées. Cette option est disponible à partir + parent-enfants sont traitées.<br /> + Cette option est disponible à partir de la version 2.4.8 du serveur HTTP Apache.</p> </dd> @@ -973,7 +965,8 @@ la version version 2.1</td></tr> <p>L'effet de cette option est équivalent à celui de l'option <code>InheritDown</code> ci-dessus, mais les règles de la configuration parente s'appliquent <strong>avant</strong> toute - règle de la configuration enfant. Cette option est disponible à partir + règle de la configuration enfant.<br /> + Cette option est disponible à partir de la version 2.4.8 du serveur HTTP Apache.</p> </dd> @@ -983,7 +976,8 @@ la version version 2.1</td></tr> <p>Si cette option est activée, les configurations courante et enfants ignoreront toute règle héritée d'une configuration parente via les options <code>InheritDown</code> ou - <code>InheritDownBefore</code>. Cette option est disponible à partir + <code>InheritDownBefore</code>.<br /> + Cette option est disponible à partir de la version 2.4.8 du serveur HTTP Apache.</p> </dd> @@ -999,7 +993,8 @@ la version version 2.1</td></tr> s'assurer que les règles de réécriture ne soient plus ignorées. Si on le souhaite, cette option permet de faire s'appliquer des règles de réécriture qui correspondent à un répertoire sans slash - final au sein de fichiers .htaccess. Elle est disponible à + final au sein de fichiers .htaccess.<br /> + Elle est disponible à partir de la version 2.4.0 du serveur HTTP Apache.</p> </dd> @@ -1009,7 +1004,7 @@ la version version 2.1</td></tr> <p>A partir de la version 2.2.22 de httpd, lorsqu'une directive <code class="directive"><a href="#rewriterule">RewriteRule</a></code> se situe dans un contexte de <code>serveur virtuel</code> ou de serveur principal, <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> ne traitera les règles de réécriture - que si l'URI de la requête respecte la syntaxe d'un <a href="./directive-dict.html#Syntax">chemin URL</a>. Ceci permet + que si l'URI de la requête respecte la syntaxe d'un <a href="directive-dict.html#Syntax">chemin URL</a>. Ceci permet d'éviter certains problèmes de sécurité où des règles particulières pourraient permettre des développements de modèles inattendus (voir <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368">CVE-2011-3368</a> @@ -1018,7 +1013,8 @@ la version version 2.1</td></tr> utiliser l'option <code>AllowAnyURI</code>, afin de permettre à <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> d'appliquer le jeu de règles à toute chaîne de requête URI, sans vérifier si cette dernière respecte la - grammaire des chemins URL définie dans la spécification HTTP.</p> + grammaire des chemins URL définie dans la spécification HTTP.<br /> + Disponible depuis la version 2.4.3 du serveur HTTP Apache.</p> <div class="warning"> <h3>Avertissement à propos de la sécurité</h3> diff --git a/docs/manual/mod/mod_rewrite.xml.fr b/docs/manual/mod/mod_rewrite.xml.fr index 1682d0a833..28d765abed 100644 --- a/docs/manual/mod/mod_rewrite.xml.fr +++ b/docs/manual/mod/mod_rewrite.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1586447 --> +<!-- English Revision: 1586447:1587031 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_rewrite.xml.meta b/docs/manual/mod/mod_rewrite.xml.meta index decc0a7b1e..0be21e86f4 100644 --- a/docs/manual/mod/mod_rewrite.xml.meta +++ b/docs/manual/mod/mod_rewrite.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_session_crypto.html.en b/docs/manual/mod/mod_session_crypto.html.en index 19079e6911..a11857cfc1 100644 --- a/docs/manual/mod/mod_session_crypto.html.en +++ b/docs/manual/mod/mod_session_crypto.html.en @@ -190,8 +190,9 @@ SessionCryptoPassphrase secret</pre> secret to the end of the list, and once rolled out completely to all servers, remove the first key from the start of the list.</p> - <p>If the value begins with exec: the resulting command will be executed and the - first line returned to standard output by the program will be used as the key.</p> + <p>As of version 2.4.7 if the value begins with <var>exec:</var> the resulting command + will be executed and the first line returned to standard output by the program will be + used as the key.</p> <div class="example"><pre>#key used as-is SessionCryptoPassphrase secret diff --git a/docs/manual/mod/mod_session_crypto.html.fr b/docs/manual/mod/mod_session_crypto.html.fr index 13a0ed59f7..15bbdb6201 100644 --- a/docs/manual/mod/mod_session_crypto.html.fr +++ b/docs/manual/mod/mod_session_crypto.html.fr @@ -27,6 +27,8 @@ <p><span>Langues Disponibles: </span><a href="../en/mod/mod_session_crypto.html" hreflang="en" rel="alternate" title="English"> en </a> | <a href="../fr/mod/mod_session_crypto.html" title="Français"> fr </a></p> </div> +<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Support du chiffrement des sessions</td></tr> <tr><th><a href="module-dict.html#Status">Statut:</a></th><td>Expérimental</td></tr> <tr><th><a href="module-dict.html#ModuleIdentifier">Identificateur de Module:</a></th><td>session_crypto_module</td></tr> diff --git a/docs/manual/mod/mod_session_crypto.xml.fr b/docs/manual/mod/mod_session_crypto.xml.fr index 92cb9061d9..3744b5e8ad 100644 --- a/docs/manual/mod/mod_session_crypto.xml.fr +++ b/docs/manual/mod/mod_session_crypto.xml.fr @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?> -<!-- English Revision : 1562488 --> +<!-- English Revision: 1562488:1587098 (outdated) --> <!-- French translation : Lucien GENTIS --> <!-- Reviewed by : Vincent Deffontaines --> diff --git a/docs/manual/mod/mod_session_crypto.xml.meta b/docs/manual/mod/mod_session_crypto.xml.meta index 56dc35d438..13199c7d6c 100644 --- a/docs/manual/mod/mod_session_crypto.xml.meta +++ b/docs/manual/mod/mod_session_crypto.xml.meta @@ -8,6 +8,6 @@ <variants> <variant>en</variant> - <variant>fr</variant> + <variant outdated="yes">fr</variant> </variants> </metafile> diff --git a/docs/manual/mod/mod_ssl.html.fr b/docs/manual/mod/mod_ssl.html.fr index ea5edf1c12..4c9691ba9c 100644 --- a/docs/manual/mod/mod_ssl.html.fr +++ b/docs/manual/mod/mod_ssl.html.fr @@ -1041,8 +1041,6 @@ du serveur par ordre de préférence</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.1 d'Apache, à condition -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Normalement, ce sont les préférences du client qui sont prises en compte lors du choix d'un algorithme de chiffrement au cours d'une @@ -1103,8 +1101,6 @@ OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Cette directive permet de définir le répondeur OCSP par défaut. Si la directive <code class="directive"><a href="#sslocspoverrideresponder">SSLOCSPOverrideResponder</a></code> n'est pas activée, @@ -1122,8 +1118,6 @@ client</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Cette directive permet d'activer la validation OCSP de la chaîne de certificats du client. Si elle est activée, les certificats de la chaîne @@ -1151,8 +1145,6 @@ la validation OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, à condition -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Force l'utilisation, au cours d'une validation OCSP de certificat, du répondeur OCSP par défaut spécifié dans la configuration, que le @@ -1169,8 +1161,6 @@ non.</p> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Cette option permet de définir le délai d'attente pour les requêtes à destination des répondeurs OCSP, lorsque la directive <code class="directive"><a href="#sslocspenable">SSLOCSPEnable</a></code> est à on.