Ää»ß¤ÈºÆµ¯Æ°

++Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2

Ää»ß¤ÈºÆµ¯Æ°

Available Languages: de | + en | +Index: docs/manual/invoking.html.ko.euc-kr +=================================================================== +--- docs/manual/invoking.html.ko.euc-kr (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/invoking.html.ko.euc-kr (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2

¾ÆÆÄÄ¡ ½ÃÀÛ

++Apache > HTTP Server > Documentation > Version 2.2

¾ÆÆÄÄ¡ ½ÃÀÛ

°¡´ÉÇÑ ¾ð¾î: de | + en | +Index: docs/manual/developer/documenting.html.en +=================================================================== +--- docs/manual/developer/documenting.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/documenting.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Documenting Apache 2.0

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Documenting Apache 2.0

Available Languages: en

+Index: docs/manual/developer/modules.html.ja.euc-jp +=================================================================== +--- docs/manual/developer/modules.html.ja.euc-jp (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/modules.html.ja.euc-jp (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > Developer Documentation

¥â¥¸¥å¡¼¥ë¤Î Apache 1.3 ¤«¤é Apache 2.0 ¤Ø¤Î°Ü¿¢

++Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > Developer Documentation

¥â¥¸¥å¡¼¥ë¤Î Apache 1.3 ¤«¤é Apache 2.0 ¤Ø¤Î°Ü¿¢

Available Languages: en | + ja

+Index: docs/manual/developer/debugging.html.en +=================================================================== +--- docs/manual/developer/debugging.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/debugging.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Debugging Memory Allocation in APR

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Debugging Memory Allocation in APR

Available Languages: en

+Index: docs/manual/developer/modules.html.en +=================================================================== +--- docs/manual/developer/modules.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/modules.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Converting Modules from Apache 1.3 to Apache 2.0

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Converting Modules from Apache 1.3 to Apache 2.0

Available Languages: en | + ja

+Index: docs/manual/developer/filters.html.en +=================================================================== +--- docs/manual/developer/filters.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/filters.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

How filters work in Apache 2.0

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

How filters work in Apache 2.0

Available Languages: en

+Index: docs/manual/developer/API.html.en +=================================================================== +--- docs/manual/developer/API.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/API.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 1.3 API notes

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 1.3 API notes

Available Languages: en

+Index: docs/manual/developer/thread_safety.html.en +=================================================================== +--- docs/manual/developer/thread_safety.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/thread_safety.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Thread Safety Issues

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Thread Safety Issues

Available Languages: en

+Index: docs/manual/developer/hooks.html.en +=================================================================== +--- docs/manual/developer/hooks.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/hooks.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Hook Functions

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Hook Functions

Available Languages: en

+Index: docs/manual/developer/request.html.en +=================================================================== +--- docs/manual/developer/request.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/request.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Request Processing in Apache 2.0

++Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Request Processing in Apache 2.0

Available Languages: en

+Index: docs/manual/developer/index.html.en +=================================================================== +--- docs/manual/developer/index.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/developer/index.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2

Developer Documentation for Apache 2.0

++Apache > HTTP Server > Documentation > Version 2.2

Developer Documentation for Apache 2.0

Available Languages: en

+Index: docs/manual/upgrading.xml.ko +=================================================================== +--- docs/manual/upgrading.xml.ko (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/upgrading.xml.ko (.../branches/2.2.x) (wersja 358411) +@@ -1,7 +1,7 @@ + + + +- ++ + + ++ + + ++Access Control - Apache HTTP Server ++ ++ ++ ++ ++ ++

++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

Access Control

Available Languages: en

++ ++

Access control refers to any means of controlling access to any ++ resource. This is separate from authentication and authorization.

Related Modules and Directives
Access control by host
Access control by environment variable
Access control with mod_rewrite
More information

Related Modules and Directives

++ ++

Access control can be done by several different modules. The most ++important of these is mod_authz_host. Other modules ++discussed in this document include mod_setenvif and ++mod_rewrite.

++ ++

Access control by host

++ If you wish to restrict access to portions of your site based on the ++ host address of your visitors, this is most easily done using ++ mod_authz_host. ++

++ ++

The Allow and ++ Deny directives let ++ you allow and deny access based on the host name, or host ++ address, of the machine requesting a document. The ++ Order directive goes ++ hand-in-hand with these two, and tells Apache in which order to ++ apply the filters.

++ ++

The usage of these directives is:

++ ++

++ Allow from address ++

++ ++

where address is an IP address (or a partial IP ++ address) or a fully qualified domain name (or a partial domain ++ name); you may provide multiple addresses or domain names, if ++ desired.

