httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drugg...@apache.org
Subject svn commit: r1673873 [1/18] - /httpd/httpd/branches/2.4.x/docs/manual/mod/
Date Wed, 15 Apr 2015 17:03:10 GMT
Author: druggeri
Date: Wed Apr 15 17:03:08 2015
New Revision: 1673873

URL: http://svn.apache.org/r1673873
Log:
We need moar emails - format change

Modified:
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.de
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.es
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.fr
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.ja
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.tr
    httpd/httpd/branches/2.4.x/docs/manual/mod/directives.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/event.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_access_compat.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_actions.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_alias.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_allowmethods.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_asis.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_digest.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_anon.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_core.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_dbd.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_dbm.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_file.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_socache.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authnz_fcgi.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authnz_ldap.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_core.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbm.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_groupfile.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_owner.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_user.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_autoindex.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_buffer.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cache.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cache_disk.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cache_socache.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cern_meta.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cgi.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_cgid.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_charset_lite.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dav.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dav_fs.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dav_lock.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dbd.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_deflate.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dialup.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dir.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_dumpio.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_echo.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_env.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_example_hooks.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_expires.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ext_filter.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_file_cache.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_filter.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_headers.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_heartbeat.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_heartmonitor.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ident.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_imagemap.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_include.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_info.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_isapi.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_lbmethod_bybusyness.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_lbmethod_byrequests.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_lbmethod_bytraffic.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_lbmethod_heartbeat.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_debug.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_forensic.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_logio.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_lua.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_mime.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_mime_magic.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_negotiation.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_nw_ssl.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_privileges.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_ajp.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_balancer.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_connect.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_express.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_fcgi.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_ftp.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_http.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_scgi.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_reflector.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_reqtimeout.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_request.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_rewrite.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_sed.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_cookie.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_setenvif.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_so.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_status.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_substitute.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_suexec.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_unique_id.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_unixd.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_usertrack.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_version.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_vhost_alias.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_watchdog.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_xml2enc.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mpm_common.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mpm_netware.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/prefork.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/quickreference.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/worker.html.en

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.html.en Wed Apr 15 17:03:08 2015
@@ -45,6 +45,7 @@ available</td></tr>
 <li><img alt="" src="../images/down.gif" /> <a href="#allowoverride">AllowOverride</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#allowoverridelist">AllowOverrideList</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#cgimapextension">CGIMapExtension</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgipassauth">CGIPassAuth</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#contentdigest">ContentDigest</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#defaultruntimedir">DefaultRuntimeDir</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#defaulttype">DefaultType</a></li>
@@ -117,6 +118,7 @@ available</td></tr>
 <li><img alt="" src="../images/down.gif" /> <a href="#virtualhost">&lt;VirtualHost&gt;</a></li>
 </ul>
 <ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AcceptFilter" id="AcceptFilter">AcceptFilter</a> <a name="acceptfilter" id="acceptfilter">Directive</a></h2>
 <table class="directive">
@@ -619,6 +621,43 @@ scripts</td></tr>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CGIPassAuth" id="CGIPassAuth">CGIPassAuth</a> <a name="cgipassauth" id="cgipassauth">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables passing HTTP authorization headers to scripts as CGI
+variables</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CGIPassAuth On|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>CGIPassAuth Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.4.13 and later</td></tr>
+</table>
+    <p><code class="directive">CGIPassAuth</code> allows scripts access to HTTP
+    authorization headers such as <code>Authorization</code>, which is
+    required for scripts that implement HTTP Basic authentication.
+    Normally these HTTP headers are hidden from scripts, as it allows
+    scripts to see user ids and passwords used to access the server when
+    HTTP Basic authentication is enabled in the web server.  This directive
+    should be used when scripts are allowed to implement HTTP Basic
+    authentication.</p>
+
+    <p>This directive can be used instead of the compile-time setting
+    <code>SECURITY_HOLE_PASS_AUTHORIZATION</code> which has been available
+    in previous versions of Apache HTTP Server.</p>
+
+    <p>The setting is respected by any modules which use
+    <code>ap_add_common_vars()</code>, such as <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>,
+    <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code>, <code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code>,
+    <code class="module"><a href="../mod/mod_proxy_scgi.html">mod_proxy_scgi</a></code>, and so on.  Notably, it affects
+    modules which don't handle the request in the usual sense but
+    still use this API; examples of this are <code class="module"><a href="../mod/mod_include.html">mod_include</a></code>
+    and <code class="module"><a href="../mod/mod_ext_filter.html">mod_ext_filter</a></code>.  Third-party modules that don't
+    use <code>ap_add_common_vars()</code> may choose to respect the setting
+    as well.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="ContentDigest" id="ContentDigest">ContentDigest</a> <a name="contentdigest" id="contentdigest">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables the generation of <code>Content-MD5</code> HTTP Response
@@ -4487,7 +4526,6 @@ hostname or IP address</td></tr>
     different sections are combined when a request is received</li>
 </ul>
 </div>
-
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../de/mod/core.html" hreflang="de" rel="alternate" title="Deutsch">&nbsp;de&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.de
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.de?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.de (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.de Wed Apr 15 17:03:08 2015
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.de.xsl"?>
-<!-- English Revision: 344972:1673805 (outdated) -->
+<!-- English Revision: 344972:1673860 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.es
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.es?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.es (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.es Wed Apr 15 17:03:08 2015
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
-<!-- English Revision: 1040494:1673805 (outdated) -->
+<!-- English Revision: 1040494:1673860 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.fr?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.fr Wed Apr 15 17:03:08 2015
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1670326:1673805 (outdated) -->
+<!-- English Revision: 1670326:1673860 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.ja?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.ja [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.ja [utf-8] Wed Apr 15 17:03:08 2015
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 669847:1673805 (outdated) -->
+<!-- English Revision: 669847:1673860 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.tr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.tr?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.tr [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml.tr [utf-8] Wed Apr 15 17:03:08 2015
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.tr.xsl"?>
-<!-- English Revision: 1647230:1673805 (outdated) -->
+<!-- English Revision: 1647230:1673860 (outdated) -->
 <!-- =====================================================
  Translated by: Nilgün Belma Bugüner <nilgun belgeler.gen.tr>
    Reviewed by: Orhan Berent <berent belgeler.gen.tr>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/directives.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/directives.html.en Wed Apr 15 17:03:08 2015
@@ -197,6 +197,7 @@
 <li><a href="mod_cache.html#cachestoreprivate">CacheStorePrivate</a></li>
 <li><a href="mod_cgid.html#cgidscripttimeout">CGIDScriptTimeout</a></li>
 <li><a href="core.html#cgimapextension">CGIMapExtension</a></li>
+<li><a href="core.html#cgipassauth">CGIPassAuth</a></li>
 <li><a href="mod_charset_lite.html#charsetdefault">CharsetDefault</a></li>
 <li><a href="mod_charset_lite.html#charsetoptions">CharsetOptions</a></li>
 <li><a href="mod_charset_lite.html#charsetsourceenc">CharsetSourceEnc</a></li>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/event.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/event.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/event.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/event.html.en Wed Apr 15 17:03:08 2015
@@ -48,7 +48,11 @@ of consuming threads only for connection
       script's arguments when building the <code class="program"><a href="../programs/httpd.html">httpd</a></code>.</p>
 
