httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chr...@apache.org
Subject svn commit: r709842 [1/2] - in /httpd/httpd/trunk/docs/manual: ./ howto/ mod/
Date Sun, 02 Nov 2008 04:33:25 GMT
Author: chrisd
Date: Sat Nov  1 21:33:23 2008
New Revision: 709842

URL: http://svn.apache.org/viewvc?rev=709842&view=rev
Log:
update transformations, and remove variations of mod_authn_default.xml
and mod_authz_default.xml removed in r709841

Removed:
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.html
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.html.ja.utf8
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.html.ko.euc-kr
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.xml.ja
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.xml.ko
    httpd/httpd/trunk/docs/manual/mod/mod_authn_default.xml.meta
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.html
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.html.ja.utf8
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.html.ko.euc-kr
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.xml.ja
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.xml.ko
    httpd/httpd/trunk/docs/manual/mod/mod_authz_default.xml.meta
Modified:
    httpd/httpd/trunk/docs/manual/howto/auth.html.en
    httpd/httpd/trunk/docs/manual/howto/auth.xml.ja
    httpd/httpd/trunk/docs/manual/howto/auth.xml.ko
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko
    httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr
    httpd/httpd/trunk/docs/manual/mod/directives.html.en
    httpd/httpd/trunk/docs/manual/mod/index.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.ja
    httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.meta
    httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ja
    httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ko
    httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.meta
    httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml.ko
    httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
    httpd/httpd/trunk/docs/manual/new_features_2_4.html.en
    httpd/httpd/trunk/docs/manual/sitemap.html.en

Modified: httpd/httpd/trunk/docs/manual/howto/auth.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.html.en (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.html.en Sat Nov  1 21:33:23 2008
@@ -64,7 +64,6 @@
       <li><code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code></li>
       <li><code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code></li>
       <li><code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code></li>
-      <li><code class="module"><a href="../mod/mod_authn_default.html">mod_authn_default</a></code></li>
       <li><code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code></li>
       <li><code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code></li>
     </ul>
@@ -75,7 +74,6 @@
       <li><code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code></li>
       <li><code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code></li>
       <li><code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code></li>
-      <li><code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code></li>
       <li><code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code></li>
       <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
       <li><code class="module"><a href="../mod/mod_authz_owner.html">mod_authz_owner</a></code></li>
@@ -431,12 +429,14 @@
     &lt;/Directory&gt;
     </code></p></div>
 
-    <p>To take authorization a little further, the directives
-    <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code> and
-    <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyone&gt;">&lt;SatisfyOne&gt;</a></code> allow
-    AND/OR logic to be applied so that the order in which authorization
-    is handled can be completely controled through the configuration. See
-    these directives for a complete example on they can be applied.</p>
+    <p>To take authorization a little further, authorization container
+    directives such as
+    <code class="directive"><a href="../mod/mod_authz_core.html#matchall">&lt;MatchAll&gt;</a></code> and
+    <code class="directive"><a href="../mod/mod_authz_core.html#matchany">&lt;MatchAny&gt;</a></code>
+    allow logic to be applied so that the order in which authorization
+    is handled can be completely controled through the configuration.
+    See <a href="../mod/mod_authz_core.html#logic">Authorization
+    Containers</a> for an example of they may be applied.</p>
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
@@ -446,75 +446,61 @@
     than just a single check against a single data store. Ordering, logic
     and choosing how authorization will be done is now possible.</p>
 
-    <h3><a name="authandororder" id="authandororder">Applying AND/OR logic and ordering</a></h3>
+    <h3><a name="authandororder" id="authandororder">Applying logic and ordering</a></h3>
         <p>Controling how and in what order authorization will be applied
-        has been a bit of a mystery in the past. In Apache 2.2 a provider based
+        has been a bit of a mystery in the past. In Apache 2.2 a provider-based
         authentication mechanism was introduced to decouple the actual 
         authentication process from authorization and supporting functionality.
         One of the side benefits was that authentication providers could be
         configured and called in a specific order which didn't depend on the 
         load order of the auth module itself. This same provider based mechanism 
         has been brought forward into authorization as well. What this means is 
-        that the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive 
-        not only specifies which authorization methods should be used, it also 
+        that the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and
+        <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
+        not only specify which authorization methods should be used, they also 
         specifies the order in which they are called. Multiple authorization 
         methods are called in the same order in which the 
-        <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directives appear 
-        in the configuration.</p>
-
-        <p>With the introduction of the directives 
-        <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code> and 
-        <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyone&gt;">&lt;SatisfyOne&gt;</a></code>, the 
-        configuration also has control over when the
+        <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>
+        or <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
+        appear in the configuration.</p>
+
+        <p>With the introduction of authorization container directives
+        such as
+        <code class="directive"><a href="../mod/mod_authz_core.html#matchall">&lt;MatchAll&gt;</a></code>
+        and 
+        <code class="directive"><a href="../mod/mod_authz_core.html#matchany">&lt;MatchAny&gt;</a></code>,
+        the configuration also has control over when the
         authorization methods are called and what criteria determines when 
-        access is granted. For example the following authorization block would 
-        apply the logic:</p>
-
-        <div class="example"><p><code>
-          # if ((user == "John") ||<br />
-          # &nbsp;&nbsp; ((Group == "admins")<br />
-          # &nbsp; &nbsp; &amp;&amp; (ldap-group &lt;ldap-object&gt; contains auth'ed_user)<br />
-          # &nbsp; &nbsp; &amp;&amp; ((ldap-attribute dept == "sales")<br />
-          # &nbsp; &nbsp; &nbsp; &nbsp; || (file-group contains auth'ed_user))))<br />
-          # then<br />
-          # &nbsp; auth_granted<br />
-          # else<br />
-          # &nbsp; auth_denied<br />
-          #<br />
-          &lt;Directory /www/mydocs&gt;<br />
-          <span class="indent">
-            Authname ...<br />
-            AuthBasicProvider ...<br />
-            ...<br />
-            Require user John<br />
-            &lt;SatisfyAll&gt;<br />
-            <span class="indent">
-              Require Group admins<br />
-              Require ldap-group cn=mygroup,o=foo<br />
-              &lt;SatisfyOne&gt;<br />
-              <span class="indent">
-                Require ldap-attribute dept="sales"<br />
-                Require file-group<br />
-              </span>
-              &lt;/SatisfyOne&gt;<br />
-            </span>
-            &lt;/SatisfyAll&gt;<br />
-          </span>
-          &lt;/Directory&gt;
-        </code></p></div>
-
-        <p>By default all <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> 
-        directives are handled through an OR operation. In other words, if 
+        access is granted.  See
+        <a href="../mod/mod_authz_core.html#logic">Authorization Containers</a>
+        for an example of how they may be used to express complex
+        authorization logic.</p>
+
+        <p>By default all
+        <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> 
+        directives are handled as though contained within a
+        <code class="directive"><a href="../mod/mod_authz_core.html#matchany">&lt;MatchAny&gt;</a></code>
+        container directive.  In other words, if 
         any of the specified authorization methods succeed, then authorization 
-        is granted. By enclosing a set of 
-        <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directives within
-        a <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code> block,
-        the processing switches to an AND operation which requires all authorization 
-        methods to succeed before authorization is granted.</p>
+        is granted.</p>
+
+        <p>In contrast, by default all
+        <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
+        are handled as though contained within a
+        <code class="directive"><a href="../mod/mod_authz_core.html#matchall">&lt;MatchAll&gt;</a></code>
+        container directive (unless they are explicitly contained within
+        a different authorization container directive).
+        This permits
+        <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives
+        to be usefully mixed with negated
+        <code>Match not</code> directives.  To authorize the request,
+        none of the negated directives can match their parameters,
+        while all of the positive directives must match their
+        parameters (or else return a neutral result).</p>
 
