httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1226477 - in /httpd/httpd/trunk/docs/manual: misc/security_tips.html.en misc/security_tips.xml mod/mod_access_compat.html.en mod/mod_access_compat.xml sections.html.en sections.xml
Date Mon, 02 Jan 2012 17:18:41 GMT
Author: covener
Date: Mon Jan  2 17:18:39 2012
New Revision: 1226477

URL: http://svn.apache.org/viewvc?rev=1226477&view=rev
Log:
add/enhance some hints about configuration section merging (or lack of it in
the case of mod_access_compat)
PR52406


Modified:
    httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
    httpd/httpd/trunk/docs/manual/misc/security_tips.xml
    httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml
    httpd/httpd/trunk/docs/manual/sections.html.en
    httpd/httpd/trunk/docs/manual/sections.xml

Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.html.en?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.html.en (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.html.en Mon Jan  2 17:18:39 2012
@@ -39,6 +39,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting
System Settings</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect
Server Files by Default</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching
Your Logs</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#merging">Merging
of configuration sections</a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
@@ -445,6 +446,21 @@
       &lt;/Files&gt;
     </code></p></div>
 
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="merging" id="merging">Merging of configuration sections</a></h2>
+
+    
+
+    <p> The merging of configuration sections is complicated and sometimes
+    directive specific.  Always test your changes when creating dependencies
+    on how directives are merged.</p>
+
+    <p> For modules that don't implement any merging logic, such as 
+    <code class="directive">mod_access_compat</code>, the behavior in later sections
+    depends on whether the later section has any directives
+    from the module.  The configuration is inherited until a change is made, 
+    at which point the configuration is <em>replaced</em>.</p>
   </div></div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/misc/security_tips.html"
title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.xml?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.xml (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.xml Mon Jan  2 17:18:39 2012
@@ -447,4 +447,19 @@
 
   </section>
 
+  <section id="merging">
+
+    <title>Merging of configuration sections</title>
+
+    <p> The merging of configuration sections is complicated and sometimes
+    directive specific.  Always test your changes when creating dependencies
+    on how directives are merged.</p>
+
+    <p> For modules that don't implement any merging logic, such as 
+    <directive>mod_access_compat</directive>, the behavior in later sections
+    depends on whether the later section has any directives
+    from the module.  The configuration is inherited until a change is made, 
+    at which point the configuration is <em>replaced</em> and not merged.</p>
+  </section>
+
 </manualpage>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_access_compat.html.en Mon Jan  2 17:18:39 2012
@@ -67,6 +67,13 @@ have been deprecated by the new authz re
     cases. However, it is possible to restrict some methods, while
     leaving other methods unrestricted, by enclosing the directives
     in a <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code>
section.</p>
+
+    <div class="note"> <h3>Merging of configuration sections</h3>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </div>
+
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
@@ -209,6 +216,13 @@ server</td></tr>
     with <code>KnockKnock/2.0</code> will be allowed access, and all
     others will be denied.</p>
 
+    <div class="note"> <h3>Merging of configuration sections</h3>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a>
<a name="deny" id="deny">Directive</a></h2>
@@ -377,6 +391,13 @@ evaluated.</td></tr>
     of configuration sections, see the documentation on <a href="../sections.html">How
Directory, Location and Files sections
     work</a>.</p>
 
+    <div class="note"> <h3>Merging of configuration sections</h3>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="Satisfy" id="Satisfy">Satisfy</a>
<a name="satisfy" id="satisfy">Directive</a></h2>
@@ -438,6 +459,13 @@ later</td></tr>
     <p>Since version 2.0.51 <code class="directive">Satisfy</code> directives
can
     be restricted to particular methods by <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code>
and <code class="directive"><a href="../mod/core.html#limitexcept">&lt;LimitExcept&gt;</a></code>
sections.</p>
 
+    <div class="note"> <h3>Merging of configuration sections</h3>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </div>
+
+
 <h3>See also</h3>
 <ul>
 <li><code class="directive"><a href="#allow">Allow</a></code></li>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_access_compat.xml Mon Jan  2 17:18:39 2012
@@ -69,6 +69,13 @@ have been deprecated by the new authz re
     cases. However, it is possible to restrict some methods, while
     leaving other methods unrestricted, by enclosing the directives
     in a <directive module="core" type="section">Limit</directive> section.</p>
+
+    <note> <title>Merging of configuration sections</title>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </note>
+
 </summary>
 
 <seealso><directive module="mod_authz_core">Require</directive></seealso>
@@ -203,6 +210,13 @@ server</description>
     <p>In this case, browsers with a user-agent string beginning
     with <code>KnockKnock/2.0</code> will be allowed access, and all
     others will be denied.</p>
+
+    <note> <title>Merging of configuration sections</title>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </note>
+
 </usage>
 </directivesynopsis>
 
@@ -390,6 +404,13 @@ evaluated.</description>
     of configuration sections, see the documentation on <a
     href="../sections.html">How Directory, Location and Files sections
     work</a>.</p>
+
+    <note> <title>Merging of configuration sections</title>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </note>
+
 </usage>
 </directivesynopsis>
 
@@ -457,6 +478,13 @@ later</compatibility>
     be restricted to particular methods by <directive module="core"
     type="section">Limit</directive> and <directive module="core" type="section"
     >LimitExcept</directive> sections.</p>
+
+    <note> <title>Merging of configuration sections</title>
+      <p>When any directive provided by this module is used in a new 
+      configuration section, no directives provided by this module are
+      inherited from previous configuration sections.</p>
+    </note>
+
 </usage>
    <seealso><directive module="mod_access_compat">Allow</directive></seealso>
    <seealso><directive module="mod_authz_core">Require</directive></seealso>

Modified: httpd/httpd/trunk/docs/manual/sections.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.html.en?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.html.en (original)
+++ httpd/httpd/trunk/docs/manual/sections.html.en Mon Jan  2 17:18:39 2012
@@ -460,7 +460,12 @@ are interpreted, it is important to unde
     container takes the place of the <code class="directive"><a href="./mod/core.html#directory">&lt;Directory&gt;</a></code>
container in the processing
     order.</p>
 
-    <p>Later sections override earlier ones.</p>
+    <p>Later sections override earlier ones, however each module is responsible
+    for interpeting what form this override takes.  A later configuration section 
+    with directives from a given module might cause a conceptual "merge" of some
+    directives, all directives, or a complete replacement of the modules 
+    configuration with the module defaults and directives explicitly listed in 
+    the later context.</p>
 
 <div class="note"><h3>Technical Note</h3>
       There is actually a

Modified: httpd/httpd/trunk/docs/manual/sections.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/sections.xml?rev=1226477&r1=1226476&r2=1226477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/sections.xml (original)
+++ httpd/httpd/trunk/docs/manual/sections.xml Mon Jan  2 17:18:39 2012
@@ -506,7 +506,12 @@ are interpreted, it is important to unde
     type="section">Directory</directive> container in the processing
     order.</p>
 
-    <p>Later sections override earlier ones.</p>
+    <p>Later sections override earlier ones, however each module is responsible
+    for interpeting what form this override takes.  A later configuration section 
+    with directives from a given module might cause a conceptual "merge" of some
+    directives, all directives, or a complete replacement of the modules 
+    configuration with the module defaults and directives explicitly listed in 
+    the later context.</p>
 
 <note><title>Technical Note</title>
       There is actually a



Mime
View raw message