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requirements">Requirements</a></li>
+</ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#asyncrequestworkerfactor">AsyncRequestWorkerFactor</a></li>
 <li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></li>
@@ -71,67 +75,11 @@ of consuming threads only for connection
 <li><img alt="" src="../images/right.gif" /> <a href="mpm_common.html#threadstacksize">ThreadStackSize</a></li>
 <li><img alt="" src="../images/right.gif" /> <a href="mod_unixd.html#user">User</a></li>
 </ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#how-it-works">How it Works</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#requirements">Requirements</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
 <ul class="seealso">
 <li><a href="worker.html">The worker MPM</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AsyncRequestWorkerFactor" id="AsyncRequestWorkerFactor">AsyncRequestWorkerFactor</a> <a name="asyncrequestworkerfactor" id="asyncrequestworkerfactor">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Limit concurrent connections per process</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AsyncRequestWorkerFactor <var>factor</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>2</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>MPM</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>event</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.3.13 and later</td></tr>
-</table>
-    <p>The event MPM handles some connections in an asynchronous way, where
-    request worker threads are only allocated for short periods of time as
-    needed, and other connections with one request worker thread reserved per
-    connection. This can lead to situations where all workers are tied up and
-    no worker thread is available to handle new work on established async
-    connections.</p>
-
-    <p>To mitigate this problem, the event MPM does two things: Firstly, it
-    limits the number of connections accepted per process, depending on the
-    number of idle request workers. Secondly, if all workers are busy, it will
-    close connections in keep-alive state even if the keep-alive timeout has
-    not expired. This allows the respective clients to reconnect to a
-    different process which may still have worker threads available.</p>
-
-    <p>This directive can be used to fine-tune the per-process connection
-    limit. A process will only accept new connections if the current number of
-    connections (not counting connections in the "closing" state) is lower
-    than:</p>
-
-    <p class="indent"><strong>
-        <code class="directive"><a href="../mod/mpm_common.html#threadsperchild">ThreadsPerChild</a></code> +
-        (<code class="directive">AsyncRequestWorkerFactor</code> *
-        <var>number of idle workers</var>)
-    </strong></p>
-
-    <p>This means the absolute maximum numbers of concurrent connections is:</p>
-
-    <p class="indent"><strong>
-        (<code class="directive">AsyncRequestWorkerFactor</code> + 1) *
-        <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code>
-    </strong></p>
-
-    <p><code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> was called
-    <code class="directive">MaxClients</code> prior to version 2.3.13. The above value
-    shows that the old name did not accurately describe its meaning for the event MPM.</p>
-
-    <p><code class="directive">AsyncRequestWorkerFactor</code> can take non-integer
-    arguments, e.g "1.5".</p>
-
-
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="how-it-works" id="how-it-works">How it Works</a></h2>
     <p>This MPM tries to fix the 'keep alive problem' in HTTP. After a client
@@ -198,6 +146,58 @@ of consuming threads only for connection
 
     </ul>
 </div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AsyncRequestWorkerFactor" id="AsyncRequestWorkerFactor">AsyncRequestWorkerFactor</a> <a name="asyncrequestworkerfactor" id="asyncrequestworkerfactor">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Limit concurrent connections per process</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AsyncRequestWorkerFactor <var>factor</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>2</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>MPM</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>event</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.3.13 and later</td></tr>
+</table>
+    <p>The event MPM handles some connections in an asynchronous way, where
+    request worker threads are only allocated for short periods of time as
+    needed, and other connections with one request worker thread reserved per
+    connection. This can lead to situations where all workers are tied up and
+    no worker thread is available to handle new work on established async
+    connections.</p>
+
+    <p>To mitigate this problem, the event MPM does two things: Firstly, it
+    limits the number of connections accepted per process, depending on the
+    number of idle request workers. Secondly, if all workers are busy, it will
+    close connections in keep-alive state even if the keep-alive timeout has
+    not expired. This allows the respective clients to reconnect to a
+    different process which may still have worker threads available.</p>
+
+    <p>This directive can be used to fine-tune the per-process connection
+    limit. A process will only accept new connections if the current number of
+    connections (not counting connections in the "closing" state) is lower
+    than:</p>
+
+    <p class="indent"><strong>
+        <code class="directive"><a href="../mod/mpm_common.html#threadsperchild">ThreadsPerChild</a></code> +
+        (<code class="directive">AsyncRequestWorkerFactor</code> *
+        <var>number of idle workers</var>)
+    </strong></p>
+
+    <p>This means the absolute maximum numbers of concurrent connections is:</p>
+
+    <p class="indent"><strong>
+        (<code class="directive">AsyncRequestWorkerFactor</code> + 1) *
+        <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code>
+    </strong></p>
+
+    <p><code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> was called
+    <code class="directive">MaxClients</code> prior to version 2.3.13. The above value
+    shows that the old name did not accurately describe its meaning for the event MPM.</p>
+
+    <p><code class="directive">AsyncRequestWorkerFactor</code> can take non-integer
+    arguments, e.g "1.5".</p>
+
+
+</div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/event.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_access_compat.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_access_compat.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_access_compat.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_access_compat.html.en Wed Apr 15 17:03:08 2015
@@ -91,6 +91,7 @@ have been deprecated by the new authz re
 <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
 <li><code class="module"><a href="../mod/mod_authz_core.html">mod_authz_core</a></code></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2>
 <table class="directive">
@@ -458,7 +459,6 @@ Satisfy Any</pre>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
 </ul>
 </div>
-
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_access_compat.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_actions.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_actions.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_actions.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_actions.html.en Wed Apr 15 17:03:08 2015
@@ -53,6 +53,7 @@
 <li><a href="../howto/cgi.html">Dynamic Content with CGI</a></li>
 <li><a href="../handler.html">Apache httpd's Handler Use</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Action" id="Action">Action</a> <a name="action" id="action">Directive</a></h2>
 <table class="directive">
@@ -149,7 +150,6 @@ Script PUT "/~bob/put.cgi"</pre>
 