++ ++

For example, if you have someone spamming your message ++ board, and you want to keep them out, you could do the ++ following:

++ ++

++ Deny from 205.252.46.165 ++

++ ++

Visitors coming from that address will not be able to see ++ the content covered by this directive. If, instead, you have a ++ machine name, rather than an IP address, you can use that.

++ ++

++ Deny from host.example.com ++

++ ++

And, if you'd like to block access from an entire domain, ++ you can specify just part of an address or domain name:

++ ++

++ Deny from 192.101.205 ++ Deny from cyberthugs.com moreidiots.com ++ Deny from ke ++

++ ++

Using Order will let you ++ be sure that you are actually restricting things to the group that you want ++ to let in, by combining a Deny and an Allow directive:

++ ++

++ Order deny,allow ++ Deny from all ++ Allow from dev.example.com ++

++ ++

Listing just the Allow ++ directive would not do what you want, because it will let folks from that ++ host in, in addition to letting everyone in. What you want is to let ++ only those folks in.

Access control by environment variable

++ ++

++ mod_authz_host, in conjunction with ++ mod_setenvif, can be used to restrict access to ++ your website based on the value of arbitrary environment variables. ++ This is done with the Allow from env= and Deny ++ from env= syntax. ++

++ ++

++ SetEnvIf User-Agent BadBot GoAway=1 ++ Order allow,deny ++ Allow from all ++ Deny from env=GoAway ++

++ ++

Warning:

Access control by User-Agent is an unreliable technique, ++ since the User-Agent header can be set to anything at all, ++ at the whim of the end user.

++ ++

++ In the above example, the environment variable GoAway ++ is set to 1 if the User-Agent matches the ++ string BadBot. Then we deny access for any request when ++ this variable is set. This blocks that particular user agent from ++ the site. ++

++ ++

An environment variable test can be negated using the =! ++ syntax:

++ ++

++ Allow from env=!GoAway ++

++ ++

Access control with mod_rewrite

++ ++

The [F] RewriteRule flag causes a 403 Forbidden ++response to be sent. Using this, you can deny access to a resource based ++on arbitrary criteria.

++ ++

For example, if you wish to block access to a resource between 8pm ++and 6am, you can do this using mod_rewrite.

++ ++

++RewriteEngine On ++RewriteCond %{TIME_HOUR} > 20 [OR] ++RewriteCond %{TIME_HOUR} < 07 ++RewriteRule ^/fridge - [F] ++

++ ++

This will return a 403 Forbidden response for any request after 8pm ++or before 7am. This technique can be used for any criteria that you wish ++to check. You can also redirect, or otherwise rewrite these requests, if ++that approach is preferred.

++ ++

More information

You should also read the documentation for ++ mod_auth_basic and mod_authz_host which ++ contain some more information about how this all works. ++ mod_authn_alias can also help in simplifying certain ++ authentication configurations.

++ ++

See the Authentication and Authorization ++ howto.

Available Languages: en

++ +\ No newline at end of file + +Zmiany atrybutÃ³w dla: docs/manual/howto/access.html.en +___________________________________________________________________ +Nazwa: svn:eol-style + + native + +Index: docs/manual/howto/auth.html.en +=================================================================== +--- docs/manual/howto/auth.html.en (.../tags/2.2.0) (wersja 358411) ++++ docs/manual/howto/auth.html.en (.../branches/2.2.x) (wersja 358411) +@@ -16,7 +16,7 @@ +

+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

Authentication, Authorization and Access Control

++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

Authentication, Authorization and Access Control

Available Languages: en | + ja | +@@ -35,8 +35,7 @@ +

Letting more than one + person in

Possible problems

What other neat stuff can I +-do?

Alternate password storage

More information

+@@ -90,6 +89,9 @@ + of the request, but is not part of the authentication provider + system.

+ ++

You probably also want to take a look at the Access Control howto, which discusses the ++ various ways to control access to your server.

++ +

Introduction

+@@ -100,6 +102,11 @@ + +

This article covers the "standard" way of protecting parts + of your web site that most of you are going to use.

++ ++

Note:

If your data really needs to be secure, consider using ++ mod_ssl in addition to any authentication.

The Prerequisites

+@@ -137,7 +144,12 @@ +

Here's the basics of password protecting a directory on your + server.

+ +-

You'll need to create a password file. This file should be ++

First, you need to create a password file. Exactly how you do ++ this will vary depending on what authentication provider you have ++ chosen. More on that later. To start with, we'll use a text password ++ file.

++ ++

This file should be + placed somewhere not accessible from the web. This is so that + folks cannot download the password file. For example, if your + documents are served out of /usr/local/apache/htdocs you +@@ -146,7 +158,10 @@ + +

To create the file, use the htpasswd utility that + came with Apache. This will be located in the bin directory +- of wherever you installed Apache. To create the file, type:

++ of wherever you installed Apache. If you have installed Apache from ++ a third-party package, it may be in your execution path.