</p> @@ -1185,8 +1175,6 @@ destination des répondeurs OCSP, lorsque la directive <code class="directive"><a <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Cette option permet de définir l'âge maximum autorisé (la "fraicheur") des réponses OCSP. La valeur par défault (<code>-1</code>) @@ -1205,8 +1193,6 @@ réponses OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3 de httpd, sous réserve -d'utiliser une version 0.9.7 ou supérieure d'OpenSSL</td></tr> </table> <p>Cette option permet de définir la dérive temporelle maximale autorisée pour les réponses OCSP (lors de la vérification des champs @@ -1441,12 +1427,17 @@ cette demande peut être formulée parmi les trois suivantes :</p> <li><code>exec:/chemin/vers/programme</code> <p> Ici, un programme externe est appelé au démarrage du serveur pour - chaque fichier de clé privée chiffré. Il est appelé avec deux - arguments (le premier est de la forme + chaque fichier de clé privée chiffré. Jusqu'à + la version 2.4.7, il était appelé avec deux + arguments (le premier était de la forme ``<code>nom-serveur:port</code>'', le second est ``<code>RSA</code>'', ``<code>DSA</code>'' ou ``<code>ECC</code>''), qui indiquent pour quels serveur et algorithme il doit écrire le mot de - passe correspondant sur <code>stdout</code>. Le but recherché est + passe correspondant sur <code>stdout</code>. Depuis la version + 2.4.9, il est appelé avec un seul argument, une chaîne de la forme + "<code>servername:portnumber:index</code>" (où <code>index</code> + est un numéro d'ordre commençant à zéro), qui spécifie le serveur, + le port TCP et un numéro de certificat. Le but recherché est l'exécution de vérifications de sécurité préalables permettant de s'assurer que le système n'est pas victime d'une attaque, et de ne fournir le mot de passe que si toutes les vérifications ont été @@ -2468,8 +2459,7 @@ enregistrée dans la variable d'environnement <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Si <code class="directive"><a href="#sslusestapling">SSLUseStapling</a></code> est à "on", cette directive permet de configurer le cache destiné à stocker les @@ -2490,8 +2480,7 @@ agrafage OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de définir la durée de vie des réponses <em>invalides</em> dans le cache pour agrafage OCSP configuré via la @@ -2509,8 +2498,7 @@ définir la durée de vie des réponses valides, voir la directive <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Lorsque cette directive est activée, et si une requête vers un serveur OCSP à des fins d'inclusion dans une négociation TLS échoue, @@ -2527,8 +2515,7 @@ AIA du certificat</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de remplacer l'URI du serveur OCSP extraite de l'extension authorityInfoAccess (AIA) du certificat. Elle peut s'avérer @@ -2545,8 +2532,7 @@ OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de définir le temps d'attente maximum lorsque mod_ssl envoie une requête vers un serveur OCSP afin d'obtenir une @@ -2565,8 +2551,7 @@ négociation TLS</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de définir l'âge maximum autorisé ("fraîcheur") des réponses OCSP incluses dans la négociation TLS @@ -2587,8 +2572,7 @@ négociation TLS</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de spécifier l'intervalle de temps maximum que mod_ssl va calculer en faisant la différence entre les contenus des @@ -2608,8 +2592,7 @@ OCSP</td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Lorsque cette directive est activée, mod_ssl va transmettre au client les réponses concernant les requêtes OCSP échouées (erreurs d'état, réponses @@ -2627,8 +2610,7 @@ négociation TLS avec les clients.</p> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet de définir la durée de vie des réponses OCSP dans le cache configuré via la directive <code class="directive"><a href="#sslstaplingcache">SSLStaplingCache</a></code>. Elle ne s'applique qu'aux @@ -2705,8 +2687,7 @@ La valeur de l'argument <em>nom-var</em> peut correspondre à toute <a href="#env <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur, serveur virtuel</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.3 du serveur HTTP -Apache, si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible si on utilise OpenSSL version 0.9.8h ou supérieure</td></tr> </table> <p>Cette directive permet d'activer l'"Agrafage OCSP" (OCSP stapling) selon la définition de l'extension TLS "Certificate Status Request" diff --git a/docs/manual/mod/mod_suexec.html.fr b/docs/manual/mod/mod_suexec.html.fr index d57fe728e3..eedfd3ec38 100644 --- a/docs/manual/mod/mod_suexec.html.fr +++ b/docs/manual/mod/mod_suexec.html.fr @@ -68,7 +68,7 @@ doivent s'exécuter</td></tr> <div class="example"><h3>Exemple</h3><pre class="prettyprint lang-config">SuexecUserGroup nobody nogroup</pre> </div> - <p>Depuis la version 2.3.9, le démarrage va échouer si cette + <p>Le démarrage échouera si cette directive est spécifiée et si la fonctionnalité suEXEC est désactivée.</p> diff --git a/docs/manual/mod/mod_suexec.html.tr.utf8 b/docs/manual/mod/mod_suexec.html.tr.utf8 index 93d0911a23..5df4e71b24 100644 --- a/docs/manual/mod/mod_suexec.html.tr.utf8 +++ b/docs/manual/mod/mod_suexec.html.tr.utf8 @@ -30,6 +30,7 @@ <a href="../ko/mod/mod_suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="../tr/mod/mod_suexec.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son deÄŸiÅŸiklikler için Ä°ngilizce sürüm geçerlidir.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>CGI betiklerinin belli bir kullanıcı ve grubun aidiyetinde çalışmasını mümkün kılar.</td></tr> <tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Eklenti</td></tr> diff --git a/docs/manual/mod/mod_suexec.xml.meta b/docs/manual/mod/mod_suexec.xml.meta index a36cfe3e4c..e906e43a73 100644 --- a/docs/manual/mod/mod_suexec.xml.meta +++ b/docs/manual/mod/mod_suexec.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant outdated="yes">fr</variant> + <variant>fr</variant> <variant outdated="yes">ja</variant> <variant outdated="yes">ko</variant> <variant outdated="yes">tr</variant> diff --git a/docs/manual/mod/mod_unixd.html.fr b/docs/manual/mod/mod_unixd.html.fr index 22635fa886..e2e8e2d4b9 100644 --- a/docs/manual/mod/mod_unixd.html.fr +++ b/docs/manual/mod/mod_unixd.html.fr @@ -128,7 +128,6 @@ appropriés, Off dans le cas contraire</code></td></tr> <tr><th><a href="directive-dict.html#Context">Contexte:</a></th><td>configuration du serveur</td></tr> <tr><th><a href="directive-dict.html#Status">Statut:</a></th><td>Base</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_unixd</td></tr> -<tr><th><a href="directive-dict.html#Compatibility">Compatibilité:</a></th><td>Disponible depuis la version 2.3.9 d'Apache httpd</td></tr> </table> <p>Lorsque cette directive est définie à On, le démarrage échouera si le binaire suexec n'existe pas, ou possède un propriétaire ou mode diff --git a/docs/manual/mod/mod_unixd.html.tr.utf8 b/docs/manual/mod/mod_unixd.html.tr.utf8 index c04b239fc0..c572e61cb9 100644 --- a/docs/manual/mod/mod_unixd.html.tr.utf8 +++ b/docs/manual/mod/mod_unixd.html.tr.utf8 @@ -28,6 +28,7 @@ <a href="../fr/mod/mod_unixd.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | <a href="../tr/mod/mod_unixd.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son deÄŸiÅŸiklikler için Ä°ngilizce sürüm geçerlidir.</div> <table class="module"><tr><th><a href="module-dict.html#Description">Açıklama:</a></th><td>Unix ailesi platformlar için temel (gerekli) güvenlik.</td></tr> <tr><th><a href="module-dict.html#Status">Durum:</a></th><td>Temel</td></tr> <tr><th><a href="module-dict.html#ModuleIdentifier">Modül Betimleyici:</a></th><td>unixd_module</td></tr> diff --git a/docs/manual/mod/mod_unixd.xml.meta b/docs/manual/mod/mod_unixd.xml.meta index 4fa182e034..a29d129e5f 100644 --- a/docs/manual/mod/mod_unixd.xml.meta +++ b/docs/manual/mod/mod_unixd.xml.meta @@ -8,7 +8,7 @@ <variants> <variant>en</variant> - <variant outdated="yes">fr</variant> + <variant>fr</variant> <variant outdated="yes">tr</variant> </variants> </metafile> diff --git a/docs/manual/mod/quickreference.html.de b/docs/manual/mod/quickreference.html.de index 10e3423f42..597327b3d6 100644 --- a/docs/manual/mod/quickreference.html.de +++ b/docs/manual/mod/quickreference.html.de @@ -237,6 +237,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and passwords for authentication</td></tr> diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index d1da1942f3..4fcdee1956 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -233,6 +233,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and passwords for authentication</td></tr> diff --git a/docs/manual/mod/quickreference.html.es b/docs/manual/mod/quickreference.html.es index 37d4be59e7..8687ed5628 100644 --- a/docs/manual/mod/quickreference.html.es +++ b/docs/manual/mod/quickreference.html.es @@ -240,6 +240,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and passwords for authentication</td></tr> diff --git a/docs/manual/mod/quickreference.html.fr b/docs/manual/mod/quickreference.html.fr index e710cfbd28..a97835480e 100644 --- a/docs/manual/mod/quickreference.html.fr +++ b/docs/manual/mod/quickreference.html.fr @@ -293,6 +293,12 @@ utiliser</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Regroupe un ensemble de directives qui constituent une extension d'un fournisseur d'authentification de base et lui attribue l'alias spécifié</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type d'authentification utilisateur</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>chemin-fichier</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit le nom d'un fichier texte pour l'authentification contenant la liste des utilisateurs et de leurs mots de @@ -534,7 +540,7 @@ requête</td></tr> <tr><td><a href="mod_ext_filter.html#extfilterdefine">ExtFilterDefine <var>nom filtre</var> <var>paramètres</var></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Définit un filtre externe</td></tr> <tr class="odd"><td><a href="mod_ext_filter.html#extfilteroptions">ExtFilterOptions <var>option</var> [<var>option</var>] ...</a></td><td> NoLogStderr </td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configure les options de <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code></td></tr> -<tr><td><a href="mod_dir.html#fallbackresource" id="F" name="F">FallbackResource disabled <var>url-locale</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit une URL par défaut pour les requêtes qui ne ciblent +<tr><td><a href="mod_dir.html#fallbackresource" id="F" name="F">FallbackResource disabled | <var>url-locale</var></a></td><td></td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Définit une URL par défaut pour les requêtes qui ne ciblent aucun fichier</td></tr> <tr class="odd"><td><a href="core.html#fileetag">FileETag <var>composant</var> ...</a></td><td> MTime Size </td><td>svdh</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Caractéristiques de fichier utilisées lors de la génération de l'en-tête de réponse HTTP ETag pour les fichiers statiques</td></tr> @@ -630,7 +636,7 @@ dans la partie arguments de la requête</td></tr> [<var>chemin-fichier</var>] ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Fichiers .dll ISAPI devant être chargés au démarrage</td></tr> -<tr><td><a href="mod_isapi.html#isapifakeasync">ISAPIFakeAsync on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Émulation du support des entrées/sorties asynchrones pour +<tr><td><a href="mod_isapi.html#isapifakeasync">ISAPIFakeAsync on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr><td class="descr" colspan="4">Emulation du support des entrées/sorties asynchrones pour les appels ISAPI</td></tr> <tr class="odd"><td><a href="mod_isapi.html#isapilognotsupported">ISAPILogNotSupported on|off</a></td><td> off </td><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Journalisation des demandes de fonctionnalités non supportées de la part des extensions ISAPI</td></tr> diff --git a/docs/manual/mod/quickreference.html.ja.utf8 b/docs/manual/mod/quickreference.html.ja.utf8 index 34c49efe12..b03a17ca14 100644 --- a/docs/manual/mod/quickreference.html.ja.utf8 +++ b/docs/manual/mod/quickreference.html.ja.utf8 @@ -232,6 +232,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">èªè¨¼ã«ä½¿ç”¨ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã¨ãƒ‘スワードã®ä¸€è¦§ãŒæ ¼ç´ã•ã‚Œã¦ã„る〠テã‚ストファイルã®åå‰ã‚’è¨å®šã™ã‚‹</td></tr> diff --git a/docs/manual/mod/quickreference.html.ko.euc-kr b/docs/manual/mod/quickreference.html.ko.euc-kr index 7f2ec5e6e8..60c3ede205 100644 --- a/docs/manual/mod/quickreference.html.ko.euc-kr +++ b/docs/manual/mod/quickreference.html.ko.euc-kr @@ -226,6 +226,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">ÀÎÁõÇÒ »ç¿ëÀÚ¸í¿Í ¾ÏÈ£ ¸ñ·ÏÀ» ÀúÀåÇÏ´Â ¹®ÀÚÆÄÀϸíÀ» ÁöÁ¤ÇÑ´Ù</td></tr> diff --git a/docs/manual/mod/quickreference.html.tr.utf8 b/docs/manual/mod/quickreference.html.tr.utf8 index d796f39464..5d47f4dc93 100644 --- a/docs/manual/mod/quickreference.html.tr.utf8 +++ b/docs/manual/mod/quickreference.html.tr.utf8 @@ -236,6 +236,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>T</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>T</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and passwords for authentication</td></tr> diff --git a/docs/manual/mod/quickreference.html.zh-cn.utf8 b/docs/manual/mod/quickreference.html.zh-cn.utf8 index 62d555bb9e..c9ee3fd4b1 100644 --- a/docs/manual/mod/quickreference.html.zh-cn.utf8 +++ b/docs/manual/mod/quickreference.html.zh-cn.utf8 @@ -228,6 +228,12 @@ authentication</td></tr> ... </AuthnProviderAlias></a></td><td></td><td>s</td><td>B</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias</td></tr> +<tr class="odd"><td><a href="mod_authnz_fcgi.html#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code> +<em>option</em> ...</a></td><td></td><td>d</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enables a FastCGI application to handle the check_authn +authentication hook.</td></tr> +<tr><td><a href="mod_authnz_fcgi.html#authnzfcgidefineprovider">AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em> +<em>backend-address</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">Defines a FastCGI application as a provider for +authentication and/or authorization</td></tr> <tr class="odd"><td><a href="mod_authn_core.html#authtype">AuthType None|Basic|Digest|Form</a></td><td></td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Type of user authentication</td></tr> <tr><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td></td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list of users and passwords for authentication</td></tr> diff --git a/docs/manual/sitemap.html.de b/docs/manual/sitemap.html.de index 362b8632af..a820a1f130 100644 --- a/docs/manual/sitemap.html.de +++ b/docs/manual/sitemap.html.de @@ -201,6 +201,7 @@ HPUX betreiben</a></li> <li><a href="mod/mod_authn_dbm.html">Apache-Modul mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Apache-Modul mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Apache-Modul mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Apache-Modul mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Apache-Modul mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Apache-Modul mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Apache-Modul mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en index 1c575c8561..4d661f2047 100644 --- a/docs/manual/sitemap.html.en +++ b/docs/manual/sitemap.html.en @@ -201,6 +201,7 @@ log_server_status</a></li> <li><a href="mod/mod_authn_dbm.html">Apache Module mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Apache Module mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Apache Module mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Apache Module mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Apache Module mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Apache Module mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Apache Module mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.es b/docs/manual/sitemap.html.es index 567674cae7..3d3a0f210c 100644 --- a/docs/manual/sitemap.html.es +++ b/docs/manual/sitemap.html.es @@ -183,6 +183,7 @@ usados para describir las directivas de Apache</a></li> <li><a href="mod/mod_authn_dbm.html">Módulo Apache mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Módulo Apache mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Módulo Apache mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Módulo Apache mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Módulo Apache mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Módulo Apache mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Módulo Apache mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.fr b/docs/manual/sitemap.html.fr index 04adda8931..9c62f0a30a 100644 --- a/docs/manual/sitemap.html.fr +++ b/docs/manual/sitemap.html.fr @@ -216,6 +216,7 @@ pour décrire les directives Apache</a></li> <li><a href="mod/mod_authn_dbm.html">Module Apache mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Module Apache mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Module Apache mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Module Apache mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Module Apache mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Module Apache mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Module Apache mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.ja.utf8 b/docs/manual/sitemap.html.ja.utf8 index 549f8b9690..6c3e5295bc 100644 --- a/docs/manual/sitemap.html.ja.utf8 +++ b/docs/manual/sitemap.html.ja.utf8 @@ -182,6 +182,7 @@ <li><a href="mod/mod_authn_dbm.html">Apache モジュール mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Apache モジュール mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Apache モジュール mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Apache モジュール mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Apache モジュール mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Apache モジュール mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Apache モジュール mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.ko.euc-kr b/docs/manual/sitemap.html.ko.euc-kr index a2f0aea9ff..8a264d6aea 100644 --- a/docs/manual/sitemap.html.ko.euc-kr +++ b/docs/manual/sitemap.html.ko.euc-kr @@ -181,6 +181,7 @@ <li><a href="mod/mod_authn_dbm.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">¾ÆÆÄÄ¡ ¸ðµâ mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.tr.utf8 b/docs/manual/sitemap.html.tr.utf8 index 82c6cc3351..016a64d43a 100644 --- a/docs/manual/sitemap.html.tr.utf8 +++ b/docs/manual/sitemap.html.tr.utf8 @@ -196,6 +196,7 @@ Windows ile Apache Kullanımı</a></li> <li><a href="mod/mod_authn_dbm.html">Apache Modülü mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Apache Modülü mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Apache Modülü mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Apache Modülü mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Apache Modülü mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Apache Modülü mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Apache Modülü mod_authz_dbd</a></li> diff --git a/docs/manual/sitemap.html.zh-cn.utf8 b/docs/manual/sitemap.html.zh-cn.utf8 index 739c08a5f1..10662e2e3d 100644 --- a/docs/manual/sitemap.html.zh-cn.utf8 +++ b/docs/manual/sitemap.html.zh-cn.utf8 @@ -182,6 +182,7 @@ <li><a href="mod/mod_authn_dbm.html">Apache æ¨¡å— mod_authn_dbm</a></li> <li><a href="mod/mod_authn_file.html">Apache æ¨¡å— mod_authn_file</a></li> <li><a href="mod/mod_authn_socache.html">Apache æ¨¡å— mod_authn_socache</a></li> +<li><a href="mod/mod_authnz_fcgi.html">Apache æ¨¡å— mod_authnz_fcgi</a></li> <li><a href="mod/mod_authnz_ldap.html">Apache æ¨¡å— mod_authnz_ldap</a></li> <li><a href="mod/mod_authz_core.html">Apache æ¨¡å— mod_authz_core</a></li> <li><a href="mod/mod_authz_dbd.html">Apache æ¨¡å— mod_authz_dbd</a></li> diff --git a/modules/aaa/config.m4 b/modules/aaa/config.m4 index 4f3ba4f739..b443761d2b 100644 --- a/modules/aaa/config.m4 +++ b/modules/aaa/config.m4 @@ -55,6 +55,10 @@ APACHE_MODULE(authnz_ldap, LDAP based authentication, , , most, [ fi ]) +dnl FastCGI authorizer interface, supporting authn and authz. +APACHE_MODULE(authnz_fcgi, + FastCGI authorizer-based authentication and authorization, , , no) + dnl - host access control compatibility modules. Implements Order, Allow, dnl Deny, Satisfy for backward compatibility. These directives have been dnl deprecated in 2.4. diff --git a/modules/aaa/mod_authnz_fcgi.c b/modules/aaa/mod_authnz_fcgi.c new file mode 100644 index 0000000000..673b0e774d --- /dev/null +++ b/modules/aaa/mod_authnz_fcgi.c @@ -0,0 +1,1358 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "apr_hash.h" +#include "apr_lib.h" +#include "apr_strings.h" + +#include "ap_provider.h" +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_protocol.h" +#include "http_request.h" +#include "http_log.h" +#include "util_script.h" +#include "ap_provider.h" +#include "mod_auth.h" +#include "util_fcgi.h" +#include "ap_mmn.h" + +module AP_MODULE_DECLARE_DATA authnz_fcgi_module; + +typedef struct { + const char *name; /* provider name */ + const char *backend; /* backend address, as configured */ + const char *host; + apr_port_t port; + apr_sockaddr_t *backend_addrs; + int is_authn; + int is_authz; +} fcgi_provider_conf; + +typedef struct { + const char *name; /* provider name */ + const char *default_user; /* this is user if authorizer returns + * success and a user expression yields + * empty string + */ + ap_expr_info_t *user_expr; /* expr to evaluate to set r->user */ + char authoritative; /* fail request if user is rejected? */ + char require_basic_auth; /* fail if client didn't send credentials? */ +} fcgi_dir_conf; + +typedef struct { + /* If an "authnz" provider successfully authenticates, record + * the provider name here for checking during authz. + */ + const char *successful_authnz_provider; +} fcgi_request_notes; + +static apr_hash_t *fcgi_authn_providers, *fcgi_authz_providers; + +#define FCGI_IO_TIMEOUT apr_time_from_sec(30) + +#ifndef NON200_RESPONSE_BUF_LEN +#define NON200_RESPONSE_BUF_LEN 8192 +#endif + +/* fcgi://{hostname|IPv4|IPv6}:port[/] */ +#define FCGI_BACKEND_REGEX_STR "m%^fcgi://(.*):(\\d{1,5})/?$%" + +/* + * utility function to connect to a peer; generally useful, but + * wait for AF_UNIX support in this mod before thinking about how + * to make it available to other modules + */ +static apr_status_t connect_to_peer(apr_socket_t **newsock, + request_rec *r, + apr_sockaddr_t *backend_addrs, + const char *backend_name, + apr_interval_time_t timeout) +{ + apr_status_t rv = APR_EINVAL; /* returned if no backend addr was provided + */ + int connected = 0; + apr_sockaddr_t *addr = backend_addrs; + + while (addr && !connected) { + int loglevel = addr->next ? APLOG_DEBUG : APLOG_ERR; + rv = apr_socket_create(newsock, addr->family, + SOCK_STREAM, 0, r->pool); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, loglevel, rv, r, + APLOGNO(02494) "error creating family %d socket " + "for target %s", + addr->family, backend_name); + addr = addr->next; + continue; + } + + apr_socket_opt_set(*newsock, APR_TCP_NODELAY, 1); + apr_socket_timeout_set(*newsock, + timeout ? timeout : r->server->timeout); + + rv = apr_socket_connect(*newsock, addr); + if (rv != APR_SUCCESS) { + apr_socket_close(*newsock); + ap_log_rerror(APLOG_MARK, loglevel, rv, r, + APLOGNO(02495) "attempt to connect to %pI (%s) " + "failed", addr, backend_name); + addr = addr->next; + continue; + } + + connected = 1; + } + + return rv; +#undef FN_LOG_MARK +} + +static void log_provider_info(const fcgi_provider_conf *conf, request_rec *r) +{ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02496) "name %s, backend %s, host %s, port %d, " + "first address %pI, %c%c", + conf->name, + conf->backend, + conf->host, + (int)conf->port, + conf->backend_addrs, + conf->is_authn ? 'N' : '_', + conf->is_authz ? 