 
 </div>
-
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../de/mod/mod_actions.html" hreflang="de" rel="alternate" title="Deutsch">&nbsp;de&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_alias.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_alias.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_alias.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_alias.html.en Wed Apr 15 17:03:08 2015
@@ -66,7 +66,10 @@
     <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
 
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li>
+</ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#alias">Alias</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#aliasmatch">AliasMatch</a></li>
@@ -77,15 +80,53 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#scriptalias">ScriptAlias</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#scriptaliasmatch">ScriptAliasMatch</a></li>
 </ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#order">Order of Processing</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
 <ul class="seealso">
 <li><code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code></li>
 <li><a href="../urlmapping.html">Mapping URLs to the filesystem</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="order" id="order">Order of Processing</a></h2>
+
+    <p>Aliases and Redirects occurring in different contexts are processed
+    like other directives according to standard <a href="../sections.html#mergin">merging rules</a>.  But when multiple
+    Aliases or Redirects occur in the same context (for example, in the
+    same <code class="directive"><a href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
+    section) they are processed in a particular order.</p>
+
+    <p>First, all Redirects are processed before Aliases are processed,
+    and therefore a request that matches a <code class="directive"><a href="#redirect">Redirect</a></code> or <code class="directive"><a href="#redirectmatch">RedirectMatch</a></code> will never have Aliases
+    applied.  Second, the Aliases and Redirects are processed in the order
+    they appear in the configuration files, with the first match taking
+    precedence.</p>
+
+    <p>For this reason, when two or more of these directives apply to the
+    same sub-path, you must list the most specific path first in order for
+    all the directives to have an effect.  For example, the following
+    configuration will work as expected:</p>
+
+    <pre class="prettyprint lang-config">Alias "/foo/bar" "/baz"
+Alias "/foo" "/gaq"</pre>
+
+
+    <p>But if the above two directives were reversed in order, the
+    <code>/foo</code> <code class="directive"><a href="#alias">Alias</a></code>
+    would always match before the <code>/foo/bar</code> <code class="directive"><a href="#alias">Alias</a></code>, so the latter directive would be
+    ignored.</p>
+
+    <p>When the <code class="directive"><a href="#alias">Alias</a></code>,
+    <code class="directive"><a href="#scriptalias">ScriptAlias</a></code> and
+    <code class="directive"><a href="#redirect">Redirect</a></code> directives are used
+    within a <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code>
+    or <code class="directive"><a href="../mod/core.html#locationmatch">&lt;LocationMatch&gt;</a></code>
+    section, these directives will take precedence over any globally
+    defined <code class="directive"><a href="#alias">Alias</a></code>,
+    <code class="directive"><a href="#scriptalias">ScriptAlias</a></code> and
+    <code class="directive"><a href="#redirect">Redirect</a></code> directives.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Alias" id="Alias">Alias</a> <a name="alias" id="alias">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maps URLs to filesystem locations</td></tr>
@@ -557,47 +598,6 @@ and designates the target as a CGI scrip
 
 
 </div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="order" id="order">Order of Processing</a></h2>
-
-    <p>Aliases and Redirects occurring in different contexts are processed
-    like other directives according to standard <a href="../sections.html#mergin">merging rules</a>.  But when multiple
-    Aliases or Redirects occur in the same context (for example, in the
-    same <code class="directive"><a href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
-    section) they are processed in a particular order.</p>
-
-    <p>First, all Redirects are processed before Aliases are processed,
-    and therefore a request that matches a <code class="directive"><a href="#redirect">Redirect</a></code> or <code class="directive"><a href="#redirectmatch">RedirectMatch</a></code> will never have Aliases
-    applied.  Second, the Aliases and Redirects are processed in the order
-    they appear in the configuration files, with the first match taking
-    precedence.</p>
-
-    <p>For this reason, when two or more of these directives apply to the
-    same sub-path, you must list the most specific path first in order for
-    all the directives to have an effect.  For example, the following
-    configuration will work as expected:</p>
-
-    <pre class="prettyprint lang-config">Alias "/foo/bar" "/baz"
-Alias "/foo" "/gaq"</pre>
-
-
-    <p>But if the above two directives were reversed in order, the
-    <code>/foo</code> <code class="directive"><a href="#alias">Alias</a></code>
-    would always match before the <code>/foo/bar</code> <code class="directive"><a href="#alias">Alias</a></code>, so the latter directive would be
-    ignored.</p>
-
-    <p>When the <code class="directive"><a href="#alias">Alias</a></code>,
-    <code class="directive"><a href="#scriptalias">ScriptAlias</a></code> and
-    <code class="directive"><a href="#redirect">Redirect</a></code> directives are used
-    within a <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code>
-    or <code class="directive"><a href="../mod/core.html#locationmatch">&lt;LocationMatch&gt;</a></code>
-    section, these directives will take precedence over any globally
-    defined <code class="directive"><a href="#alias">Alias</a></code>,
-    <code class="directive"><a href="#scriptalias">ScriptAlias</a></code> and
-    <code class="directive"><a href="#redirect">Redirect</a></code> directives.</p>
-
-</div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_alias.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_allowmethods.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_allowmethods.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_allowmethods.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_allowmethods.html.en Wed Apr 15 17:03:08 2015
@@ -47,6 +47,7 @@ used on an server. The most common confi
 <li><img alt="" src="../images/down.gif" /> <a href="#allowmethods">AllowMethods</a></li>
 </ul>
 <ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AllowMethods" id="AllowMethods">AllowMethods</a> <a name="allowmethods" id="allowmethods">Directive</a></h2>
 <table class="directive">
@@ -79,7 +80,6 @@ kludgy implementation of <code class="di
 <code class="directive"><a href="../mod/core.html#limitexcept">LimitExcept</a></code>.</p>
 