++ ++

To create the file, type:

+ +

+ htpasswd -c /usr/local/apache/passwd/passwords rbowen +@@ -164,8 +179,8 @@ + +

If htpasswd is not in your path, of course + you'll have to type the full path to the file to get it to run. +- On my server, it's located at +- /usr/local/apache/bin/htpasswd


++    With a default installation, it's located at
++    /usr/local/apache2/bin/htpasswd
+ 
+     Next, you'll need to configure the server to request a
+     password and tell the server which users are allowed access.
+@@ -181,6 +196,8 @@
+     

+       AuthType Basic

+       AuthName "Restricted Files"

++      # (Following line optional)

++      AuthBasicProvider file

+       AuthUserFile /usr/local/apache/passwd/passwords

+       Require user rbowen
+     
+@@ -191,9 +208,10 @@
+     implemented by mod_auth_basic. It is important to be aware,
+     however, that Basic authentication sends the password from the client to
+     the server unencrypted. This method should therefore not be used for
+-    highly sensitive data. Apache supports one other authentication method:
+-    AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Only the most recent
+-    versions of clients are known to support Digest authentication.
++    highly sensitive data, unless accompanied by mod_ssl.
++    Apache supports one other authentication method:
++    AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Most recent
++    browsers support Digest authentication.
+ 
+     The AuthName directive sets
+     the Realm to be used in the authentication. The realm serves
+@@ -212,6 +230,12 @@
+     will always need to ask again for the password whenever the
+     hostname of the server changes.
+ 
++    The AuthBasicProvider is,
++    in this case, optional, since file is the default value
++    for this directive. You'll need to use this directive if you are
++    choosing a different source for authentication, such as
++    mod_authn_dbm or mod_authn_dbd.
++
+     The AuthUserFile
+     directive sets the path to the password file that we just
+     created with htpasswd. If you have a large number
+@@ -269,6 +293,8 @@
+     

+       AuthType Basic

+       AuthName "By Invitation Only"

++      # Optional line:
++      AuthBasicProvider file
+       AuthUserFile /usr/local/apache/passwd/passwords

+       AuthGroupFile /usr/local/apache/passwd/groups

+       Require group GroupName
+@@ -317,71 +343,31 @@
+     different authentication method at that time.

+ 

+ 
+-What other neat stuff can I
+-do?
+-    Authentication by username and password is only part of the
+-    story. Frequently you want to let people in based on something
+-    other than who they are. Something such as where they are
+-    coming from.
++Alternate password storage
+ 
+-    The Allow and
+-    Deny directives let
+-    you allow and deny access based on the host name, or host
+-    address, of the machine requesting a document. The
+-    Order directive goes
+-    hand-in-hand with these two, and tells Apache in which order to
+-    apply the filters.
++    Because storing passwords in plain text files has the above
++    problems, you may wish to store your passwords somewhere else, such
++    as in a database.
+ 
+-    The usage of these directives is:
++    mod_authn_dbm and mod_authn_dbd
++    are two modules which make this possible. Rather than selecting
++    AuthBasicSource file,
++    instead you can choose dbm or dbd as your
++    storage format.
+ 
+-    
+-      Allow from address
+-    
++    To select a dbd file rather than a text file, for example:
+ 
+-    where address is an IP address (or a partial IP
+-    address) or a fully qualified domain name (or a partial domain
+-    name); you may provide multiple addresses or domain names, if
+-    desired.
+-
+-    For example, if you have someone spamming your message
+-    board, and you want to keep them out, you could do the
+-    following:
+-
+     
+-      Deny from 205.252.46.165
++    <Directory /www/docs/private>

++    AuthName "Private"

++    AuthType Basic

++    AuthBasicProvider dbm

++    AuthDBMUserFile /www/passwords/passwd.dbm

++    Require valid-user
+     
+ 
+-    Visitors coming from that address will not be able to see
+-    the content covered by this directive. If, instead, you have a
+-    machine name, rather than an IP address, you can use that.
+-
+-    
+-      Deny from host.example.com
+-    
+-
+-    And, if you'd like to block access from an entire domain,
+-    you can specify just part of an address or domain name:
+-
+-    
+-      Deny from 192.101.205

+-      Deny from cyberthugs.com moreidiots.com

+-      Deny from ke
+-    
+-
+-    Using Order will let you
+-    be sure that you are actually restricting things to the group that you want
+-    to let in, by combining a Deny and an Allow directive:
+-
+-    
+-      Order deny,allow