     
 
-    <h3><a name="reqaccessctrl" id="reqaccessctrl">Using 'Require' or 'Reject' for access control</a></h3>
+    <h3><a name="reqaccessctrl" id="reqaccessctrl">Using authorization providers for access control</a></h3>
         <p>Authentication by username and password is only part of the
         story. Frequently you want to let people in based on something
         other than who they are. Something such as where they are
@@ -527,10 +513,10 @@
         ip</a></code> let you allow or deny access based other host based
         criteria such as host name or ip address of the machine requesting 
         a document.</p> 
-    
+
         <p>The usage of these providers is specified through the 
         <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and 
-        <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives.
+        <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives.
         These directives register the authorization providers
         that will be called during the authorization stage of the request
         processing. For example:</p>
@@ -555,7 +541,7 @@
         following:</p>
     
         <div class="example"><p><code>
-          Reject ip 10.252.46.165
+          Match not ip 10.252.46.165
         </code></p></div>
     
         <p>Visitors coming from that address will not be able to see
@@ -563,30 +549,30 @@
         machine name, rather than an IP address, you can use that.</p>
     
         <div class="example"><p><code>
-          Reject host <var>host.example.com</var>
+          Match not host <var>host.example.com</var>
         </code></p></div>
     
         <p>And, if you'd like to block access from an entire domain,
         you can specify just part of an address or domain name:</p>
     
         <div class="example"><p><code>
-          &lt;SatisfyAll&gt;<br />
+          Match all granted<br />
+          &lt;MatchNotAny&gt;
           <span class="indent">
-            Reject ip <var>192.168.205</var><br />
-            Reject host <var>phishers.example.com</var> <var>moreidiots.example</var><br />           Reject host ke<br />
+            Match ip 192.168.205<br />
+            Match host phishers.example.com moreidiots.example<br />
+            Match host ke
           </span>
-          &lt;/SatisfyAll&gt;
+          &lt;/MatchNotAny&gt;
         </code></p></div>
     
-        <p>Using the <code class="directive"><a href="../mod/mod_authz_host.html#reject">Reject</a></code> directive
-        inside of a <code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code>
-        block, will let you be sure that you are actually restricting things to 
-        only the group that you want to let in.</p>
-    
-        <p>The above example uses the <code class="directive"><a href="../mod/mod_authz_core.html#&#10;        &lt;satisfyall&gt;">
-        &lt;SatisfyAll&gt;</a></code> block to make sure that all of the 
-        <code class="directive"><a href="../mod/mod_authz_host.html#reject">Reject</a></code> directives are 
-        satisfied before granting access. </p>
+        <p>The above example uses the <code class="directive"><a href="../mod/mod_authz_core.html#matchnotany">&lt;MatchNotAny&gt;</a></code> container directive
+        to make sure that none of the 
+        <code class="directive"><a href="../mod/mod_authz_host.html#match">Match</a></code> directives
+        match their parameters before granting access.  Note that
+        the <code>Match all granted</code> directive and the
+        <code class="directive"><a href="../mod/mod_authz_core.html#matchnotany">&lt;MatchNotAny&gt;</a></code> are implicitly contained
+        within a <code class="directive"><a href="../mod/mod_authz_core.html#matchall">&lt;MatchAll&gt;</a></code> directive.</p>
     
     
 
@@ -599,23 +585,6 @@
         <code class="directive"><a href="../mod/mod_access_compat.html#satisfy">Satisfy</a></code> are no longer needed. 
         However to provide backwards compatibility for older configurations, these 
         directives have been moved to the <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> module.</p>
-
-        <p>One of the problems with these directives was that the line between
-        authorization and access control was very fuzzy. The 
-        <code class="directive"><a href="../mod/mod_access_compat.html#satisfy">Satisfy</a></code> directive
-        tried to tie these two stages together by hooking itself into the 
-        request processing itself. Now that these directive have been moved to the
-        <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code>, mixing the new authorization directives
-        with the older access control directives becomes difficult. To address this
-        issue, the <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> module becomes very important and must
-        be loaded. The main purpose of the <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> module is 
-        to handle any authorization requests that could not be handled by the 
-        authorization providers. But when the older access control directives are used, 
-        it also links access control with authorization and determines if access 
-        should be granted based on the outcome of each stage. Therefore if the 
-        older directives do not seem to be working properly, it might be because the
-        <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> module has not been loaded.</p>
-
     