 </div>
-
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_allowmethods.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_asis.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_asis.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_asis.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_asis.html.en Wed Apr 15 17:03:08 2015
@@ -47,13 +47,13 @@ HTTP headers</td></tr>
     <p>For historical reasons, this module will also process any
     file with the mime type <code>httpd/send-as-is</code>.</p>
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
-<p>This module provides no
-            directives.</p>
-<h3>Topics</h3>
+<div id="quickview"><h3>Topics</h3>
 <ul id="topics">
 <li><img alt="" src="../images/down.gif" /> <a href="#usage">Usage</a></li>
-</ul><h3>See also</h3>
+</ul><h3 class="directives">Directives</h3>
+<p>This module provides no
+            directives.</p>
+<h3>See also</h3>
 <ul class="seealso">
 <li><code class="module"><a href="../mod/mod_headers.html">mod_headers</a></code></li>
 <li><code class="module"><a href="../mod/mod_cern_meta.html">mod_cern_meta</a></code></li>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en Wed Apr 15 17:03:08 2015
@@ -58,6 +58,7 @@
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2>
 <table class="directive">
@@ -252,7 +253,6 @@ Digest Authentication was in force inste
     </div>
 
 </div>
-
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_basic.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_digest.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_digest.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_digest.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_digest.html.en Wed Apr 15 17:03:08 2015
@@ -46,7 +46,10 @@
     whole connection using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> is a much better
     alternative.</p>
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>
+</ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
@@ -55,10 +58,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>
 </ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
@@ -66,6 +66,48 @@
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="using" id="using">Using Digest Authentication</a></h2>
+
+    <p>To use MD5 Digest authentication, simply
+    change the normal <code>AuthType Basic</code> and
+    <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
+    to <code>AuthType Digest</code> and
+    <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>,
+    when setting up authentication, then add a
+    <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
+    URI(s) for this protection space.</p>
+
+    <p>Appropriate user (text) files can be created using the
+    <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
+
+    <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;
+    AuthType Digest
+    AuthName "private area"
+    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
+    
+    AuthDigestProvider file
+    AuthUserFile "/web/auth/.digest_pw"
+    Require valid-user
+&lt;/Location&gt;</pre>
+</div>
+
+    <div class="note"><h3>Note</h3>
+    <p>Digest authentication was intended to be more secure than basic
+    authentication, but no longer fulfills that design goal. A
+    man-in-the-middle attacker can trivially force the browser to downgrade
+    to basic authentication. And even a passive eavesdropper can brute-force
+    the password using today's graphics hardware, because the hashing
+    algorithm used by digest authentication is too fast. Another problem is
+    that the storage of the passwords on the server is insecure. The contents
+    of a stolen htdigest file can be used directly for digest authentication.
+    Therefore using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
+    strongly recommended.</p>
+    <p><code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> only works properly on platforms
+      where APR supports shared memory.</p>
+    </div>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Selects the algorithm used to calculate the challenge and
@@ -223,48 +265,6 @@ AuthDigestShmemSize 1M</pre>
 
 
 </div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="using" id="using">Using Digest Authentication</a></h2>
-
-    <p>To use MD5 Digest authentication, simply
-    change the normal <code>AuthType Basic</code> and
-    <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
-    to <code>AuthType Digest</code> and
-    <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>,
-    when setting up authentication, then add a
-    <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
-    URI(s) for this protection space.</p>
-
-    <p>Appropriate user (text) files can be created using the
-    <code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
-
-    <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;
-    AuthType Digest
-    AuthName "private area"
-    AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"
-    
-    AuthDigestProvider file
-    AuthUserFile "/web/auth/.digest_pw"
-    Require valid-user
-&lt;/Location&gt;</pre>
-</div>
-
-    <div class="note"><h3>Note</h3>
-    <p>Digest authentication was intended to be more secure than basic
-    authentication, but no longer fulfills that design goal. A
-    man-in-the-middle attacker can trivially force the browser to downgrade
-    to basic authentication. And even a passive eavesdropper can brute-force
-    the password using today's graphics hardware, because the hashing
-    algorithm used by digest authentication is too fast. Another problem is
-    that the storage of the passwords on the server is insecure. The contents
-    of a stolen htdigest file can be used directly for digest authentication.
-    Therefore using <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is
-    strongly recommended.</p>
-    <p><code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> only works properly on platforms
-      where APR supports shared memory.</p>
-    </div>
-</div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_digest.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.html.en Wed Apr 15 17:03:08 2015
@@ -61,7 +61,15 @@
     </p>
 