+-      Deny from all

+-      Allow from dev.example.com
+-    
+-
+-    Listing just the Allow
+-    directive would not do what you want, because it will let folks from that
+-    host in, in addition to letting everyone in. What you want is to let
+-    only those folks in.
++    Other options are available. Consult the
++    mod_authn_dbm documentation for more details.
+ 

+ 
+ More information
+@@ -390,6 +376,10 @@
+     contain some more information about how this all works.
+     mod_authn_alias can also help in simplifying certain
+     authentication configurations.
++
++    And you may want to look at the Access
++    Control howto, which discusses a number of related topics.
++
+


+ 
+ Available Languages:  en  |
+Index: docs/manual/howto/cgi.html.en
+===================================================================
+--- docs/manual/howto/cgi.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/cgi.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: Dynamic Content with CGI
++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: Dynamic Content with CGI
+ 
+ Available Languages:  en  |
+  ja  |
+Index: docs/manual/howto/index.xml
+===================================================================
+--- docs/manual/howto/index.xml	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/index.xml	(.../branches/2.2.x)	(wersja 358411)
+@@ -30,18 +30,30 @@
+     How-To / Tutorials
+ 
+     

+-      Authentication
++      Authentication and Authorization
+       
+         Authentication is any process by which you verify that
+         someone is who they claim they are. Authorization is any
+         process by which someone is allowed to be where they want to
+         go, or to have information that they want to have.
+ 
+-        See: Authentication, Authorization, and Access Control
++        See: Authentication, Authorization
+       
+     
+ 
+     
++      Access Control
++      
++        Access control refers to the process of restricting, or
++        granting access to a resource based on arbitrary criteria. There
++        are a variety of different ways that this can be
++        accomplished.
++
++        See: Access Control
++      
++    
++
++   
+       Dynamic Content with CGI
+       
+         The CGI (Common Gateway Interface) defines a way for a web
+Index: docs/manual/howto/ssi.html.ja.euc-jp
+===================================================================
+--- docs/manual/howto/ssi.html.ja.euc-jp	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/ssi.html.ja.euc-jp	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > How-To / ¥Á¥å¡¼¥È¥ê¥¢¥ë
Apache ¥Á¥å¡¼¥È¥ê¥¢¥ë: Server Side Includes ÆþÌç
++Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > How-To / ¥Á¥å¡¼¥È¥ê¥¢¥ë
Apache ¥Á¥å¡¼¥È¥ê¥¢¥ë: Server Side Includes ÆþÌç
+ 
+ Available Languages:  en  |
+  ja  |
+Index: docs/manual/howto/index.xml.ko
+===================================================================
+--- docs/manual/howto/index.xml.ko	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/index.xml.ko	(.../branches/2.2.x)	(wersja 358411)
+@@ -1,7 +1,7 @@
+ 
+ 
+ 
+-
++
+ 
+ 
++
+ 
+ 
++
++
++
++
++How-To / Tutorials
++
++Access Control
++
++

++    Access control refers to any means of controlling access to any
++    resource. This is separate from authentication and authorization.
++
++
++Related Modules and Directives
++
++Access control can be done by several different modules. The most
++important of these is mod_authz_host. Other modules
++discussed in this document include mod_setenvif and
++mod_rewrite.
++
++
++
++Access control by host
++    
++    If you wish to restrict access to portions of your site based on the
++    host address of your visitors, this is most easily done using
++    mod_authz_host.
++    
++
++    The Allow and
++    Deny directives let
++    you allow and deny access based on the host name, or host
++    address, of the machine requesting a document. The
++    Order directive goes
++    hand-in-hand with these two, and tells Apache in which order to
++    apply the filters.
++
++    The usage of these directives is:
++
++    
++      Allow from address
++    
++
++    where address is an IP address (or a partial IP
++    address) or a fully qualified domain name (or a partial domain
++    name); you may provide multiple addresses or domain names, if
++    desired.
++
++    For example, if you have someone spamming your message
++    board, and you want to keep them out, you could do the
++    following:
++
++    
++      Deny from 205.252.46.165
++    
++
++    Visitors coming from that address will not be able to see
++    the content covered by this directive. If, instead, you have a
++    machine name, rather than an IP address, you can use that.
++
++    
++      Deny from host.example.com
++    
++
++    And, if you'd like to block access from an entire domain,
++    you can specify just part of an address or domain name:
++
++    
++      Deny from 192.101.205

++      Deny from cyberthugs.com moreidiots.com

++      Deny from ke
++    
++
++    Using Order will let you
++    be sure that you are actually restricting things to the group that you want
++    to let in, by combining a Deny and an Allow directive:
++
++    
++      Order deny,allow