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

Modified: httpd/httpd/trunk/docs/manual/howto/auth.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.xml.ja?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.xml.ja [utf-8] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 479777:645246 (outdated) -->
+<!-- English Revision: 479777:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/howto/auth.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/howto/auth.xml.ko?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/howto/auth.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/howto/auth.xml.ko [euc-kr] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='EUC-KR' ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:645246 (outdated) -->
+<!-- English Revision: 105989:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml</modulefile>
-  <modulefile>mod_authn_default.xml</modulefile>
   <modulefile>mod_authn_file.xml</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml</modulefile>
-  <modulefile>mod_authz_default.xml</modulefile>
   <modulefile>mod_authz_groupfile.xml</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.de Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml</modulefile>
-  <modulefile>mod_authn_default.xml</modulefile>
   <modulefile>mod_authn_file.xml</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml</modulefile>
-  <modulefile>mod_authz_default.xml</modulefile>
   <modulefile>mod_authz_groupfile.xml</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.es Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml</modulefile>
-  <modulefile>mod_authn_default.xml</modulefile>
   <modulefile>mod_authn_file.xml</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml</modulefile>
-  <modulefile>mod_authz_default.xml</modulefile>
   <modulefile>mod_authz_groupfile.xml</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ja [utf-8] Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml.ja</modulefile>
-  <modulefile>mod_authn_default.xml.ja</modulefile>
   <modulefile>mod_authn_file.xml.ja</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml</modulefile>
-  <modulefile>mod_authz_default.xml.ja</modulefile>
   <modulefile>mod_authz_groupfile.xml.ja</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml.ja</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.ko [euc-kr] Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml.ko</modulefile>
-  <modulefile>mod_authn_default.xml.ko</modulefile>
   <modulefile>mod_authn_file.xml.ko</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml.ko</modulefile>
-  <modulefile>mod_authz_default.xml.ko</modulefile>
   <modulefile>mod_authz_groupfile.xml.ko</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml.ko</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/allmodules.xml.tr [utf-8] Sat Nov  1 21:33:23 2008
@@ -14,13 +14,11 @@
   <modulefile>mod_authn_core.xml</modulefile>
   <modulefile>mod_authn_dbd.xml</modulefile>
   <modulefile>mod_authn_dbm.xml</modulefile>
-  <modulefile>mod_authn_default.xml</modulefile>
   <modulefile>mod_authn_file.xml</modulefile>
   <modulefile>mod_authnz_ldap.xml</modulefile>
   <modulefile>mod_authz_core.xml</modulefile>
   <modulefile>mod_authz_dbd.xml</modulefile>
   <modulefile>mod_authz_dbm.xml</modulefile>
-  <modulefile>mod_authz_default.xml</modulefile>
   <modulefile>mod_authz_groupfile.xml</modulefile>
   <modulefile>mod_authz_host.xml</modulefile>
   <modulefile>mod_authz_owner.xml</modulefile>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Sat Nov  1 21:33:23 2008
@@ -83,7 +83,6 @@
 <li><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
 <li><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType</a></li>
 <li><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></li>
-<li><a href="mod_authn_default.html#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
 <li><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm</a></li>
 <li><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain</a></li>
 <li><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck</a></li>
@@ -129,8 +128,7 @@
 <li><a href="mod_authz_dbd.html#authzdbdquery">AuthzDBDQuery</a></li>
 <li><a href="mod_authz_dbd.html#authzdbdredirectquery">AuthzDBDRedirectQuery</a></li>
 <li><a href="mod_authz_dbm.html#authzdbmtype">AuthzDBMType</a></li>
-<li><a href="mod_authz_default.html#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
-<li><a href="mod_authz_core.html#authzmergerules">AuthzMergeRules</a></li>
+<li><a href="mod_authz_core.html#authzprovideralias">&lt;AuthzProviderAlias&gt;</a></li>
 <li><a href="mod_proxy.html#balancermember" id="B" name="B">BalancerMember</a></li>
 <li><a href="mod_setenvif.html#browsermatch">BrowserMatch</a></li>
 <li><a href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></li>
@@ -286,7 +284,12 @@
 <li><a href="mpm_common.html#lockfile">LockFile</a></li>
 <li><a href="mod_log_config.html#logformat">LogFormat</a></li>
 <li><a href="core.html#loglevel">LogLevel</a></li>
-<li><a href="mpm_common.html#maxclients" id="M" name="M">MaxClients</a></li>
+<li><a href="mod_authz_core.html#match" id="M" name="M">Match</a></li>
+<li><a href="mod_authz_core.html#matchall">&lt;MatchAll&gt;</a></li>
+<li><a href="mod_authz_core.html#matchany">&lt;MatchAny&gt;</a></li>
+<li><a href="mod_authz_core.html#matchnotall">&lt;MatchNotAll&gt;</a></li>
+<li><a href="mod_authz_core.html#matchnotany">&lt;MatchNotAny&gt;</a></li>
+<li><a href="mpm_common.html#maxclients">MaxClients</a></li>
 <li><a href="core.html#maxkeepaliverequests">MaxKeepAliveRequests</a></li>
 <li><a href="mpm_common.html#maxmemfree">MaxMemFree</a></li>
 <li><a href="mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></li>
@@ -301,6 +304,7 @@
 <li><a href="mod_mem_cache.html#mcacheminobjectsize">MCacheMinObjectSize</a></li>
 <li><a href="mod_mem_cache.html#mcacheremovalalgorithm">MCacheRemovalAlgorithm</a></li>
 <li><a href="mod_mem_cache.html#mcachesize">MCacheSize</a></li>
+<li><a href="mod_authz_core.html#mergeauthz">MergeAuthz</a></li>
 <li><a href="mod_cern_meta.html#metadir">MetaDir</a></li>
 <li><a href="mod_cern_meta.html#metafiles">MetaFiles</a></li>
 <li><a href="mod_cern_meta.html#metasuffix">MetaSuffix</a></li>
@@ -351,7 +355,6 @@
 <li><a href="mod_alias.html#redirectmatch">RedirectMatch</a></li>
 <li><a href="mod_alias.html#redirectpermanent">RedirectPermanent</a></li>
 <li><a href="mod_alias.html#redirecttemp">RedirectTemp</a></li>
-<li><a href="mod_authz_core.html#reject">Reject</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>
 <li><a href="mod_mime.html#removeencoding">RemoveEncoding</a></li>
 <li><a href="mod_mime.html#removehandler">RemoveHandler</a></li>
@@ -361,7 +364,6 @@
 <li><a href="mod_mime.html#removetype">RemoveType</a></li>
 <li><a href="mod_headers.html#requestheader">RequestHeader</a></li>
 <li><a href="mod_authz_core.html#require">Require</a></li>
-<li><a href="mod_authz_core.html#requirealias">&lt;RequireAlias&gt;</a></li>
 <li><a href="mod_rewrite.html#rewritebase">RewriteBase</a></li>
 <li><a href="mod_rewrite.html#rewritecond">RewriteCond</a></li>
 <li><a href="mod_rewrite.html#rewriteengine">RewriteEngine</a></li>
@@ -375,8 +377,6 @@
 <li><a href="core.html#rlimitmem">RLimitMEM</a></li>
 <li><a href="core.html#rlimitnproc">RLimitNPROC</a></li>
 <li><a href="mod_access_compat.html#satisfy" id="S" name="S">Satisfy</a></li>
-<li><a href="mod_authz_core.html#satisfyall">&lt;SatisfyAll&gt;</a></li>
-<li><a href="mod_authz_core.html#satisfyone">&lt;SatisfyOne&gt;</a></li>
 <li><a href="mpm_common.html#scoreboardfile">ScoreBoardFile</a></li>
 <li><a href="mod_actions.html#script">Script</a></li>
 <li><a href="mod_alias.html#scriptalias">ScriptAlias</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/index.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/index.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/index.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/index.html.en Sat Nov  1 21:33:23 2008
@@ -88,14 +88,12 @@
 <dt><a href="mod_authn_core.html">mod_authn_core</a></dt><dd>Core Authentication</dd>
 <dt><a href="mod_authn_dbd.html">mod_authn_dbd</a></dt><dd>User authentication using an SQL database</dd>
 <dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd>
-<dt><a href="mod_authn_default.html">mod_authn_default</a></dt><dd>Authentication fallback module</dd>
 <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
 <dt><a href="mod_authnz_ldap.html">mod_authnz_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
 for HTTP Basic authentication.</dd>
 <dt><a href="mod_authz_core.html">mod_authz_core</a></dt><dd>Core Authorization</dd>
 <dt><a href="mod_authz_dbd.html">mod_authz_dbd</a></dt><dd>Group Authorization and Login using SQL</dd>
 <dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd>
-<dt><a href="mod_authz_default.html">mod_authz_default</a></dt><dd>Authorization fallback module</dd>
 <dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd>
 <dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
 address)</dd>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en Sat Nov  1 21:33:23 2008
@@ -57,9 +57,7 @@
     <div class="warning"><h3>Note</h3>
       <p>The directives provided by <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> have
       been deprecated by the new authz refactoring. Please see 
-      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.  The module 
-      <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> must also be loaded to provide for
-      default authorization handling.</p>
+      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>.</p>
     </div>
 
