summaryrefslogtreecommitdiff
path: root/docs/user-guides
diff options
context:
space:
mode:
Diffstat (limited to 'docs/user-guides')
-rw-r--r--docs/user-guides/access-control-mechanisms.rst11
-rw-r--r--docs/user-guides/configuration-guidelines.rst127
-rw-r--r--docs/user-guides/quick-configuration-guide.rst63
3 files changed, 153 insertions, 48 deletions
diff --git a/docs/user-guides/access-control-mechanisms.rst b/docs/user-guides/access-control-mechanisms.rst
index e8f7763..f985215 100644
--- a/docs/user-guides/access-control-mechanisms.rst
+++ b/docs/user-guides/access-control-mechanisms.rst
@@ -126,7 +126,7 @@ only one small part of them. This will result in a lot of memory being used
in the Apache child processes just to support the auth provider.
If mod_authn_alias is being loaded into Apache, then an aliased auth
-%rovider can also be defined::
+provider can also be defined::
<AuthnProviderAlias wsgi django>
WSGIAuthUserScript /usr/local/django/mysite/apache/auth.wsgi \
@@ -136,8 +136,13 @@ If mod_authn_alias is being loaded into Apache, then an aliased auth
WSGIScriptAlias / /usr/local/django/mysite/apache/django.wsgi
<Directory /usr/local/django/mysite/apache>
- Order deny,allow
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
WSGIApplicationGroup django
diff --git a/docs/user-guides/configuration-guidelines.rst b/docs/user-guides/configuration-guidelines.rst
index f10f730..4b5829f 100644
--- a/docs/user-guides/configuration-guidelines.rst
+++ b/docs/user-guides/configuration-guidelines.rst
@@ -50,15 +50,20 @@ within that directory can be used. To do this the Directory directive must
be used::
<Directory /usr/local/wsgi/scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
-Note that Apache access control directives such as Order and Allow should
-nearly always be applied to Directory and never to a Location. Adding them
-to a Location would not be regarded as best practice and would potentially
-weaken the security of your Apache server, especially where the Location
-was for '/'.
+Note that Apache access control directives such as Order and Allow, or
+Require in the case of Apache 2.4 or newer, should nearly always be applied
+to Directory and never to a Location. Adding them to a Location would not
+be regarded as best practice and would potentially weaken the security of
+your Apache server, especially where the Location was for '/'.
As for CGI scripts and the ScriptAlias directive, it is not necessary to
have used the Options directive to enable the ExecCGI directive. This is
@@ -117,8 +122,13 @@ specific URLs. The equivalent such configuration for::
WSGIScriptAlias /wsgi/ /usr/local/wsgi/scripts/
<Directory /usr/local/wsgi/scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
using the Alias directive would be::
@@ -130,8 +140,13 @@ using the Alias directive would be::
SetHandler wsgi-script
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
The additional steps required in this case are to enable the ability to
@@ -151,8 +166,13 @@ resource types based on resource extension::
AddHandler cgi-script .cgi
AddHandler wsgi-script .wsgi
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
For whatever extension you use to identify a WSGI script file, ensure that
@@ -177,8 +197,13 @@ option and MultiviewsMatch directive::
AddHandler cgi-script .cgi
AddHandler wsgi-script .wsgi
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
Adding of MultiViews in this instance and allowing multiviews to match
@@ -201,8 +226,13 @@ the directory. To enable directory browsing add the Indexes option::
AddHandler cgi-script .cgi
AddHandler wsgi-script .wsgi
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
If a directory index page is enabled, it may refer to either a static file,
@@ -219,8 +249,13 @@ designate what should be used for the index page::
AddHandler cgi-script .cgi
AddHandler wsgi-script .wsgi
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
Using AddHandler or SetHandler to configure a WSGI application can also
@@ -238,8 +273,13 @@ Options directive by listing ExecCGI::
Options ExecCGI MultiViews Indexes
MultiviewsMatch Handlers
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
This done, the '.htaccess' file could then contain::
@@ -388,15 +428,25 @@ which should be served in this way::
Alias /media/ /usr/local/wsgi/static/media/
<Directory /usr/local/wsgi/static>
- Order deny,allow
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi
<Directory /usr/local/wsgi/scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
When listing the directives, list those for more specific URLs first. In
@@ -465,8 +515,13 @@ the WSGIApplicationGroup directive::
<Directory /usr/local/wsgi/scripts>
WSGIApplicationGroup admin-scripts
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
The argument to the WSGIApplicationGroup directive can in general be any
@@ -560,8 +615,13 @@ specific WSGI applications to execute within that daemon process::
Alias /media/ /usr/local/wsgi/static/media/
<Directory /usr/local/wsgi/static>
- Order deny,allow
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi
@@ -569,8 +629,13 @@ specific WSGI applications to execute within that daemon process::
<Directory /usr/local/wsgi/scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
Where Apache has been started as the ``root`` user, the daemon processes
diff --git a/docs/user-guides/quick-configuration-guide.rst b/docs/user-guides/quick-configuration-guide.rst
index 09ae64c..605ec7c 100644
--- a/docs/user-guides/quick-configuration-guide.rst
+++ b/docs/user-guides/quick-configuration-guide.rst
@@ -95,8 +95,13 @@ Apache, it will be necessary to tell Apache that files within that
directory can be used. To do this the Directory directive must be used::
<Directory /usr/local/www/wsgi-scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
Note that it is highly recommended that the WSGI application script file in
@@ -126,15 +131,25 @@ therefore be something like::
DocumentRoot /usr/local/www/documents
<Directory /usr/local/www/documents>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
WSGIScriptAlias /myapp /usr/local/www/wsgi-scripts/myapp.wsgi
<Directory /usr/local/www/wsgi-scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
</VirtualHost>
@@ -184,15 +199,25 @@ therefore be something like::
Alias /media/ /usr/local/www/documents/media/
<Directory /usr/local/www/documents>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
WSGIScriptAlias / /usr/local/www/wsgi-scripts/myapp.wsgi
<Directory /usr/local/www/wsgi-scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
</VirtualHost>
@@ -255,8 +280,13 @@ therefore be something like::
Alias /media/ /usr/local/www/documents/media/
<Directory /usr/local/www/documents>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
WSGIDaemonProcess example.com processes=2 threads=15 display-name=%{GROUP}
@@ -265,8 +295,13 @@ therefore be something like::
WSGIScriptAlias / /usr/local/www/wsgi-scripts/myapp.wsgi
<Directory /usr/local/www/wsgi-scripts>
- Order allow,deny
- Allow from all
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
</VirtualHost>
View Lorry Controller Status