++      Deny from all

++      Allow from dev.example.com
++    
++
++    Listing just the Allow
++    directive would not do what you want, because it will let folks from that
++    host in, in addition to letting everyone in. What you want is to let
++    only those folks in.
++
++
++Access control by environment variable
++
++    
++    mod_authz_host, in conjunction with
++    mod_setenvif, can be used to restrict access to
++    your website based on the value of arbitrary environment variables.
++    This is done with the Allow from env= and Deny
++    from env= syntax.
++    
++
++    
++    SetEnvIf User-Agent BadBot GoAway=1

++    Order allow,deny

++    Allow from all

++    Deny from env=GoAway
++    
++
++    Warning:
++    Access control by User-Agent is an unreliable technique,
++    since the User-Agent header can be set to anything at all,
++    at the whim of the end user.
++    
++
++    
++    In the above example, the environment variable GoAway
++    is set to 1 if the User-Agent matches the
++    string BadBot. Then we deny access for any request when
++    this variable is set. This blocks that particular user agent from
++    the site.
++    
++
++    An environment variable test can be negated using the =!
++    syntax:
++
++    
++    Allow from env=!GoAway
++    
++
++
++
++Access control with mod_rewrite
++
++The [F] RewriteRule flag causes a 403 Forbidden
++response to be sent. Using this, you can deny access to a resource based
++on arbitrary criteria.
++
++For example, if you wish to block access to a resource between 8pm
++and 6am, you can do this using mod_rewrite.
++
++
++RewriteEngine On

++RewriteCond %{TIME_HOUR} > 20 [OR]

++RewriteCond %{TIME_HOUR} < 07

++RewriteRule ^/fridge - [F]
++
++
++This will return a 403 Forbidden response for any request after 8pm
++or before 7am. This technique can be used for any criteria that you wish
++to check. You can also redirect, or otherwise rewrite these requests, if
++that approach is preferred.
++
++
++
++More information
++    You should also read the documentation for
++    mod_auth_basic and mod_authz_host which
++    contain some more information about how this all works.
++    mod_authn_alias can also help in simplifying certain
++    authentication configurations.
++
++    See the Authentication and Authorization
++    howto.
++
++
++
++
+
+Zmiany atrybutÃ³w dla: docs/manual/howto/access.xml
+___________________________________________________________________
+Nazwa: svn:eol-style
+   + native
+Nazwa: svn:keywords
+   + LastChangedRevision
+
+Index: docs/manual/howto/auth.xml
+===================================================================
+--- docs/manual/howto/auth.xml	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/auth.xml	(.../branches/2.2.x)	(wersja 358411)
+@@ -81,6 +81,10 @@
+   of the request, but is not part of the authentication provider
+   system.
+ 
++  You probably also want to take a look at the Access Control howto, which discusses the
++  various ways to control access to your server.
++
+ 
+ 
+ Introduction
+@@ -91,6 +95,11 @@
+ 
+     This article covers the "standard" way of protecting parts
+     of your web site that most of you are going to use.
++
++    Note:
++    If your data really needs to be secure, consider using
++    mod_ssl in addition to any authentication.
++    
+ 
+ 
+ The Prerequisites
+@@ -128,7 +137,12 @@
+     Here's the basics of password protecting a directory on your
+     server.
+ 
+-    You'll need to create a password file. This file should be
++    
First, you need to create a password file. Exactly how you do
++    this will vary depending on what authentication provider you have
++    chosen. More on that later. To start with, we'll use a text password
++    file.
++
++    This file should be
+     placed somewhere not accessible from the web. This is so that
+     folks cannot download the password file. For example, if your
+     documents are served out of /usr/local/apache/htdocs you
+@@ -137,7 +151,10 @@
+ 
+     
To create the file, use the htpasswd utility that
+     came with Apache. This will be located in the bin directory
+-    of wherever you installed Apache. To create the file, type:
++    of wherever you installed Apache. If you have installed Apache from
++    a third-party package, it may be in your execution path.
++    
++    To create the file, type:
+ 
+     
+       htpasswd -c /usr/local/apache/passwd/passwords rbowen
+@@ -155,8 +172,8 @@
+ 
+     If htpasswd is not in your path, of course
+     you'll have to type the full path to the file to get it to run.
+-    On my server, it's located at
+-    /usr/local/apache/bin/htpasswd
++    With a default installation, it's located at
++    /usr/local/apache2/bin/htpasswd
+ 
+     Next, you'll need to configure the server to request a
+     password and tell the server which users are allowed access.
+@@ -172,6 +189,8 @@
+     
+       AuthType Basic

+       AuthName "Restricted Files"

++      # (Following line optional)