     <p>In general, access restriction directives apply to all

Modified: httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.ja?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.ja [utf-8] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 675568 -->
+<!-- English Revision: 675568:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.meta?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml.meta Sat Nov  1 21:33:23 2008
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>ja</variant>
+    <variant outdated="yes">ja</variant>
   </variants>
 </metafile>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en Sat Nov  1 21:33:23 2008
@@ -50,10 +50,7 @@
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code></li>
-<li><code class="directive"><a href="../mod/mod_access_compat.html#satisfy">Satisfy</a></code> (Deprecated)</li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code></li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyone&gt;">&lt;SatisfyOne&gt;</a></code></li>
+<li><code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code></li>
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul></div>
 

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ja?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ja [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ja [utf-8] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 420990 -->
+<!-- English Revision: 420990:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ko?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.ko [euc-kr] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:420990 (outdated) -->
+<!-- English Revision: 151408:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.meta?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml.meta Sat Nov  1 21:33:23 2008
@@ -8,7 +8,7 @@
 
   <variants>
     <variant>en</variant>
-    <variant>ja</variant>
+    <variant outdated="yes">ja</variant>
     <variant outdated="yes">ko</variant>
   </variants>
 </metafile>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.html.en Sat Nov  1 21:33:23 2008
@@ -55,6 +55,7 @@
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
+<li><code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code></li>
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml.ko?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml.ko [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_digest.xml.ko [euc-kr] Sat Nov  1 21:33:23 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:674578 (outdated) -->
+<!-- English Revision: 105989:709841 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_form.html.en Sat Nov  1 21:33:23 2008
@@ -87,10 +87,7 @@
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code></li>
-<li><code class="directive"><a href="../mod/mod_access_compat.html#satisfy">Satisfy</a></code> (Deprecated)</li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyall&gt;">&lt;SatisfyAll&gt;</a></code></li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#&lt;satisfyone&gt;">&lt;SatisfyOne&gt;</a></code></li>
+<li><code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code></li>
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_core.html.en Sat Nov  1 21:33:23 2008
@@ -37,21 +37,24 @@
     usually used in conjunction with an authentication
     provider module such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> and an 
     authorization module such as <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>. It
-    also allows for "AND" and "OR" logic to be applied to the 
+    also allows for advanced logic to be applied to the 
     authorization processing.</p>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#authzmergerules">AuthzMergeRules</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#reject">Reject</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authzprovideralias">&lt;AuthzProviderAlias&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#match">Match</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#matchall">&lt;MatchAll&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#matchany">&lt;MatchAny&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#matchnotall">&lt;MatchNotAll&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#matchnotany">&lt;MatchNotAny&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mergeauthz">MergeAuthz</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#require">Require</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#requirealias">&lt;RequireAlias&gt;</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#satisfyall">&lt;SatisfyAll&gt;</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#satisfyone">&lt;SatisfyOne&gt;</a></li>
 </ul>
 <h3>Topics</h3>
 <ul id="topics">
 <li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#logic">Authorization Containers</a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
@@ -59,7 +62,8 @@
 