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#basicconfig">Basic Configuration</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#standalone">Standalone Login</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#inline">Inline Login</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#inlinepreservebody">Inline Login with Body Preservation</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#loggingout">Logging Out</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#urlencoding">Usernames and Passwords</a></li>
+</ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#authformauthoritative">AuthFormAuthoritative</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authformbody">AuthFormBody</a></li>
@@ -79,15 +87,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#authformsize">AuthFormSize</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authformusername">AuthFormUsername</a></li>
 </ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#basicconfig">Basic Configuration</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#standalone">Standalone Login</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#inline">Inline Login</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#inlinepreservebody">Inline Login with Body Preservation</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#loggingout">Logging Out</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#urlencoding">Usernames and Passwords</a></li>
-</ul><h3>See also</h3>
+<h3>See also</h3>
 <ul class="seealso">
 <li><code class="module"><a href="../mod/mod_session.html">mod_session</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
@@ -96,6 +96,253 @@
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="basicconfig" id="basicconfig">Basic Configuration</a></h2>
+
+      <p>To protect a particular URL with <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code>, you need to
+      decide where you will store your <var>session</var>, and you will need to
+      decide what method you will use to authenticate. In this simple example, the
+      login details will be stored in a session based on
+      <code class="module"><a href="../mod/mod_session_cookie.html">mod_session_cookie</a></code>, and authentication will be attempted against
+      a file using <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. If authentication is unsuccessful,
+      the user will be redirected to the form login page.</p>
+
+      <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file
+AuthUserFile "conf/passwd"
+AuthType form
+AuthName realm
+AuthFormLoginRequiredLocation "http://example.com/login.html"
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret</pre>
+</div>
+
+      <p>The directive <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> will enable
+      the <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> authentication when set to the value <var>form</var>.
+      The directives <code class="directive"><a href="#authformprovider">AuthFormProvider</a></code> and
+      <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> specify that usernames
+      and passwords should be checked against the chosen file.</p>
+
+      <p>The directives <code class="directive"><a href="../mod/mod_session.html#session">Session</a></code>,
+      <code class="directive"><a href="../mod/mod_session_cookie.html#sessioncookiename">SessionCookieName</a></code> and
+      <code class="directive"><a href="../mod/mod_session_crypto.html#sessioncryptopassphrase">SessionCryptoPassphrase</a></code> create an
+      encrypted session stored within an HTTP cookie on the browser. For more information
+      on the different options for configuring a session, read the documentation for
+      <code class="module"><a href="../mod/mod_session.html">mod_session</a></code>.</p>
+
+      <p>In the simple example above, a URL has been protected by
+      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code>, but the user has yet to be given an opportunity to
+      enter their username and password. Options for doing so include providing a
+      dedicated standalone login page for this purpose, or for providing the login
+      page inline.</p>
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="standalone" id="standalone">Standalone Login</a></h2>
+
+      <p>The login form can be hosted as a standalone page, or can be provided inline on
+      the same page.</p>
+
+      <p>When configuring the login as a standalone page, unsuccessful authentication
+      attempts should be redirected to a login form created by the website for this purpose,
+      using the <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code>
+      directive. Typically this login page will contain an HTML form, asking the user to
+      provide their usename and password.</p>
+
+      <div class="example"><h3>Example login form</h3><pre class="prettyprint lang-html">&lt;form method="POST" action="/dologin.html"&gt;
+  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
+  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
+  &lt;input type="submit" name="login" value="Login" /&gt;
+&lt;/form&gt;</pre>
+</div>
+
+      <p>The part that does the actual login is handled by the <var>form-login-handler</var>.
+      The action of the form should point at this handler, which is configured within
+      Apache httpd as follows:</p>
+
+      <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location "/dologin.html"&gt;
+    SetHandler form-login-handler
+    AuthFormLoginRequiredLocation "http://example.com/login.html"
+    AuthFormLoginSuccessLocation "http://example.com/success.html"
+    AuthFormProvider file
+    AuthUserFile "conf/passwd"
+    AuthType form
+    AuthName realm
+    Session On
+    SessionCookieName session path=/
+    SessionCryptoPassphrase secret
+&lt;/Location&gt;</pre>
+</div>
+
+      <p>The URLs specified by the
+      <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive will typically
+      point to a page explaining to the user that their login attempt was unsuccessful, and they
+      should try again.  The <code class="directive"><a href="#authformloginsuccesslocation">AuthFormLoginSuccessLocation</a></code>
+      directive specifies the URL the user should be redirected to upon successful login.</p>
+
+      <p>Alternatively, the URL to redirect the user to on success can be embedded within the login
+      form, as in the example below. As a result, the same <var>form-login-handler</var> can be
+      reused for different areas of a website.</p>
+
+      <div class="example"><h3>Example login form with location</h3><pre class="prettyprint lang-html">&lt;form method="POST" action="/dologin.html"&gt;
+  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
+  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
+  &lt;input type="submit" name="login" value="Login" /&gt;
+  &lt;input type="hidden" name="httpd_location" value="http://example.com/success.html" /&gt;
+&lt;/form&gt;</pre>
+</div>
+
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="inline" id="inline">Inline Login</a></h2>
+
+      <div class="warning"><h3>Warning</h3>
+        <p>A risk exists that under certain circumstances, the login form configured
+        using inline login may be submitted more than once, revealing login credentials to
+        the application running underneath. The administrator must ensure that the underlying
+        application is properly secured to prevent abuse. If in doubt, use the
+        standalone login configuration.</p>
+      </div>
+
+      <p>As an alternative to having a dedicated login page for a website, it is possible to
+      configure <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> to authenticate users inline, without being
+      redirected to another page. This allows the state of the current page to be preserved
+      during the login attempt. This can be useful in a situation where a time limited
+      session is in force, and the session times out in the middle of the user request. The
+      user can be re-authenticated in place, and they can continue where they left off.</p>
+
+      <p>If a non-authenticated user attempts to access a page protected by
+      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> that isn't configured with a
+      <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive,
+      a <var>HTTP_UNAUTHORIZED</var> status code is returned to the browser indicating to the user
+      that they are not authorized to view the page.</p>
+
+      <p>To configure inline authentication, the administrator overrides the error document
+      returned by the <var>HTTP_UNAUTHORIZED</var> status code with a custom error document
+      containing the login form, as follows:</p>
+
+      <div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file
+ErrorDocument 401 "/login.shtml"
+AuthUserFile "conf/passwd"
+AuthType form
+AuthName realm
+AuthFormLoginRequiredLocation "http://example.com/login.html"
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret</pre>
+</div>
+
+      <p>The error document page should contain a login form with an empty action property,
+      as per the example below.  This has the effect of submitting the form to
+      the original protected URL, without the page having to know what that
+      URL is.</p>
+
+      <div class="example"><h3>Example inline login form</h3><pre class="prettyprint lang-html">&lt;form method="POST" <strong>action=""</strong>&gt;
+  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
+  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
+  &lt;input type="submit" name="login" value="Login" /&gt;
+&lt;/form&gt;</pre>
+</div>
+
+      <p>When the end user has filled in their login details, the form will make
+      an HTTP POST request to the original password protected URL.
+      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> will intercept this POST request, and if
+      HTML fields are found present for the username and password, the user
+      will be logged in, and the original password protected URL will be returned
+      to the user as a GET request.</p>
+
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="inlinepreservebody" id="inlinepreservebody">Inline Login with Body Preservation</a></h2>
+
+      <p>A limitation of the inline login technique described above is that should an
+      HTML form POST have resulted in the request to authenticate or
+      reauthenticate, the
+      contents of the original form posted by the browser will be lost. Depending on
+      the function of the website, this could present significant inconvenience for the
+      end user.</p>
+
+      <p><code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> addresses this by allowing the method and body
+      of the original request to be embedded in the login form. If authentication
+      is successful, the original method and body will be retried by Apache httpd, preserving
+      the state of the original request.</p>
+
+      <p>To enable body preservation, add three additional fields to the login form as
+      per the example below.</p>
+
+      <div class="example"><h3>Example with body preservation</h3><pre class="prettyprint lang-html">&lt;form method="POST" action=""&gt;
+  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
+  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
+  &lt;input type="submit" name="login" value="Login" /&gt;
+  <br />  <strong>&lt;input type="hidden" name="httpd_method" value="POST" /&gt;
+  &lt;input type="hidden" name="httpd_mimetype" value="application/x-www-form-urlencoded" /&gt;
+  &lt;input type="hidden" name="httpd_body" value="name1=value1&amp;name2=value2" /&gt;</strong><br />
+&lt;/form&gt;</pre>
+</div>
+
+      <p>How the method, mimetype and body of the original request are embedded within the
+      login form will depend on the platform and technology being used within the website.
+      </p>
+
+      <p>One option is to use the <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> module along with the
+      <code class="directive"><a href="../mod/mod_request.html#keptbodysize">KeptBodySize</a></code> directive, along with a suitable
+      CGI script to embed the variables in the form.</p>
+
+      <p>Another option is to render the login form using a CGI script or other dynamic
+      technology.</p>
+
+      <div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config">        AuthFormProvider file
+        ErrorDocument 401 "/cgi-bin/login.cgi"
+        ...</pre>
+</div>
+
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="loggingout" id="loggingout">Logging Out</a></h2>
+
+      <p>To enable a user to log out of a particular session, configure a page to
+      be handled by the <var>form-logout-handler</var>. Any attempt to access this
+      URL will cause the username and password to be removed from the current
+      session, effectively logging the user out.</p>
+
+      <p>By setting the
+      <code class="directive"><a href="#authformlogoutlocation">AuthFormLogoutLocation</a></code> directive,
+      a URL can be specified that the browser will be redirected to on successful
+      logout. This URL might explain to the user that they have been logged out, and
+      give the user the option to log in again.</p>
+
+      <div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
+AuthName realm
+AuthFormLogoutLocation "http://example.com/loggedout.html"
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret</pre>
+</div>
+
+      <p>Note that logging a user out does not delete the session; it merely removes
+      the username and password from the session. If this results in an empty session,
+      the net effect will be the removal of that session, but this is not
+      guaranteed. If you want to guarantee the removal of a session, set the
+      <code class="directive"><a href="../mod/mod_session.html#sessionmaxage">SessionMaxAge</a></code> directive to a small
+      value, like 1 (setting the directive to zero would mean no session age limit).
+      </p>
+
+      <div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
+AuthFormLogoutLocation "http://example.com/loggedout.html"
+Session On
+SessionMaxAge 1
+SessionCookieName session path=/
+SessionCryptoPassphrase secret</pre>
+</div>
+
+    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="urlencoding" id="urlencoding">Usernames and Passwords</a></h2>
+    <p>Note that form submission involves URLEncoding the form data:
+    in this case the username and password.  You should therefore
+    pick usernames and passwords that avoid characters that are
+    URLencoded in form submission, or you may get unexpected results.</p>
+    </div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthFormAuthoritative" id="AuthFormAuthoritative">AuthFormAuthoritative</a> <a name="authformauthoritative" id="authformauthoritative">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization and authentication are passed to
@@ -451,253 +698,6 @@ parser has been added in 2.4.4.</td></tr
     in.</p>
 