++      AuthBasicProvider file

+       AuthUserFile /usr/local/apache/passwd/passwords

+       Require user rbowen
+     
+@@ -183,10 +202,11 @@
+     implemented by mod_auth_basic. It is important to be aware,
+     however, that Basic authentication sends the password from the client to
+     the server unencrypted. This method should therefore not be used for
+-    highly sensitive data. Apache supports one other authentication method:
++    highly sensitive data, unless accompanied by mod_ssl.
++    Apache supports one other authentication method:
+     AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Only the most recent
+-    versions of clients are known to support Digest authentication.
++    >mod_auth_digest and is much more secure. Most recent
++    browsers support Digest authentication.
+ 
+     The AuthName directive sets
+     the Realm to be used in the authentication. The realm serves
+@@ -205,6 +225,13 @@
+     will always need to ask again for the password whenever the
+     hostname of the server changes.
+ 
++    The AuthBasicProvider is,
++    in this case, optional, since file is the default value
++    for this directive. You'll need to use this directive if you are
++    choosing a different source for authentication, such as
++    mod_authn_dbm or mod_authn_dbd.
++
+     The AuthUserFile
+     directive sets the path to the password file that we just
+     created with htpasswd. If you have a large number
+@@ -266,6 +293,8 @@
+     
+       AuthType Basic

+       AuthName "By Invitation Only"

++      # Optional line:
++      AuthBasicProvider file
+       AuthUserFile /usr/local/apache/passwd/passwords

+       AuthGroupFile /usr/local/apache/passwd/groups

+       Require group GroupName
+@@ -314,73 +343,31 @@
+     different authentication method at that time.
+ 
+ 
+-What other neat stuff can I
+-do?
+-    Authentication by username and password is only part of the
+-    story. Frequently you want to let people in based on something
+-    other than who they are. Something such as where they are
+-    coming from.
++Alternate password storage
+ 
+-    The Allow and
+-    Deny directives let
+-    you allow and deny access based on the host name, or host
+-    address, of the machine requesting a document. The
+-    Order directive goes
+-    hand-in-hand with these two, and tells Apache in which order to
+-    apply the filters.
++    Because storing passwords in plain text files has the above
++    problems, you may wish to store your passwords somewhere else, such
++    as in a database.
+ 
+-    The usage of these directives is:
++    mod_authn_dbm and mod_authn_dbd
++    are two modules which make this possible. Rather than selecting
++    AuthBasicSource file,
++    instead you can choose dbm or dbd as your
++    storage format.
+ 
+-    
+-      Allow from address
+-    
++    To select a dbd file rather than a text file, for example:
+ 
+-    where address is an IP address (or a partial IP
+-    address) or a fully qualified domain name (or a partial domain
+-    name); you may provide multiple addresses or domain names, if
+-    desired.
+-
+-    For example, if you have someone spamming your message
+-    board, and you want to keep them out, you could do the
+-    following:
+-
+     
+-      Deny from 205.252.46.165
++    <Directory /www/docs/private>

++    AuthName "Private"

++    AuthType Basic

++    AuthBasicProvider dbm

++    AuthDBMUserFile /www/passwords/passwd.dbm

++    Require valid-user
+     
+ 
+-    Visitors coming from that address will not be able to see
+-    the content covered by this directive. If, instead, you have a
+-    machine name, rather than an IP address, you can use that.
+-
+-    
+-      Deny from host.example.com
+-    
+-
+-    And, if you'd like to block access from an entire domain,
+-    you can specify just part of an address or domain name:
+-
+-    
+-      Deny from 192.101.205

+-      Deny from cyberthugs.com moreidiots.com

+-      Deny from ke
+-    
+-
+-    Using Order will let you
+-    be sure that you are actually restricting things to the group that you want
+-    to let in, by combining a Deny and an Allow directive:
+-
+-    
+-      Order deny,allow