     <p>Extended authorization providers can be created within the configuration
     file and assigned an alias name.  The alias providers can then be referenced
-    through the <code class="directive"><a href="#require">Require</a></code> directive
+    through the <code class="directive"><a href="#require">Require</a></code> and
+    <code class="directive"><a href="#match">Match</a></code> directives
     in the same way as a base authorization provider.  Besides the ability to
     create and alias an extended provider, it also allows the same extended
     authorization provider to be reference by multiple locations.
@@ -73,13 +77,13 @@
         </p>
     
         <div class="example"><h3>Example</h3><p><code>
-          &lt;RequireAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;<br />
+          &lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;<br />
           <span class="indent">
              AuthLDAPBindDN cn=youruser,o=ctx<br />
              AuthLDAPBindPassword yourpassword<br />
              AuthLDAPURL ldap://ldap.host/o=ctx<br />
           </span> 
-          &lt;/RequireAlias&gt;<br /><br /> 
+          &lt;/AuthzProviderAlias&gt;<br /><br /> 
           &lt;AuthnProviderAlias ldap-group ldap-group-alias2
            cn=my-other-group,o=dev&gt;<br />
           <span class="indent">
@@ -87,7 +91,7 @@
              AuthLDAPBindPassword yourotherpassword<br />
              AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
           </span> 
-          &lt;/RequireAlias&gt;<br /><br />
+          &lt;/AuthzProviderAlias&gt;<br /><br />
     
           Alias /secure /webpages/secure<br />
           &lt;Directory /webpages/secure&gt;<br />
@@ -107,70 +111,385 @@
         </code></p></div>
     
 
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="logic" id="logic">Authorization Containers</a></h2>
+
+    <p>The authorization container directives
+    <code class="directive"><a href="#matchall">&lt;MatchAll&gt;</a></code>,
+    <code class="directive"><a href="#matchany">&lt;MatchAny&gt;</a></code>,
+    <code class="directive"><a href="#matchnotall">&lt;MatchNotAll&gt;</a></code>
+    and
+    <code class="directive"><a href="#matchnotany">&lt;MatchNotAny&gt;</a></code>
+    may be combined with each other and with the
+    <code class="directive"><a href="#match">Match</a></code>
+    directive to express complex authorization logic.</p>
+
+    <p>The example below expresses the following authorization logic.
+    In order to access the resource, the user must either be the
+    <code>superadmin</code> user, or belong to both the
+    <code>admins</code> group and the <code>Administrators</code> LDAP
+    group and either belong to the <code>sales</code> group or
+    have the LDAP <code>dept</code> attribute <code>sales</code>.
+    Furthermore, in order to access the resource, the user must
+    not belong to either the <code>temps</code> group or the
+    LDAP group <code>Temporary Employees</code>.</p>
+
+    <div class="example"><p><code>
+        &lt;Directory /www/mydocs&gt;
+        <span class="indent">
+            &lt;MatchAny&gt;
+            <span class="indent">
+                Match user superadmin<br />
+                &lt;MatchAll&gt;
+                <span class="indent">
+                    Match group admins<br />
+                    Match ldap-group cn=Administrators,o=Airius<br />
+                    &lt;MatchAny&gt;
+                    <span class="indent">
+                        Match group sales<br />
+                        Match ldap-attribute dept="sales"
+                    </span>
+                    &lt;/MatchAny&gt;
+                </span>
+                &lt;/MatchAll&gt;
+            </span>
+            &lt;/MatchAny&gt;<br />
+            &lt;MatchNotAny&gt;
+            <span class="indent">
+                Match group temps<br />
+                Match ldap-group cn=Temporary Employees,o=Airius
+            </span>
+            &lt;/MatchNotAny&gt;
+        </span>      
+        &lt;/Directory&gt;
+    </code></p></div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthzProviderAlias" id="AuthzProviderAlias">&lt;AuthzProviderAlias&gt;</a> <a name="authzprovideralias" id="authzprovideralias">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
+extension of a base authorization provider and referenced by the specified
+alias</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;AuthzProviderAlias <var>baseProvider Alias Require-Parameters</var>&gt; 
+... &lt;/AuthzProviderAlias&gt;
+</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p><code class="directive">&lt;AuthzProviderAlias&gt;</code> and
+    <code>&lt;/AuthzProviderAlias&gt;</code> are used to enclose a group of
+    authorization directives that can be referenced by the alias name using the
+    directive <code class="directive"><a href="#require">Require</a></code>.</p>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthzMergeRules" id="AuthzMergeRules">AuthzMergeRules</a> <a name="authzmergerules" id="authzmergerules">Directive</a></h2>
+<div class="directive-section"><h2><a name="Match" id="Match">Match</a> <a name="match" id="match">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Set to 'on' to allow the parent's &lt;Directory&gt; or &lt;Location&gt; 
-authz rules to be merged into the current &lt;Directory&gt; or &lt;Location&gt;.  
-Set to 'off' to disable merging. If set to 'off', only the authz rules defined in 
-the current &lt;Directory&gt; or &lt;Location&gt; block will apply.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzMergeRules on | off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzMergeRules on</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Tests whether an authenticated user is authorized by
+an authorization provider.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Match [not] <var>entity-name</var>
+[<var>entity-name</var>] ...</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
 </table>
-    <p>By default all of the authorization rules within a &lt;Directory&gt;
-    &lt;Location&gt; hierarchy are merged together to form a single 
-    logical authorization operation.  If AuthzMergeRules is set to 'off', then
-    only the authorization rules that are contained with the current 
-    &lt;Directory&gt; or &lt;Location&gt; block are considered. This
-    allows the configuration to determine exactly how authorization will
-    be determined without having to take into consideration the 
-    authorization rules that may exist above it.</p>
+    <p>This directive is similar to the
+    <code class="directive"><a href="#require">Require</a></code> directive;
+    it tests whether an authenticated user is authorized according to
+    a particular authorization provider and the specified restrictions.</p>
+
+    <p>Unlike the <code class="directive"><a href="#require">Require</a></code>
+    directive, it may be used with and inside authorization container
+    directives such as
+    <code class="directive"><a href="#matchall">&lt;MatchAll&gt;</a></code>.</p>
+
+    <p>Furthermore, its result may be negated through the use of the
+    <code>not</code> option.  As with other negated authorization directives,
+    in this case the <code class="directive">Match</code> directive may only
+    either fail or return a neutral result, and can therefore never
+    independently authorize a request.</p>
+
+    <p>In the following example, all users in the <code>alpha</code>
+    and <code>beta</code> groups are authorized, except for those who
+    are also in the <code>reject</code> group.</p>
 