 </div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="basicconfig" id="basicconfig">Basic Configuration</a></h2>
-
-      <p>To protect a particular URL with <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code>, you need to
-      decide where you will store your <var>session</var>, and you will need to
-      decide what method you will use to authenticate. In this simple example, the
-      login details will be stored in a session based on
-      <code class="module"><a href="../mod/mod_session_cookie.html">mod_session_cookie</a></code>, and authentication will be attempted against
-      a file using <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. If authentication is unsuccessful,
-      the user will be redirected to the form login page.</p>
-
-      <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">AuthFormProvider file
-AuthUserFile "conf/passwd"
-AuthType form
-AuthName realm
-AuthFormLoginRequiredLocation "http://example.com/login.html"
-Session On
-SessionCookieName session path=/
-SessionCryptoPassphrase secret</pre>
-</div>
-
-      <p>The directive <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> will enable
-      the <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> authentication when set to the value <var>form</var>.
-      The directives <code class="directive"><a href="#authformprovider">AuthFormProvider</a></code> and
-      <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> specify that usernames
-      and passwords should be checked against the chosen file.</p>
-
-      <p>The directives <code class="directive"><a href="../mod/mod_session.html#session">Session</a></code>,
-      <code class="directive"><a href="../mod/mod_session_cookie.html#sessioncookiename">SessionCookieName</a></code> and
-      <code class="directive"><a href="../mod/mod_session_crypto.html#sessioncryptopassphrase">SessionCryptoPassphrase</a></code> create an
-      encrypted session stored within an HTTP cookie on the browser. For more information
-      on the different options for configuring a session, read the documentation for
-      <code class="module"><a href="../mod/mod_session.html">mod_session</a></code>.</p>
-
-      <p>In the simple example above, a URL has been protected by
-      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code>, but the user has yet to be given an opportunity to
-      enter their username and password. Options for doing so include providing a
-      dedicated standalone login page for this purpose, or for providing the login
-      page inline.</p>
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="standalone" id="standalone">Standalone Login</a></h2>
-
-      <p>The login form can be hosted as a standalone page, or can be provided inline on
-      the same page.</p>
-
-      <p>When configuring the login as a standalone page, unsuccessful authentication
-      attempts should be redirected to a login form created by the website for this purpose,
-      using the <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code>
-      directive. Typically this login page will contain an HTML form, asking the user to
-      provide their usename and password.</p>
-
-      <div class="example"><h3>Example login form</h3><pre class="prettyprint lang-html">&lt;form method="POST" action="/dologin.html"&gt;
-  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
-  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
-  &lt;input type="submit" name="login" value="Login" /&gt;
-&lt;/form&gt;</pre>
-</div>
-
-      <p>The part that does the actual login is handled by the <var>form-login-handler</var>.
-      The action of the form should point at this handler, which is configured within
-      Apache httpd as follows:</p>
-
-      <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">&lt;Location "/dologin.html"&gt;
-    SetHandler form-login-handler
-    AuthFormLoginRequiredLocation "http://example.com/login.html"
-    AuthFormLoginSuccessLocation "http://example.com/success.html"
-    AuthFormProvider file
-    AuthUserFile "conf/passwd"
-    AuthType form
-    AuthName realm
-    Session On
-    SessionCookieName session path=/
-    SessionCryptoPassphrase secret
-&lt;/Location&gt;</pre>
-</div>
-
-      <p>The URLs specified by the
-      <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive will typically
-      point to a page explaining to the user that their login attempt was unsuccessful, and they
-      should try again.  The <code class="directive"><a href="#authformloginsuccesslocation">AuthFormLoginSuccessLocation</a></code>
-      directive specifies the URL the user should be redirected to upon successful login.</p>
-
-      <p>Alternatively, the URL to redirect the user to on success can be embedded within the login
-      form, as in the example below. As a result, the same <var>form-login-handler</var> can be
-      reused for different areas of a website.</p>
-
-      <div class="example"><h3>Example login form with location</h3><pre class="prettyprint lang-html">&lt;form method="POST" action="/dologin.html"&gt;
-  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
-  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
-  &lt;input type="submit" name="login" value="Login" /&gt;
-  &lt;input type="hidden" name="httpd_location" value="http://example.com/success.html" /&gt;
-&lt;/form&gt;</pre>
-</div>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="inline" id="inline">Inline Login</a></h2>
-
-      <div class="warning"><h3>Warning</h3>
-        <p>A risk exists that under certain circumstances, the login form configured
-        using inline login may be submitted more than once, revealing login credentials to
-        the application running underneath. The administrator must ensure that the underlying
-        application is properly secured to prevent abuse. If in doubt, use the
-        standalone login configuration.</p>
-      </div>
-
-      <p>As an alternative to having a dedicated login page for a website, it is possible to
-      configure <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> to authenticate users inline, without being
-      redirected to another page. This allows the state of the current page to be preserved
-      during the login attempt. This can be useful in a situation where a time limited
-      session is in force, and the session times out in the middle of the user request. The
-      user can be re-authenticated in place, and they can continue where they left off.</p>
-
-      <p>If a non-authenticated user attempts to access a page protected by
-      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> that isn't configured with a
-      <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive,
-      a <var>HTTP_UNAUTHORIZED</var> status code is returned to the browser indicating to the user
-      that they are not authorized to view the page.</p>
-
-      <p>To configure inline authentication, the administrator overrides the error document
-      returned by the <var>HTTP_UNAUTHORIZED</var> status code with a custom error document
-      containing the login form, as follows:</p>
-
-      <div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">AuthFormProvider file
-ErrorDocument 401 "/login.shtml"
-AuthUserFile "conf/passwd"
-AuthType form
-AuthName realm
-AuthFormLoginRequiredLocation "http://example.com/login.html"
-Session On
-SessionCookieName session path=/
-SessionCryptoPassphrase secret</pre>
-</div>
-
-      <p>The error document page should contain a login form with an empty action property,
-      as per the example below.  This has the effect of submitting the form to
-      the original protected URL, without the page having to know what that
-      URL is.</p>
-
-      <div class="example"><h3>Example inline login form</h3><pre class="prettyprint lang-html">&lt;form method="POST" <strong>action=""</strong>&gt;
-  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
-  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