'Z' : '_'); +} + +static void setupenv(request_rec *r, const char *password, const char *apache_role) +{ + ap_add_common_vars(r); + ap_add_cgi_vars(r); + apr_table_setn(r->subprocess_env, "FCGI_ROLE", AP_FCGI_AUTHORIZER_STR); + if (apache_role) { + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", apache_role); + } + if (password) { + apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); + } + /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, + * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass + * PROXY_AUTH to allow CGI to perform proxy auth for httpd + */ + apr_table_unset(r->subprocess_env, "CONTENT_LENGTH"); + apr_table_unset(r->subprocess_env, "PATH_INFO"); + apr_table_unset(r->subprocess_env, "PATH_TRANSLATED"); + apr_table_unset(r->subprocess_env, "SCRIPT_NAME"); + apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE"); + apr_table_unset(r->subprocess_env, "HTTP_TE"); + apr_table_unset(r->subprocess_env, "HTTP_TRAILER"); + apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING"); + apr_table_unset(r->subprocess_env, "HTTP_UPGRADE"); + + /* Connection hop-by-hop header to prevent the CGI from hanging */ + apr_table_setn(r->subprocess_env, "HTTP_CONNECTION", "close"); +} + +static apr_status_t recv_data(const fcgi_provider_conf *conf, + request_rec *r, + apr_socket_t *s, + char *buf, + apr_size_t *buflen) +{ + apr_status_t rv; + + rv = apr_socket_recv(s, buf, buflen); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02497) "Couldn't read from backend %s", + conf->backend); + return rv; + } + +#if AP_MODULE_MAGIC_AT_LEAST(20130702,2) + ap_log_rdata(APLOG_MARK, APLOG_TRACE5, r, "FastCGI data received", + buf, *buflen, AP_LOG_DATA_SHOW_OFFSET); +#endif + return APR_SUCCESS; +} + +static apr_status_t recv_data_full(const fcgi_provider_conf *conf, + request_rec *r, + apr_socket_t *s, + char *buf, + apr_size_t buflen) +{ + apr_size_t readlen; + apr_size_t cumulative_len = 0; + apr_status_t rv; + + do { + readlen = buflen - cumulative_len; + rv = recv_data(conf, r, s, buf + cumulative_len, &readlen); + if (rv != APR_SUCCESS) { + return rv; + } + cumulative_len += readlen; + } while (cumulative_len < buflen); + + return APR_SUCCESS; +} + +static apr_status_t sendv_data(const fcgi_provider_conf *conf, + request_rec *r, + apr_socket_t *s, + struct iovec *vec, + int nvec, + apr_size_t *len) +{ + apr_size_t to_write = 0, written = 0; + apr_status_t rv = APR_SUCCESS; + int i, offset; + + for (i = 0; i < nvec; i++) { + to_write += vec[i].iov_len; +#if AP_MODULE_MAGIC_AT_LEAST(20130702,2) + ap_log_rdata(APLOG_MARK, APLOG_TRACE5, r, "FastCGI data sent", + vec[i].iov_base, vec[i].iov_len, AP_LOG_DATA_SHOW_OFFSET); +#endif + } + + offset = 0; + while (to_write) { + apr_size_t n = 0; + rv = apr_socket_sendv(s, vec + offset, nvec - offset, &n); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02498) "Sending data to %s failed", + conf->backend); + break; + } + if (n > 0) { + written += n; + if (written >= to_write) + break; /* short circuit out */ + for (i = offset; i < nvec; ) { + if (n >= vec[i].iov_len) { + offset++; + n -= vec[i++].iov_len; + } else { + vec[i].iov_len -= n; + vec[i].iov_base = (char *) vec[i].iov_base + n; + break; + } + } + } + } + + *len = written; + + return rv; +} + +static apr_status_t send_begin_request(request_rec *r, + const fcgi_provider_conf *conf, + apr_socket_t *s, int role, + apr_uint16_t request_id) +{ + struct iovec vec[2]; + ap_fcgi_header header; + unsigned char farray[AP_FCGI_HEADER_LEN]; + ap_fcgi_begin_request_body brb; + unsigned char abrb[AP_FCGI_HEADER_LEN]; + apr_size_t len; + + ap_fcgi_fill_in_header(&header, AP_FCGI_BEGIN_REQUEST, request_id, + sizeof(abrb), 0); + ap_fcgi_fill_in_request_body(&brb, role, 0 /* *NOT* AP_FCGI_KEEP_CONN */); + + ap_fcgi_header_to_array(&header, farray); + ap_fcgi_begin_request_body_to_array(&brb, abrb); + + vec[0].iov_base = (void *)farray; + vec[0].iov_len = sizeof(farray); + vec[1].iov_base = (void *)abrb; + vec[1].iov_len = sizeof(abrb); + + return sendv_data(conf, r, s, vec, 2, &len); +} + +static apr_status_t send_environment(apr_socket_t *s, + const fcgi_provider_conf *conf, + request_rec *r, apr_uint16_t request_id, + apr_pool_t *temp_pool) +{ + const char *fn = "send_environment"; + const apr_array_header_t *envarr; + const apr_table_entry_t *elts; + struct iovec vec[2]; + ap_fcgi_header header; + unsigned char farray[AP_FCGI_HEADER_LEN]; + char *body; + apr_status_t rv; + apr_size_t avail_len, len, required_len; + int i, next_elem, starting_elem; + + envarr = apr_table_elts(r->subprocess_env); + elts = (const apr_table_entry_t *) envarr->elts; + + if (APLOG_R_IS_LEVEL(r, APLOG_TRACE2)) { + + for (i = 0; i < envarr->nelts; ++i) { + if (!elts[i].key) { + continue; + } + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, + "%s: '%s': '%s'", + fn, elts[i].key, + !strcmp(elts[i].key, "REMOTE_PASSWD") ? + "XXXXXXXX" : elts[i].val); + } + } + + /* Send envvars over in as many FastCGI records as it takes, */ + next_elem = 0; /* starting with the first one */ + + avail_len = 16 * 1024; /* our limit per record, which could have been up + * to AP_FCGI_MAX_CONTENT_LEN + */ + + while (next_elem < envarr->nelts) { + starting_elem = next_elem; + required_len = ap_fcgi_encoded_env_len(r->subprocess_env, + avail_len, + &next_elem); + + if (!required_len) { + if (next_elem < envarr->nelts) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + APLOGNO(02499) "couldn't encode envvar '%s' in %" + APR_SIZE_T_FMT " bytes", + elts[next_elem].key, avail_len); + /* skip this envvar and continue */ + ++next_elem; + continue; + } + /* only an unused element at the end of the array */ + break; + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02500) "required len for encoding envvars: %" + APR_SIZE_T_FMT ", %d/%d elems processed so far", + required_len, next_elem, envarr->nelts); + + body = apr_palloc(temp_pool, required_len); + rv = ap_fcgi_encode_env(r, r->subprocess_env, body, required_len, + &starting_elem); + /* we pre-compute, so we can't run out of space */ + ap_assert(rv == APR_SUCCESS); + /* compute and encode must be in sync */ + ap_assert(starting_elem == next_elem); + + ap_fcgi_fill_in_header(&header, AP_FCGI_PARAMS, request_id, + (apr_uint16_t)required_len, 0); + ap_fcgi_header_to_array(&header, farray); + + vec[0].iov_base = (void *)farray; + vec[0].iov_len = sizeof(farray); + vec[1].iov_base = body; + vec[1].iov_len = required_len; + + rv = sendv_data(conf, r, s, vec, 2, &len); + apr_pool_clear(temp_pool); + + if (rv) { + return rv; + } + } + + /* Envvars sent, so say we're done */ + ap_fcgi_fill_in_header(&header, AP_FCGI_PARAMS, request_id, 0, 0); + ap_fcgi_header_to_array(&header, farray); + + vec[0].iov_base = (void *)farray; + vec[0].iov_len = sizeof(farray); + + return sendv_data(conf, r, s, vec, 1, &len); +} + +/* + * This header-state logic is from mod_proxy_fcgi. + */ +enum { + HDR_STATE_READING_HEADERS, + HDR_STATE_GOT_CR, + HDR_STATE_GOT_CRLF, + HDR_STATE_GOT_CRLFCR, + HDR_STATE_GOT_LF, + HDR_STATE_DONE_WITH_HEADERS +}; + +/* Try to find the end of the script headers in the response from the back + * end fastcgi server. STATE holds the current header parsing state for this + * request. + * + * Returns 0 if it can't find the end of the headers, and 1 if it found the + * end of the headers. */ +static int handle_headers(request_rec *r, + int *state, + char *readbuf) +{ + const char *itr = readbuf; + + while (*itr) { + if (*itr == '\r') { + switch (*state) { + case HDR_STATE_GOT_CRLF: + *state = HDR_STATE_GOT_CRLFCR; + break; + + default: + *state = HDR_STATE_GOT_CR; + break; + } + } + else if (*itr == '\n') { + switch (*state) { + case HDR_STATE_GOT_LF: + *state = HDR_STATE_DONE_WITH_HEADERS; + break; + + case HDR_STATE_GOT_CR: + *state = HDR_STATE_GOT_CRLF; + break; + + case HDR_STATE_GOT_CRLFCR: + *state = HDR_STATE_DONE_WITH_HEADERS; + break; + + default: + *state = HDR_STATE_GOT_LF; + break; + } + } + else { + *state = HDR_STATE_READING_HEADERS; + } + + if (*state == HDR_STATE_DONE_WITH_HEADERS) + break; + + ++itr; + } + + if (*state == HDR_STATE_DONE_WITH_HEADERS) { + return 1; + } + + return 0; +} + +/* + * handle_response() is based on mod_proxy_fcgi's dispatch() + */ +static apr_status_t handle_response(const fcgi_provider_conf *conf, + request_rec *r, apr_socket_t *s, + apr_pool_t *temp_pool, + apr_uint16_t request_id, + char *rspbuf, + apr_size_t *rspbuflen) +{ + apr_bucket *b; + apr_bucket_brigade *ob; + apr_size_t orspbuflen; + apr_status_t rv = APR_SUCCESS; + const char *fn = "handle_response"; + int header_state = HDR_STATE_READING_HEADERS; + int seen_end_of_headers = 0, done = 0; + + if (rspbuflen) { + orspbuflen = *rspbuflen; + *rspbuflen = 0; /* unless we actually read something */ + } + + ob = apr_brigade_create(r->pool, r->connection->bucket_alloc); + + while (!done && rv == APR_SUCCESS) { /* Keep reading FastCGI records until + * we get AP_FCGI_END_REQUEST (done) + * or an error occurs. + */ + apr_size_t readbuflen; + apr_uint16_t clen; + apr_uint16_t rid; + char readbuf[AP_IOBUFSIZE + 1]; + unsigned char farray[AP_FCGI_HEADER_LEN]; + unsigned char plen; + unsigned char type; + unsigned char version; + + rv = recv_data_full(conf, r, s, (char *)farray, AP_FCGI_HEADER_LEN); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02501) "%s: Error occurred before reading " + "entire header", fn); + break; + } + + ap_fcgi_header_fields_from_array(&version, &type, &rid, &clen, &plen, + farray); + + if (version != AP_FCGI_VERSION_1) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02502) "%s: Got bogus FastCGI header " + "version %d", fn, (int)version); + rv = APR_EINVAL; + break; + } + + if (rid != request_id) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02503) "%s: Got bogus FastCGI header " + "request id %d, expected %d", + fn, rid, request_id); + rv = APR_EINVAL; + break; + } + + recv_again: /* if we need to keep reading more of a record's content */ + + if (clen > sizeof(readbuf) - 1) { + readbuflen = sizeof(readbuf) - 1; + } else { + readbuflen = clen; + } + + /* + * Now get the actual content of the record. + */ + if (readbuflen != 0) { + rv = recv_data(conf, r, s, readbuf, &readbuflen); + if (rv != APR_SUCCESS) { + break; + } + readbuf[readbuflen] = '\0'; + } + + switch (type) { + case AP_FCGI_STDOUT: /* Response headers and optional body */ + if (clen != 0) { + b = apr_bucket_transient_create(readbuf, + readbuflen, + r->connection->bucket_alloc); + + APR_BRIGADE_INSERT_TAIL(ob, b); + + if (!seen_end_of_headers) { + int st = handle_headers(r, &header_state, readbuf); + + if (st == 1) { + int status; + + seen_end_of_headers = 1; + + status = + ap_scan_script_header_err_brigade_ex(r, ob, + NULL, + APLOG_MODULE_INDEX); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02504) "%s: script header " + "parsing -> %d/%d", + fn, status, r->status); + + if (rspbuf) { /* caller wants to see response body, + * if any + */ + apr_status_t tmprv; + + if (rspbuflen) { + *rspbuflen = orspbuflen; + } + tmprv = apr_brigade_flatten(ob, rspbuf, rspbuflen); + if (tmprv != APR_SUCCESS) { + /* should not occur for these bucket types; + * does not indicate overflow + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, tmprv, r, + APLOGNO(02505) "%s: error " + "flattening response body", + fn); + } + } + + if (status != OK) { + r->status = status; + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02506) "%s: Error parsing " + "script headers from %s", + fn, conf->backend); + rv = APR_EINVAL; + break; + } + apr_pool_clear(temp_pool); + } + else { + /* We're still looking for the end of the + * headers, so this part of the data will need + * to persist. */ + apr_bucket_setaside(b, temp_pool); + } + } + + /* If we didn't read all the data go back and get the + * rest of it. */ + if (clen > readbuflen) { + clen -= readbuflen; + goto recv_again; + } + } + break; + + case AP_FCGI_STDERR: /* Text to log */ + if (clen) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + APLOGNO(02507) "%s: Logged from %s: '%s'", + fn, conf->backend, readbuf); + } + + if (clen > readbuflen) { + clen -= readbuflen; + goto recv_again; /* continue reading this record */ + } + break; + + case AP_FCGI_END_REQUEST: + done = 1; + break; + + default: + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02508) "%s: Got bogus FastCGI record type " + "%d", fn, type); + break; + } + + /* + * Read/discard any trailing padding. + */ + if (plen) { + rv = recv_data_full(conf, r, s, readbuf, plen); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02509) "%s: Error occurred reading " + "padding", + fn); + break; + } + } + } + + apr_brigade_cleanup(ob); + + if (rv == APR_SUCCESS && !seen_end_of_headers) { + rv = APR_EINVAL; + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02510) "%s: Never reached end of script headers", + fn); + } + + return rv; +} + +/* almost from mod_fcgid */ +static int mod_fcgid_modify_auth_header(void *vars, + const char *key, const char *val) +{ + /* When the application gives a 200 response, the server ignores response + headers whose names aren't prefixed with Variable- prefix, and ignores + any response content */ + if (strncasecmp(key, "Variable-", 9) == 0) + apr_table_setn(vars, key, val); + return 1; +} + +static int fix_auth_header(void *vr, const char *key, const char *val) +{ + request_rec *r = vr; + + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "moving %s->%s", key, val); + apr_table_unset(r->err_headers_out, key); + apr_table_setn(r->subprocess_env, key + 9, val); + return 1; +} + +static void req_rsp(request_rec *r, const fcgi_provider_conf *conf, + const char *password, const char *apache_role, + char *rspbuf, apr_size_t *rspbuflen) +{ + const char *fn = "req_rsp"; + apr_pool_t *temp_pool; + apr_size_t orspbuflen; + apr_socket_t *s; + apr_status_t rv; + apr_table_t *saved_subprocess_env = + apr_table_copy(r->pool, r->subprocess_env); + + if (rspbuflen) { + orspbuflen = *rspbuflen; + *rspbuflen = 0; /* unless we actually read something */ + } + + apr_pool_create(&temp_pool, r->pool); + + setupenv(r, password, apache_role); + + rv = connect_to_peer(&s, r, conf->backend_addrs, + conf->backend, FCGI_IO_TIMEOUT); + if (rv == APR_SUCCESS) { + apr_uint16_t request_id = 1; + + rv = send_begin_request(r, conf, s, AP_FCGI_AUTHORIZER, request_id); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02511) "%s: Failed writing request to %s", + fn, conf->backend); + } + + if (rv == APR_SUCCESS) { + rv = send_environment(s, conf, r, request_id, temp_pool); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02512) "%s: Failed writing environment " + "to %s", fn, conf->backend); + } + } + + /* The responder owns the request body, not the authorizer. + * Don't even send an empty AP_FCGI_STDIN block. libfcgi doesn't care, + * but it wasn't sent to authorizers by mod_fastcgi or mod_fcgi and + * may be unhandled by the app. Additionally, the FastCGI spec does + * not mention FCGI_STDIN in the Authorizer description, though it + * does describe FCGI_STDIN elsewhere in more general terms than + * simply a wrapper for the client's request body. + */ + + if (rv == APR_SUCCESS) { + if (rspbuflen) { + *rspbuflen = orspbuflen; + } + rv = handle_response(conf, r, s, temp_pool, request_id, rspbuf, + rspbuflen); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + APLOGNO(02514) "%s: Failed handling response " + "from %s", fn, conf->backend); + } + } + + apr_socket_close(s); + } + + if (rv != APR_SUCCESS) { + /* some sort of mechanical problem */ + r->status = HTTP_INTERNAL_SERVER_ERROR; + } + else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02515) "%s: Received HTTP status %d", + fn, r->status); + } + + r->subprocess_env = saved_subprocess_env; + + if (r->status == HTTP_OK) { + /* An Authorizer application's 200 response may include headers + * whose names are prefixed with Variable-, and they should be + * available to subsequent phases via subprocess_env (and yanked + * from the client response). + */ + apr_table_t *vars = apr_table_make(temp_pool, /* not used to allocate + * any values that end up + * in r->(anything) + */ + 10); + apr_table_do(mod_fcgid_modify_auth_header, vars, + r->err_headers_out, NULL); + apr_table_do(fix_auth_header, r, vars, NULL); + } + + apr_pool_destroy(temp_pool); +} + +static int fcgi_check_authn(request_rec *r) +{ + const char *fn = "fcgi_check_authn"; + fcgi_dir_conf *dconf = ap_get_module_config(r->per_dir_config, + &authnz_fcgi_module); + const char *password = NULL; + const fcgi_provider_conf *conf; + const char *prov; + const char *auth_type; + char rspbuf[NON200_RESPONSE_BUF_LEN + 1]; /* extra byte for '\0' */ + apr_size_t rspbuflen = sizeof rspbuf - 1; + int res; + + prov = dconf && dconf->name ? dconf->name : NULL; + + if (!prov || !strcasecmp(prov, "None")) { + return DECLINED; + } + + auth_type = ap_auth_type(r); + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02516) "%s, prov %s, authoritative %s, " + "require-basic %s, user expr? %s type %s", + fn, prov, + dconf->authoritative ? "yes" : "no", + dconf->require_basic_auth ? "yes" : "no", + dconf->user_expr ? "yes" : "no", + auth_type); + + if (auth_type && !strcasecmp(auth_type, "Basic")) { + if ((res = ap_get_basic_auth_pw(r, &password))) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02517) "%s: couldn't retrieve basic auth " + "password", fn); + if (dconf->require_basic_auth) { + return res; + } + password = NULL; + } + } + + conf = apr_hash_get(fcgi_authn_providers, prov, APR_HASH_KEY_STRING); + if (!conf) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + APLOGNO(02518) "%s: can't find config for provider %s", + fn, prov); + return HTTP_INTERNAL_SERVER_ERROR; + } + + if (APLOGrdebug(r)) { + log_provider_info(conf, r); + } + + req_rsp(r, conf, password, AP_FCGI_APACHE_ROLE_AUTHENTICATOR_STR, + rspbuf, &rspbuflen); + + if (r->status == HTTP_OK) { + if (dconf->user_expr) { + const char *err; + const char *user = ap_expr_str_exec(r, dconf->user_expr, + &err); + if (user && strlen(user)) { + r->user = apr_pstrdup(r->pool, user); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02519) "%s: Setting user to '%s'", + fn, r->user); + } + else if (user && dconf->default_user) { + r->user = apr_pstrdup(r->pool, dconf->default_user); + } + else if (user) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02520) "%s: Failure extracting user " + "after calling authorizer: user expression " + "yielded empty string (variable not set?)", + fn); + r->status = HTTP_INTERNAL_SERVER_ERROR; + } + else { + /* unexpected error, not even an empty string was returned */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + APLOGNO(02521) "%s: Failure extracting user " + "after calling authorizer: %s", + fn, err); + r->status = HTTP_INTERNAL_SERVER_ERROR; + } + } + if (conf->is_authz) { + /* combined authn/authz phase, so app won't be invoked for authz + * + * Remember that the request was successfully authorized by this + * provider. + */ + fcgi_request_notes *rnotes = apr_palloc(r->pool, sizeof(*rnotes)); + rnotes->successful_authnz_provider = conf->name; + ap_set_module_config(r->request_config, &authnz_fcgi_module, + rnotes); + } + } + else { + /* From the spec: + * For Authorizer response status values other than "200" (OK), the + * Web server denies access and sends the response status, headers, + * and content back to the HTTP client. + * But: + * This only makes sense if this authorizer is authoritative. + */ + if (rspbuflen > 0 && !dconf->authoritative) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + APLOGNO(02522) "%s: Ignoring response body from non-" + "authoritative authorizer", fn); + } + else if (rspbuflen > 0) { + if (rspbuflen == sizeof rspbuf - 1) { + /* apr_brigade_flatten() interface :( */ + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + APLOGNO(02523) "%s: possible overflow handling " + "response body", fn); + } + rspbuf[rspbuflen] = '\0'; /* we reserved an extra byte for '\0' */ + ap_custom_response(r, r->status, rspbuf); /* API makes a copy */ + } + } + + return r->status == HTTP_OK ? + OK : dconf->authoritative ? r->status : DECLINED; +} + +static authn_status fcgi_check_password(request_rec *r, const char *user, + const char *password) +{ + const char *fn = "fcgi_check_password"; + const char *prov = apr_table_get(r->notes, AUTHN_PROVIDER_NAME_NOTE); + const fcgi_provider_conf *conf; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02524) "%s(%s, XXX): provider %s", + fn, user, prov); + + if (!prov) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + APLOGNO(02525) "%s: provider note isn't set", fn); + return AUTH_GENERAL_ERROR; + } + + conf = apr_hash_get(fcgi_authn_providers, prov, APR_HASH_KEY_STRING); + if (!conf) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + APLOGNO(02526) "%s: can't find config for provider %s", + fn, prov); + return AUTH_GENERAL_ERROR; + } + + if (APLOGrdebug(r)) { + log_provider_info(conf, r); + } + + req_rsp(r, conf, password, + /* combined authn and authz: FCGI_APACHE_ROLE not set */ + conf->is_authz ? NULL : AP_FCGI_APACHE_ROLE_AUTHENTICATOR_STR, + NULL, NULL); + + if (r->status == HTTP_OK) { + if (conf->is_authz) { + /* combined authn/authz phase, so app won't be invoked for authz + * + * Remember that the request was successfully authorized by this + * provider. + */ + fcgi_request_notes *rnotes = apr_palloc(r->pool, sizeof(*rnotes)); + rnotes->successful_authnz_provider = conf->name; + ap_set_module_config(r->request_config, &authnz_fcgi_module, + rnotes); + } + return AUTH_GRANTED; + } + else if (r->status == HTTP_INTERNAL_SERVER_ERROR) { + return AUTH_GENERAL_ERROR; + } + else { + return AUTH_DENIED; + } +} + +static const authn_provider fcgi_authn_provider = { + &fcgi_check_password, + NULL /* get-realm-hash not supported */ +}; + +static authz_status fcgi_authz_check(request_rec *r, + const char *require_line, + const void *parsed_require_line) +{ + const char *fn = "fcgi_authz_check"; + const char *prov = apr_table_get(r->notes, AUTHZ_PROVIDER_NAME_NOTE); + const fcgi_provider_conf *conf; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + APLOGNO(02527) "%s(%s)", fn, require_line); + + if (!prov) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + APLOGNO(02528) "%s: provider note isn't set", fn); + return AUTHZ_GENERAL_ERROR; + } + + conf = apr_hash_get(fcgi_authz_providers, prov, APR_HASH_KEY_STRING); + if (!conf) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + APLOGNO(02529) "%s: can't find config for provider %s", + fn, prov); + return AUTHZ_GENERAL_ERROR; + } + + if (APLOGrdebug(r)) { + log_provider_info(conf, r); + } + + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + if (conf->is_authn) { + /* combined authn/authz phase, so app won't be invoked for authz + * + * If the provider already successfully authorized this request, + * success. + */ + fcgi_request_notes *rnotes = ap_get_module_config(r->request_config, + &authnz_fcgi_module); + if (rnotes + && rnotes->successful_authnz_provider + && !strcmp(rnotes->successful_authnz_provider, conf->name)) { + return AUTHZ_GRANTED; + } + else { + return AUTHZ_DENIED; + } + } + else { + req_rsp(r, conf, NULL, AP_FCGI_APACHE_ROLE_AUTHORIZER_STR, NULL, NULL); + + if (r->status == HTTP_OK) { + return AUTHZ_GRANTED; + } + else if (r->status == HTTP_INTERNAL_SERVER_ERROR) { + return AUTHZ_GENERAL_ERROR; + } + else { + return AUTHZ_DENIED; + } + } +} + +static const char *fcgi_authz_parse(cmd_parms *cmd, const char *require_line, + const void **parsed_require_line) +{ + /* Allowed form: Require [not] registered-provider-name<EOS> + */ + if (strcmp(require_line, "")) { + return "mod_authnz_fcgi doesn't support restrictions on providers " + "(i.e., multiple require args)"; + } + + return NULL; +} + +static const authz_provider fcgi_authz_provider = { + &fcgi_authz_check, + &fcgi_authz_parse, +}; + +static const char *fcgi_check_authn_provider(cmd_parms *cmd, + void *d, + int argc, + char *const argv[]) +{ + const char *dname = "AuthnzFcgiCheckAuthnProvider"; + fcgi_dir_conf *dc = d; + int ca = 0; + + if (ca >= argc) { + return apr_pstrcat(cmd->pool, dname, ": No provider given", NULL); + } + + dc->name = argv[ca]; + ca++; + + if (!strcasecmp(dc->name, "None")) { + if (ca < argc) { + return "Options aren't supported with \"None\""; + } + } + + while (ca < argc) { + const char *var = argv[ca], *val; + int badarg = 0; + + ca++; + + /* at present, everything needs an argument */ + if (ca >= argc) { + return apr_pstrcat(cmd->pool, dname, ": ", var, + "needs an argument", NULL); + } + + val = argv[ca]; + ca++; + + if (!strcasecmp(var, "Authoritative")) { + if (!strcasecmp(val, "On")) { + dc->authoritative = 1; + } + else if (!strcasecmp(val, "Off")) { + dc->authoritative = 0; + } + else { + badarg = 1; + } + } + else if (!strcasecmp(var, "DefaultUser")) { + dc->default_user = val; + } + else if (!strcasecmp(var, "RequireBasicAuth")) { + if (!strcasecmp(val, "On")) { + dc->require_basic_auth = 1; + } + else if (!strcasecmp(val, "Off")) { + dc->require_basic_auth = 0; + } + else { + badarg = 1; + } + } + else if (!strcasecmp(var, "UserExpr")) { + const char *err; + int flags = AP_EXPR_FLAG_DONT_VARY | AP_EXPR_FLAG_RESTRICTED + | AP_EXPR_FLAG_STRING_RESULT; + + dc->user_expr = ap_expr_parse_cmd(cmd, val, + flags, &err, NULL); + if (err) { + return apr_psprintf(cmd->pool, "%s: Error parsing '%s': '%s'", + dname, val, err); + } + } + else { + return apr_pstrcat(cmd->pool, dname, ": Unexpected option '", + var, "'", NULL); + } + if (badarg) { + return apr_pstrcat(cmd->pool, dname, ": Bad argument '", + val, "' to option '", var, "'", NULL); + } + } + + return NULL; +} + +/* AuthnzFcgiAuthDefineProvider {authn|authz|authnz} provider-name \ + * fcgi://backendhost:backendport/ + */ +static const char *fcgi_define_provider(cmd_parms *cmd, + void *d, + int argc, + char *const argv[]) +{ + const char *dname = "AuthnzFcgiDefineProvider"; + ap_rxplus_t *fcgi_backend_regex; + apr_status_t rv; + char *host; + const char *err, *stype; + fcgi_provider_conf *conf = apr_pcalloc(cmd->pool, sizeof(*conf)); + int ca = 0, rc; + + fcgi_backend_regex = ap_rxplus_compile(cmd->pool, FCGI_BACKEND_REGEX_STR); + if (!fcgi_backend_regex) { + return apr_psprintf(cmd->pool, + "%s: failed to compile regexec '%s'", + dname, FCGI_BACKEND_REGEX_STR); + } + + err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err) + return err; + + if (ca >= argc) { + return apr_pstrcat(cmd->pool, dname, ": No type given", NULL); + } + + stype = argv[ca]; + ca++; + + if (!strcasecmp(stype, "authn")) { + conf->is_authn = 1; + } + else if (!strcasecmp(stype, "authz")) { + conf->is_authz = 1; + } + else if (!strcasecmp(stype, "authnz")) { + conf->is_authn = conf->is_authz = 1; + } + else { + return apr_pstrcat(cmd->pool, + dname, + ": Invalid provider type ", + stype, + NULL); + } + + if (ca >= argc) { + return apr_pstrcat(cmd->pool, dname, ": No provider name given", NULL); + } + conf->name = argv[ca]; + ca++; + + if (ca >= argc) { + return apr_pstrcat(cmd->pool, dname, ": No backend-address given", + NULL); + } + + rc = ap_rxplus_exec(cmd->pool, fcgi_backend_regex, argv[ca], NULL); + if (!rc || ap_rxplus_nmatch(fcgi_backend_regex) != 3) { + return apr_pstrcat(cmd->pool, + dname, ": backend-address '", + argv[ca], + "' has invalid form", + NULL); + } + + host = ap_rxplus_pmatch(cmd->pool, fcgi_backend_regex, 1); + if (host[0] == '[' && host[strlen(host) - 1] == ']') { + host += 1; + host[strlen(host) - 1] = '\0'; + } + + conf->port = atoi(ap_rxplus_pmatch(cmd->pool, fcgi_backend_regex, 2)); + if (conf->port > 65535) { + return apr_pstrcat(cmd->pool, + dname, ": backend-address '", + argv[ca], + "' has invalid port", + NULL); + } + + conf->backend = argv[ca]; + conf->host = host; + ca++; + + rv = apr_sockaddr_info_get(&conf->backend_addrs, conf->host, + APR_UNSPEC, conf->port, 0, cmd->pool); + if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, rv, NULL, + APLOGNO(02530) "Address %s could not be resolved", + conf->backend); + return apr_pstrcat(cmd->pool, + dname, + ": Error resolving backend address", + NULL); + } + + if (ca != argc) { + return apr_pstrcat(cmd->pool, + dname, + ": Unexpected parameter ", + argv[ca], + NULL); + } + + if (conf->is_authn) { + apr_hash_set(fcgi_authn_providers, conf->name, APR_HASH_KEY_STRING, + conf); + ap_register_auth_provider(cmd->pool, AUTHN_PROVIDER_GROUP, + conf->name, + AUTHN_PROVIDER_VERSION, + &fcgi_authn_provider, + AP_AUTH_INTERNAL_PER_CONF); + } + + if (conf->is_authz) { + apr_hash_set(fcgi_authz_providers, conf->name, APR_HASH_KEY_STRING, + conf); + ap_register_auth_provider(cmd->pool, AUTHZ_PROVIDER_GROUP, + conf->name, + AUTHZ_PROVIDER_VERSION, + &fcgi_authz_provider, + AP_AUTH_INTERNAL_PER_CONF); + } + + return NULL; +} + +static const command_rec fcgi_cmds[] = { + AP_INIT_TAKE_ARGV("AuthnzFcgiDefineProvider", + fcgi_define_provider, + NULL, + RSRC_CONF, + "Define a FastCGI authn and/or authz provider"), + + AP_INIT_TAKE_ARGV("AuthnzFcgiCheckAuthnProvider", + fcgi_check_authn_provider, + NULL, + OR_FILEINFO, + "Enable/disable a FastCGI authorizer to handle " + "check_authn phase"), + + {NULL} +}; + +static int fcgi_pre_config(apr_pool_t *pconf, apr_pool_t *plog, + apr_pool_t *ptemp) +{ + fcgi_authn_providers = apr_hash_make(pconf); + fcgi_authz_providers = apr_hash_make(pconf); + + return OK; +} + +static void fcgi_register_hooks(apr_pool_t *p) +{ + static const char * const auth_basic_runs_after_me[] = + {"mod_auth_basic.c", NULL}; /* to allow for custom response */ + + ap_hook_pre_config(fcgi_pre_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_check_authn(fcgi_check_authn, NULL, auth_basic_runs_after_me, + APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF); +} + +static void *create_dir_conf(apr_pool_t *p, char *dummy) +{ + fcgi_dir_conf *dconf = apr_pcalloc(p, sizeof(fcgi_dir_conf)); + + dconf->authoritative = 1; + return dconf; +} + +static void *merge_dir_conf(apr_pool_t *p, void *basev, void *overridesv) +{ + fcgi_dir_conf *a = (fcgi_dir_conf *)apr_pcalloc(p, sizeof(*a)); + fcgi_dir_conf *base = (fcgi_dir_conf *)basev, + *over = (fcgi_dir_conf *)overridesv; + + /* currently we just have a single directive applicable to a + * directory, so if it is set then grab all fields from fcgi_dir_conf + */ + if (over->name) { + memcpy(a, over, sizeof(*a)); + } + else { + memcpy(a, base, sizeof(*a)); + } + + return a; +} + +AP_DECLARE_MODULE(authnz_fcgi) = +{ + STANDARD20_MODULE_STUFF, + create_dir_conf, /* dir config creater */ + merge_dir_conf, /* dir merger */ + NULL, /* server config */ + NULL, /* merge server config */ + fcgi_cmds, /* command apr_table_t */ + fcgi_register_hooks /* register hooks */ +}; diff --git a/modules/aaa/mod_authnz_fcgi.dsp b/modules/aaa/mod_authnz_fcgi.dsp new file mode 100644 index 0000000000..a809e65084 --- /dev/null +++ b/modules/aaa/mod_authnz_fcgi.dsp @@ -0,0 +1,119 @@ +# Microsoft Developer Studio Project File - Name="mod_authnz_fcgi" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_authnz_fcgi - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_authnz_fcgi.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_authnz_fcgi.mak" CFG="mod_authnz_fcgi - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_authnz_fcgi - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_authnz_fcgi - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_authnz_fcgi - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /Oy- /Zi /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../database" /D "authnz_fcgi_DECLARE_EXPORT" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authnz_fcgi_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /fo"Release/mod_authnz_fcgi.res" /i "../../include" /i "../../srclib/apr/include" /d "NDEBUG" /d BIN_NAME="mod_authnz_fcgi.so" /d LONG_NAME="authnz_fcgi_module for Apache"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:".\Release\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Release\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so /opt:ref
+# Begin Special Build Tool
+TargetPath=.\Release\mod_authnz_fcgi.so
+SOURCE="$(InputPath)"
+PostBuild_Desc=Embed .manifest
+PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2
+# End Special Build Tool
+
+!ELSEIF "$(CFG)" == "mod_authnz_fcgi - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../database" /D "authnz_fcgi_DECLARE_EXPORT" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authnz_fcgi_src" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /fo"Debug/mod_authnz_fcgi.res" /i "../../include" /i "../../srclib/apr/include" /d "_DEBUG" /d BIN_NAME="mod_authnz_fcgi.so" /d LONG_NAME="authnz_fcgi_module for Apache"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:".\Debug\mod_authnz_fcgi.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authnz_fcgi.so
+# Begin Special Build Tool
+TargetPath=.\Debug\mod_authnz_fcgi.so
+SOURCE="$(InputPath)"
+PostBuild_Desc=Embed .manifest
+PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2
+# End Special Build Tool
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_authnz_fcgi - Win32 Release"
+# Name "mod_authnz_fcgi - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_authnz_fcgi.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\include\mod_auth.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\include\util_fcgi.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\httpd.rc
+# End Source File
+# End Target
+# End Project
diff --git a/os/win32/BaseAddr.ref b/os/win32/BaseAddr.ref index 26d545a10a..678e7be1d6 100644 --- a/os/win32/BaseAddr.ref +++ b/os/win32/BaseAddr.ref @@ -126,3 +126,4 @@ mod_optional_fn_export.so 0x70BB0000 0x00010000 mod_optional_fn_import.so 0x70BC0000 0x00010000 mod_optional_hook_export.so 0x70BD0000 0x00010000 mod_optional_hook_import.so 0x70BE0000 0x00010000 +mod_authnz_fcgi.so 0x70BF0000 0x00020000 |