+    <div class="example"><p><code>
+        &lt;Directory /www/docs&gt;
+        <span class="indent">
+            Match group alpha beta<br />
+            Match not group reject
+        </span>
+        &lt;/Directory&gt;
+    </code></p></div>
+
+    <p>When multiple <code class="directive">Match</code> directives are
+    used in a single
+    <a href="../sections.html#mergin">configuration section</a>
+    and are not contained in another authorization directive like
+    <code class="directive"><a href="#matchany">&lt;MatchAny&gt;</a></code>,
+    they are implicitly contained within a
+    <code class="directive"><a href="#matchall">&lt;MatchAll&gt;</a></code>
+    directive.  Thus for the user to be authorized, all such
+    <code class="directive">Match</code> directives must not fail, and
+    at least one must be successful.</p>
+
+    <div class="note"><code class="directive">Match</code> directives may not be combined
+    with the <code class="directive"><a href="#require">Require</a></code>
+    directive.</div>
+
+<h3>See also</h3>
+<ul>
+<li><code class="directive"><a href="#require">Require</a></code></li>
+<li><a href="#logic">Authorization Containers</a></li>
+<li><a href="../howto/auth.html">Authentication, Authorization,
+    and Access Control</a></li>
+</ul>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="Reject" id="Reject">Reject</a> <a name="reject" id="reject">Directive</a></h2>
+<div class="directive-section"><h2><a name="MatchAll" id="MatchAll">&lt;MatchAll&gt;</a> <a name="matchall" id="matchall">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Rejects authenticated users or host based 
-requests from accessing a resource</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Reject <var>entity-name</var> [<var>entity-name</var>] ...</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which none
+must fail and at least one must succeed for the enclosing directive to
+succeed.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;MatchAll&gt;
+... &lt;/MatchAll&gt;</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
 </table>
-    <p>This directive is similar to the 
-    <code class="directive"><a href="#require">Require</a></code> directive however
-    it rejects which authenticated users or host based requests from accessing a resource.  The 
-    restrictions are processed by authorization modules.  See the 
-    <code class="directive"><a href="#require">Require</a></code> directive for details 
-    about usage.</p>
+    <p><code class="directive">&lt;MatchAll&gt;</code> and
+    <code>&lt;/MatchAll&gt;</code> are used to enclose a group of
+    authorization directives of which none must fail and at least one
+    must succeed in order for
+    the <code class="directive">&lt;MatchAll&gt;</code> directive to
+    succeed.</p>
+
+    <p>If none of the directives contained within the
+    <code class="directive">&lt;MatchAll&gt;</code> directive fails,
+    and at least one succeeds, then the
+    <code class="directive">&lt;MatchAll&gt;</code> directive
+    succeeds.  If none succeed and none fail, then it returns a
+    neutral result.  In all other cases, it fails.</p>
 