+-      Deny from all

+-      Allow from dev.example.com
+-    
+-
+-    Listing just the Allow
+-    directive would not do what you want, because it will let folks from that
+-    host in, in addition to letting everyone in. What you want is to let
+-    only those folks in.
++    Other options are available. Consult the
++    mod_authn_dbm documentation for more details.
+ 
+ 
+ More information
+@@ -389,6 +376,10 @@
+     contain some more information about how this all works.
+     mod_authn_alias can also help in simplifying certain
+     authentication configurations.
++
++    And you may want to look at the Access
++    Control howto, which discusses a number of related topics.
++
+ 
+ 
+ 
+Index: docs/manual/howto/htaccess.html.en
+===================================================================
+--- docs/manual/howto/htaccess.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/htaccess.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: .htaccess files
++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: .htaccess files
+ 
+ Available Languages:  en  |
+  ja  |
+Index: docs/manual/howto/cgi.html.ko.euc-kr
+===================================================================
+--- docs/manual/howto/cgi.html.ko.euc-kr	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/cgi.html.ko.euc-kr	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
¾ÆÆÄÄ¡ ÅõÅä¸®¾ó: CGI¸¦ »ç¿ëÇÑ µ¿Àû ÆäÀÌÁö »ý¼º
++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
¾ÆÆÄÄ¡ ÅõÅä¸®¾ó: CGI¸¦ »ç¿ëÇÑ µ¿Àû ÆäÀÌÁö »ý¼º
+ 
+ °¡´ÉÇÑ ¾ð¾î:  en  |
+  ja  |
+Index: docs/manual/howto/ssi.html.en
+===================================================================
+--- docs/manual/howto/ssi.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/ssi.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: Introduction to Server Side Includes
++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Apache Tutorial: Introduction to Server Side Includes
+ 
+ Available Languages:  en  |
+  ja  |
+Index: docs/manual/howto/public_html.html.en
+===================================================================
+--- docs/manual/howto/public_html.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/public_html.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Per-user web directories
++Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials
Per-user web directories
+ 
+ Available Languages:  en  |
+  ja  |
+Index: docs/manual/howto/index.html.ko.euc-kr
+===================================================================
+--- docs/manual/howto/index.html.ko.euc-kr	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/index.html.ko.euc-kr	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,12 +16,14 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2
How-To / ÅõÅä¸®¾ó
++Apache > HTTP Server > Documentation > Version 2.2
How-To / ÅõÅä¸®¾ó
+ 
+ °¡´ÉÇÑ ¾ð¾î:  en  |
+  ja  |
+  ko 
+ 
++ÀÌ ¹®¼´Â ÃÖ½ÅÆÇ ¹ø¿ªÀÌ ¾Æ´Õ´Ï´Ù.
++            ÃÖ±Ù¿¡ º¯°æµÈ ³»¿ëÀº ¿µ¾î ¹®¼¸¦ Âü°íÇÏ¼¼¿ä.
+ 
+ 
+ 
+Index: docs/manual/howto/auth.xml.ko
+===================================================================
+--- docs/manual/howto/auth.xml.ko	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/howto/auth.xml.ko	(.../branches/2.2.x)	(wersja 358411)
+@@ -1,7 +1,7 @@
+ 
+ 
+ 
+-
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
+-mod_imap - Apache HTTP Server
++mod_imagemap - Apache HTTP Server
+ 
+ 
+ 
+@@ -17,9 +17,9 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > ¸ðµâ
++Apache > HTTP Server > Documentation > Version 2.2 > ¸ðµâ
+ 
+-¾ÆÆÄÄ¡ ¸ðµâ mod_imap
++¾ÆÆÄÄ¡ ¸ðµâ mod_imagemap
+ 
+ °¡´ÉÇÑ ¾ð¾î:  en  |
+  ko 
+@@ -28,8 +28,8 @@
+             ÃÖ±Ù¿¡ º¯°æµÈ ³»¿ëÀº ¿µ¾î ¹®¼¸¦ Âü°íÇÏ¼¼¿ä.
+ 