-  &lt;input type="submit" name="login" value="Login" /&gt;
-&lt;/form&gt;</pre>
-</div>
-
-      <p>When the end user has filled in their login details, the form will make
-      an HTTP POST request to the original password protected URL.
-      <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> will intercept this POST request, and if
-      HTML fields are found present for the username and password, the user
-      will be logged in, and the original password protected URL will be returned
-      to the user as a GET request.</p>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="inlinepreservebody" id="inlinepreservebody">Inline Login with Body Preservation</a></h2>
-
-      <p>A limitation of the inline login technique described above is that should an
-      HTML form POST have resulted in the request to authenticate or
-      reauthenticate, the
-      contents of the original form posted by the browser will be lost. Depending on
-      the function of the website, this could present significant inconvenience for the
-      end user.</p>
-
-      <p><code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> addresses this by allowing the method and body
-      of the original request to be embedded in the login form. If authentication
-      is successful, the original method and body will be retried by Apache httpd, preserving
-      the state of the original request.</p>
-
-      <p>To enable body preservation, add three additional fields to the login form as
-      per the example below.</p>
-
-      <div class="example"><h3>Example with body preservation</h3><pre class="prettyprint lang-html">&lt;form method="POST" action=""&gt;
-  Username: &lt;input type="text" name="httpd_username" value="" /&gt;
-  Password: &lt;input type="password" name="httpd_password" value="" /&gt;
-  &lt;input type="submit" name="login" value="Login" /&gt;
-  <br />  <strong>&lt;input type="hidden" name="httpd_method" value="POST" /&gt;
-  &lt;input type="hidden" name="httpd_mimetype" value="application/x-www-form-urlencoded" /&gt;
-  &lt;input type="hidden" name="httpd_body" value="name1=value1&amp;name2=value2" /&gt;</strong><br />
-&lt;/form&gt;</pre>
-</div>
-
-      <p>How the method, mimetype and body of the original request are embedded within the
-      login form will depend on the platform and technology being used within the website.
-      </p>
-
-      <p>One option is to use the <code class="module"><a href="../mod/mod_include.html">mod_include</a></code> module along with the
-      <code class="directive"><a href="../mod/mod_request.html#keptbodysize">KeptBodySize</a></code> directive, along with a suitable
-      CGI script to embed the variables in the form.</p>
-
-      <p>Another option is to render the login form using a CGI script or other dynamic
-      technology.</p>
-
-      <div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config">        AuthFormProvider file
-        ErrorDocument 401 "/cgi-bin/login.cgi"
-        ...</pre>
-</div>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="loggingout" id="loggingout">Logging Out</a></h2>
-
-      <p>To enable a user to log out of a particular session, configure a page to
-      be handled by the <var>form-logout-handler</var>. Any attempt to access this
-      URL will cause the username and password to be removed from the current
-      session, effectively logging the user out.</p>
-
-      <p>By setting the
-      <code class="directive"><a href="#authformlogoutlocation">AuthFormLogoutLocation</a></code> directive,
-      a URL can be specified that the browser will be redirected to on successful
-      logout. This URL might explain to the user that they have been logged out, and
-      give the user the option to log in again.</p>
-
-      <div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
-AuthName realm
-AuthFormLogoutLocation "http://example.com/loggedout.html"
-Session On
-SessionCookieName session path=/
-SessionCryptoPassphrase secret</pre>
-</div>
-
-      <p>Note that logging a user out does not delete the session; it merely removes
-      the username and password from the session. If this results in an empty session,
-      the net effect will be the removal of that session, but this is not
-      guaranteed. If you want to guarantee the removal of a session, set the
-      <code class="directive"><a href="../mod/mod_session.html#sessionmaxage">SessionMaxAge</a></code> directive to a small
-      value, like 1 (setting the directive to zero would mean no session age limit).
-      </p>
-
-      <div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">SetHandler form-logout-handler
-AuthFormLogoutLocation "http://example.com/loggedout.html"
-Session On
-SessionMaxAge 1
-SessionCookieName session path=/
-SessionCryptoPassphrase secret</pre>
-</div>
-
-    </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="urlencoding" id="urlencoding">Usernames and Passwords</a></h2>
-    <p>Note that form submission involves URLEncoding the form data:
-    in this case the username and password.  You should therefore
-    pick usernames and passwords that avoid characters that are
-    URLencoded in form submission, or you may get unexpected results.</p>
-    </div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_form.html" title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_anon.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_anon.html.en?rev=1673873&r1=1673872&r2=1673873&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_anon.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authn_anon.html.en Wed Apr 15 17:03:08 2015
@@ -55,7 +55,10 @@
     via the <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
     directive with the <code>anon</code> value.</p>
 </div>
-<div id="quickview"><h3 class="directives">Directives</h3>
+<div id="quickview"><h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
+</ul><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
@@ -63,10 +66,50 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
 </ul>
-<h3>Topics</h3>
-<ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li>
-</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="example" id="example">Example</a></h2>
+    <p>The example below is combined with "normal" htpasswd-file based
+    authentication and allows users in additionally as 'guests' with the
+    following properties:</p>
+
+    <ul>
+      <li>It insists that the user enters a userID.
+      (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserID</a></code>)</li>
+
+      <li>It insists that the user enters a password.
+      (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
+
+      <li>The password entered must be a valid email address, <em>i.e.</em>
+      contain at least one '@' and a '.'.
+      (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
+
+      <li>The userID must be one of <code>anonymous guest www test
+      welcome</code> and comparison is <strong>not</strong> case
+      sensitive. (<code class="directive"><a href="#anonymous">Anonymous</a></code>)</li>
+
+      <li>And the Email addresses entered in the passwd field are
+      logged to the error log file.
+      (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
+    </ul>
+
+    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory "/var/www/html/private"&gt;
+    AuthName "Use 'anonymous' &amp; Email address for guest entry"
+    AuthType Basic
+    AuthBasicProvider file anon
+    AuthUserFile "/path/to/your/.htpasswd"
+    
+    Anonymous_NoUserID off
+    Anonymous_MustGiveEmail on
+    Anonymous_VerifyEmail on
+    Anonymous_LogEmail on
+    Anonymous anonymous guest www test welcome
+    
+    Require valid-user
+&lt;/Directory&gt;</pre>
+</div>
+</div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2>
 <table class="directive">
@@ -167,49 +210,6 @@ formatted email address</td></tr>
     addresses (see the above <code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>).</p>
 