 <h3>See also</h3>
 <ul>
+<li><a href="#logic">Authorization Containers</a></li>
+<li><a href="../howto/auth.html">Authentication, Authorization,
+    and Access Control</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MatchAny" id="MatchAny">&lt;MatchAny&gt;</a> <a name="matchany" id="matchany">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which one
+must succeed for the enclosing directive to succeed.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;MatchAny&gt;
+... &lt;/MatchAny&gt;</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p><code class="directive">&lt;MatchAny&gt;</code> and
+    <code>&lt;/MatchAny&gt;</code> are used to enclose a group of
+    authorization directives of which one must succeed in order for
+    the <code class="directive">&lt;MatchAny&gt;</code> directive to
+    succeed.</p>
+
+    <p>If one or more of the directives contained within the
+    <code class="directive">&lt;MatchAny&gt;</code> directive succeed,
+    then the <code class="directive">&lt;MatchAny&gt;</code> directive
+    succeeds.  If none succeed and none fail, then it returns a
+    neutral result.  In all other cases, it fails.</p>
+
+    <div class="note">Because negated authorization directives are unable to
+    return a successful result, they can not significantly influence
+    the result of a <code class="directive">&lt;MatchAny&gt;</code>
+    directive.  (At most they could cause the directive to fail in
+    the case where they failed and all other directives returned a
+    neutral value.)  Therefore negated authorization directives
+    are not permitted within a <code class="directive">&lt;MatchAny&gt;</code>
+    directive.</div>
+
+<h3>See also</h3>
+<ul>
+<li><a href="#logic">Authorization Containers</a></li>
+<li><a href="../howto/auth.html">Authentication, Authorization,
+    and Access Control</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MatchNotAll" id="MatchNotAll">&lt;MatchNotAll&gt;</a> <a name="matchnotall" id="matchnotall">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which some
+must fail or none must succeed for the enclosing directive to
+not fail.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;MatchNotAll&gt;
+... &lt;/MatchNotAll&gt;</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p><code class="directive">&lt;MatchNotAll&gt;</code> and
+    <code>&lt;/MatchNotAll&gt;</code> are used to enclose a group of
+    authorization directives of which some must fail or none must succeed
+    in order for the
+    <code class="directive">&lt;MatchNotAll&gt;</code> directive to
+    not fail.</p>
+
+    <p>If none of the directives contained within the
+    <code class="directive">&lt;MatchNotAll&gt;</code> directive
+    fail, and one or more succeed, then the
+    <code class="directive">&lt;MatchNotAll&gt;</code> directive fails.
+    In all other cases, it returns a neutral result.  Thus as with
+    the other negated authorization directives, it can never independently
+    authorize a request because it can never return a successful result.
+    It can be used, however, to restrict the set of users who are
+    authorized to access a resource.</p>
+
+<h3>See also</h3>
+<ul>
+<li><a href="#logic">Authorization Containers</a></li>
 <li><a href="../howto/auth.html">Authentication, Authorization,
     and Access Control</a></li>
-<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
 </ul>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MatchNotAny" id="MatchNotAny">&lt;MatchNotAny&gt;</a> <a name="matchnotany" id="matchnotany">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives of which none
+none must succeed for the enclosing directive to not fail.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;MatchNotAny&gt;
+... &lt;/MatchNotAny&gt;</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p><code class="directive">&lt;MatchNotAny&gt;</code> and
+    <code>&lt;/MatchNotAny&gt;</code> are used to enclose a group of
+    authorization directives of which none must succeed
+    in order for the
+    <code class="directive">&lt;MatchNotAny&gt;</code> directive to
+    not fail.</p>
+
+    <p>If one or more of the directives contained within the
+    <code class="directive">&lt;MatchNotAny&gt;</code> directive succeed,
+    then the <code class="directive">&lt;MatchNotAny&gt;</code> directive
+    fails.  In all other cases, it returns a neutral result.  Thus as with
+    the other negated authorization directives, it can never independently
+    authorize a request because it can never return a successful result.
+    It can be used, however, to restrict the set of users who are
+    authorized to access a resource.</p>
+
+    <div class="note">Because negated authorization directives are unable to
+    return a successful result, they can not significantly influence
+    the result of a <code class="directive">&lt;MatchNotAny&gt;</code>
+    directive.  Therefore negated authorization directives
+    are not permitted within a
+    <code class="directive">&lt;MatchNotAny&gt;</code> directive.</div>
+
+<h3>See also</h3>
+<ul>
+<li><a href="#logic">Authorization Containers</a></li>
+<li><a href="../howto/auth.html">Authentication, Authorization,
+    and Access Control</a></li>
+</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MergeAuthz" id="MergeAuthz">MergeAuthz</a> <a name="mergeauthz" id="mergeauthz">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls the manner in which each configuration section's
+authorization logic is combined with that of preceding configuration
+sections.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MergeAuthz Off | MatchAll | MatchAny</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MergeAuthz Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p>When authorization is enabled, it is normally inherited by each
+    subsequent <a href="../sections.html#mergin">configuration section</a>,
+    unless a different set of authorization directives are specified.
+    This is the default action, which corresponds to an explicit setting
+    of <code>MergeAuthz Off</code>.</p>
+
+    <p>However, there may be circumstances in which is it desirable
+    for a configuration section's authorization to be combined with
+    that of its predecessor while configuration sections are being
+    merged.  Two options are available for this case, <code>MatchAll</code>
+    and <code>MatchAny</code>.</p>
+
+    <p>When a configuration section contains <code>AuthzMerge MatchAll</code>
+    or <code>AuthzMerge MatchAny</code>,
+    its authorization logic is combined with that of the nearest
+    predecessor (according to the overall order of configuration sections)
+    which also contains authorization logic as if the two sections
+    were jointly contained within a
+    <code class="directive"><a href="#matchall">&lt;MatchAll&gt;</a></code> or
+    <code class="directive"><a href="#matchany">&lt;MatchAny&gt;</a></code>
+    directive, respectively.</p>
+
+    <div class="note">The setting of <code class="directive">AuthzMerge</code> is not
+    inherited outside of the configuration section in which it appears.
+    In the following example, only users belonging to group <code>alpha</code>
+    may access <code>/www/docs</code>.  Users belonging to either
+    groups <code>alpha</code> or <code>beta</code> may access
+    <code>/www/docs/ab</code>.  However, the default <code>Off</code>
+    setting of <code class="directive">AuthzMerge</code> applies to the
+    <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>
+    configuration section for <code>/www/docs/ab/gamma</code>, so
+    that section's authorization directives override those of the
+    preceding sections.  Thus only users belong to the group
+    <code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</div>
+
+    <div class="example"><p><code>
+        &lt;Directory /www/docs&gt;
+        <span class="indent">
+            AuthType Basic<br />
+            AuthName Documents<br />
+            AuthBasicProvider file<br />
+            AuthUserFile /usr/local/apache/passwd/passwords<br />
+            Match group alpha
+        </span>
+        &lt;/Directory&gt;<br />
+        <br />
+        &lt;Directory /www/docs/ab&gt;
+        <span class="indent">
+            AuthzMerge MatchAny<br />
+            Match group beta
+        </span>
+        &lt;/Directory&gt;<br />
+        <br />
+        &lt;Directory /www/docs/ab/gamma&gt;
+        <span class="indent">
+            Match group gamma
+        </span>
+        &lt;/Directory&gt;
+    </code></p></div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Require" id="Require">Require</a> <a name="require" id="require">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Selects which authenticated users can access
-a resource</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Tests whether an authenticated user is authorized by
+an authorization provider.</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>Require <var>entity-name</var> [<var>entity-name</var>] ...</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
 </table>
-    <p>This directive selects which authenticated users can access a
-    resource.  The restrictions are processed by authorization
-    modules.  Some of the allowed syntaxes provided by
+    <p>This directive tests whether an authenticated user is authorized
+    according to a particular authorization provider and the specified
+    restrictions.  Some of the allowed syntaxes provided by
     <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> and
     <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> are:</p>
 