+ 
+-
+-¼³¸í: ¼¹öÃø ÀÌ¹ÌÁö¸Ê(imagemap) Ã³¸®
»óÅÂ: Base
¸ðµâ¸í: imap_module
¼Ò½ºÆÄÀÏ: mod_imap.c
++¸ðµâ¸í:imagemap_module
++¼Ò½ºÆÄÀÏ:mod_imagemap.c
+ ¿ä¾à
+ 
+     ÀÌ ¸ðµâÀº imagemap CGI ÇÁ·Î±×·¥À» ´ë½ÅÇÏ¿©
+@@ -280,7 +280,7 @@
+ »ç¿ëÀå¼Ò:ÁÖ¼¹ö¼³Á¤, °¡»óÈ£½ºÆ®, directory, .htaccess
+ Override ¿É¼Ç:Indexes
+ »óÅÂ:Base
+-¸ðµâ:mod_imap
++¸ðµâ:mod_imagemap
+ 
+     
ImapBase Áö½Ã¾î´Â ÀÌ¹ÌÁö¸Ê ÆÄÀÏ¿¡¼
+     »ç¿ëÇÒ base ±âº»°ªÀ» ¼³Á¤ÇÑ´Ù. ÀÌ¹ÌÁö¸Ê ÆÄÀÏ
+@@ -303,7 +303,7 @@
+ »ç¿ëÀå¼Ò:ÁÖ¼¹ö¼³Á¤, °¡»óÈ£½ºÆ®, directory, .htaccess
+ Override ¿É¼Ç:Indexes
+ »óÅÂ:Base
+-¸ðµâ:mod_imap
++¸ðµâ:mod_imagemap
+ 
+     
ImapDefault Áö½Ã¾î´Â ÀÌ¹ÌÁö¸Ê
+     ÆÄÀÏ¿¡¼ »ç¿ëÇÒ default ±âº»°ªÀ» ¼³Á¤ÇÑ´Ù.
+@@ -322,7 +322,7 @@
+ »ç¿ëÀå¼Ò:ÁÖ¼¹ö¼³Á¤, °¡»óÈ£½ºÆ®, directory, .htaccess
+ Override ¿É¼Ç:Indexes
+ »óÅÂ:Base
+-¸ðµâ:mod_imap
++¸ðµâ:mod_imagemap
+ 
+     
ImapMenu Áö½Ã¾î´Â ÀÌ¹ÌÁö¸Ê ÆÄÀÏ¿¡
+     À¯È¿ÇÑ ÁÂÇ¥¸¦ ÁÖÁö ¾ÊÀº °æ¿ì ÃëÇÒ Çàµ¿À» °áÁ¤ÇÑ´Ù.
+Index: docs/manual/mod/mod_so.html.en
+===================================================================
+--- docs/manual/mod/mod_so.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/mod_so.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -17,7 +17,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > Modules
++Apache > HTTP Server > Documentation > Version 2.2 > Modules
+ 
+ Apache Module mod_so
+ 
+Index: docs/manual/mod/mod_dav.html.ja.euc-jp
+===================================================================
+--- docs/manual/mod/mod_dav.html.ja.euc-jp	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/mod_dav.html.ja.euc-jp	(.../branches/2.2.x)	(wersja 358411)
+@@ -17,7 +17,7 @@
+ 
+ 
+ 
+-Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > ¥â¥¸¥å¡¼¥ë
++Apache > HTTP ¥µ¡¼¥Ð > ¥É¥¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó > ¥Ð¡¼¥¸¥ç¥ó 2.2 > ¥â¥¸¥å¡¼¥ë
+ 
+ Apache ¥â¥¸¥å¡¼¥ë mod_dav
+ 
+Index: docs/manual/mod/mod_authn_anon.html.ko.euc-kr
+===================================================================
+--- docs/manual/mod/mod_authn_anon.html.ko.euc-kr	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/mod_authn_anon.html.ko.euc-kr	(.../branches/2.2.x)	(wersja 358411)
+@@ -17,7 +17,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > ¸ðµâ
++Apache > HTTP Server > Documentation > Version 2.2 > ¸ðµâ
+ 
+ ¾ÆÆÄÄ¡ ¸ðµâ mod_authn_anon
+ 
+Index: docs/manual/mod/directive-dict.html.ko.euc-kr
+===================================================================
+--- docs/manual/mod/directive-dict.html.ko.euc-kr	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/directive-dict.html.ko.euc-kr	(.../branches/2.2.x)	(wersja 358411)
+@@ -16,7 +16,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2
Áö½Ã¾î¸¦ ¼³¸íÇÏ´Âµ¥ »ç¿ëÇÑ ¿ë¾îµé
++Apache > HTTP Server > Documentation > Version 2.2
Áö½Ã¾î¸¦ ¼³¸íÇÏ´Âµ¥ »ç¿ëÇÑ ¿ë¾îµé
+ 
+ °¡´ÉÇÑ ¾ð¾î:  en  |
+  ja  |
+Index: docs/manual/mod/mpm_common.html.en
+===================================================================
+--- docs/manual/mod/mpm_common.html.en	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/mpm_common.html.en	(.../branches/2.2.x)	(wersja 358411)
+@@ -17,7 +17,7 @@
+ 
+ 
+ 
+-Apache > HTTP Server > Documentation > Version 2.2 > Modules
++Apache > HTTP Server > Documentation > Version 2.2 > Modules
+ 
+ Apache MPM Common Directives
+ 
+Index: docs/manual/mod/core.xml.de
+===================================================================
+--- docs/manual/mod/core.xml.de	(.../tags/2.2.0)	(wersja 358411)
++++ docs/manual/mod/core.xml.de	(.../branches/2.2.x)	(wersja 358411)
+@@ -1,7 +1,7 @@
+ 
+ 
+ 
+-
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+ 
++
+ 
+

¼³¸í:	¼¹öÃø ÀÌ¹ÌÁö¸Ê(imagemap) Ã³¸®
»óÅÂ:	Base
¸ðµâ¸í:	imap_module
¼Ò½ºÆÄÀÏ:	mod_imap.c