 </div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
-<h2><a name="example" id="example">Example</a></h2>
-    <p>The example below is combined with "normal" htpasswd-file based
-    authentication and allows users in additionally as 'guests' with the
-    following properties:</p>
-
-    <ul>
-      <li>It insists that the user enters a userID.
-      (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserID</a></code>)</li>
-
-      <li>It insists that the user enters a password.
-      (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
-
-      <li>The password entered must be a valid email address, <em>i.e.</em>
-      contain at least one '@' and a '.'.
-      (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
-
-      <li>The userID must be one of <code>anonymous guest www test
-      welcome</code> and comparison is <strong>not</strong> case
-      sensitive. (<code class="directive"><a href="#anonymous">Anonymous</a></code>)</li>
-
-      <li>And the Email addresses entered in the passwd field are
-      logged to the error log file.
-      (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
-    </ul>
-
-    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Directory "/var/www/html/private"&gt;
-    AuthName "Use 'anonymous' &amp; Email address for guest entry"
-    AuthType Basic
-    AuthBasicProvider file anon
-    AuthUserFile "/path/to/your/.htpasswd"
-    
-    Anonymous_NoUserID off
-    Anonymous_MustGiveEmail on
-    Anonymous_VerifyEmail on
-    Anonymous_LogEmail on
-    Anonymous anonymous guest www test welcome
-    
-    Require valid-user
-&lt;/Directory&gt;</pre>
-</div>
-</div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authn_anon.html" title="English">&nbsp;en&nbsp;</a> |



Mime
View raw message