@@ -218,125 +537,26 @@
     place the <code class="directive">Require</code> statement into a
     <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code>
     section.</p>
- 
-
-<h3>See also</h3>
-<ul>
-<li><a href="../howto/auth.html">Authentication, Authorization,
-    and Access Control</a></li>
-<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="RequireAlias" id="RequireAlias">&lt;RequireAlias&gt;</a> <a name="requirealias" id="requirealias">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
-extension of a base authorization provider and referenced by the specified
-alias</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;RequireAlias <var>baseProvider Alias Require-Parameters</var>&gt; 
-... &lt;/RequireAlias&gt;
-</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
-    <p><code class="directive">&lt;RequireAlias&gt;</code> and
-    <code>&lt;/RequireAlias&gt;</code> are used to enclose a group of
-    authorization directives that can be referenced by the alias name using the
-    directive <code class="directive"><a href="# require"> Require</a></code>.</p>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SatisfyAll" id="SatisfyAll">&lt;SatisfyAll&gt;</a> <a name="satisfyall" id="satisfyall">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives that must all
-be satisfied in order to grant access to a resource.  This block allows
-for 'AND' logic to be applied to various authorization providers.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;SatisfyAll&gt;
-... &lt;/SatisfyAll&gt;</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
-    <p><code class="directive">&lt;SatisfyAll&gt;</code> and
-    <code>&lt;/SatisfyAll&gt;</code> are used to enclose a group of
-    authorization directives that must all be satisfied in order to 
-    grant access to a resource.</p>
-
-    <p>The <code class="directive"><a href="#&#10;    &lt;satisfyall&gt;">
-    &lt;SatisfyAll&gt;</a></code> block as well as the 
-    <code class="directive"><a href="#&lt;satisfyone&gt;">&lt;SatisfyOne&gt;</a></code> block 
-    allow you to apply "AND" and "OR" logic to the authorization processing. 
-    For example the following authorization block would apply the logic:</p>
-
-    <div class="example"><p><code>
-      # if ((user == "John") ||<br />
-      # &nbsp;&nbsp; ((Group == "admin")<br />
-      # &nbsp; &nbsp; &amp;&amp; (ldap-group &lt;ldap-object&gt; contains auth'ed_user)<br />
-      # &nbsp; &nbsp; &amp;&amp; ((ldap-attribute dept == "sales")<br />
-      # &nbsp; &nbsp; &nbsp; &nbsp; || (file-group contains auth'ed_user))))<br />
-      # then<br />
-      # &nbsp; auth_granted<br />
-      # else<br />
-      # &nbsp; auth_denied<br />
-      #<br />
-      &lt;Directory /www/mydocs&gt;<br />
-      <span class="indent">
-        Authname ...<br />
-        AuthBasicProvider ...<br />
-        ...<br />
-        Require user John<br />
-        &lt;SatisfyAll&gt;<br />
-        <span class="indent">
-          Require Group admins<br />
-          Require ldap-group cn=mygroup,o=foo<br />
-          &lt;SatisfyOne&gt;<br />
-          <span class="indent">
-            Require ldap-attribute dept="sales"<br />
-            Require file-group<br />
-          </span>
-          &lt;/SatisfyOne&gt;<br />
-        </span>
-        &lt;/SatisfyAll&gt;<br />
-      </span>
-      &lt;/Directory&gt;
-    </code></p></div>
-
-<h3>See also</h3>
-<ul>
-<li><a href="../howto/auth.html">Authentication, Authorization,
-    and Access Control</a></li>
-</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="SatisfyOne" id="SatisfyOne">&lt;SatisfyOne&gt;</a> <a name="satisfyone" id="satisfyone">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives that must 
-satisfy at least one in order to grant access to a resource.  This 
-block allows for 'OR' logic to be applied to various authorization 
-providers.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;SatisfyOne&gt;
-... &lt;/SatisfyOne&gt;</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
-</table>
-    <p><code class="directive">&lt;SatisfyOne&gt;</code> and
-    <code>&lt;/SatisfyOne&gt;</code> are used to enclose a group of
-    authorization directives that must satisfy at least one in order to 
-    grant access to a resource.</p>
-
-    <p>See the <code class="directive"><a href="#&#10;    &lt;satisfyall&gt;">
-    &lt;SatisfyAll&gt;</a></code> directive for a usage example.</p>
 
+    <p>When multiple <code class="directive">Require</code> directives are
+    used in a single
+    <a href="../sections.html#mergin">configuration section</a>,
+    the first one to authorize a user authorizes the entire request,
+    and subsequent <code class="directive">Require</code> directives are
+    ignored.  In other words, all <code class="directive">Require</code> directives
+    are enclosed in an implied <code class="directive"><a href="#matchany">&lt;MatchAny&gt;</a></code> directive.</p>
+
+    <div class="note"><code class="directive">Require</code> directives may not be combined
+    with the <code class="directive"><a href="#match">Match</a></code> directive
+    or any authorization container directives, such as
+    <code class="directive"><a href="#matchall">&lt;MatchAll&gt;</a></code>.</div>
 
 <h3>See also</h3>
 <ul>
 <li><a href="../howto/auth.html">Authentication, Authorization,
     and Access Control</a></li>
+<li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>
+<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
 </ul>
 </div>
 </div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_dbd.html.en Sat Nov  1 21:33:23 2008
@@ -59,9 +59,6 @@
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
 <li>
-  <code class="directive"><a href="../mod/mod_authz_core.html#authzmergerules">AuthzMergeRules</a></code>
-</li>
-<li>
   <code class="directive"><a href="../mod/mod_authn_dbd.html#authdbduserpwquery">AuthDBDUserPWQuery</a></code>
 </li>
 <li><code class="directive"><a href="../mod/mod_dbd.html#dbdriver">DBDriver</a></code></li>
@@ -120,7 +117,6 @@
     "SELECT password FROM authn WHERE user = %s AND login = 'true'"
 
   # mod_authz_core configuration for mod_authz_dbd
-  AuthzMergeRules Off
   Require dbd-group team
 
   # mod_authz_dbd configuration
@@ -137,7 +133,6 @@
       "SELECT password FROM authn WHERE user = %s"
 
     # dbd-login action executes a statement to log user in
-    AuthzMergeRules Off
     Require dbd-login
     AuthzDBDQuery \
       "UPDATE authn SET login = 'true' WHERE user = %s"
@@ -149,7 +144,6 @@
 
   &lt;Files logout.html&gt;
     # dbd-logout action executes a statement to log user out
-    AuthzMergeRules Off
     Require dbd-logout
     AuthzDBDQuery \
       "UPDATE authn SET login = 'false' WHERE user = %s"

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en?rev=709842&r1=709841&r2=709842&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en Sat Nov  1 21:33:23 2008
@@ -33,7 +33,7 @@
 
     <p>The authorization providers implemented by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> are
     registered using the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> or
-    <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives.  These 
+    <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives.  These 
     directives can be referenced within a 
     <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>,
     <code class="directive"><a href="../mod/core.html#files">&lt;Files&gt;</a></code>, 
@@ -61,14 +61,14 @@
 <li><a href="../howto/auth.html">Authentication, Authorization,
     and Access Control</a></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
-<li><code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code></li>
+<li><code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
 
     <p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and 
-    <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives are 
+    <code class="directive"><a href="../mod/mod_authz_core.html#match">Match</a></code> directives are 
     used during the authorization phase to ensure that a user is allowed or
     denied access to a resource.  mod_authz_host extends the 
     authorization types with <code>env</code>, <code>ip</code>, 



Mime
View raw message