a1ad96ae397dcfc3d5599181ccc29381c7674cc6 1667676 |
|
19-Mar-2015 |
jkaluza |
* mod_access_compat, mod_authz_host: Handle '#' character.
For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'. |
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81 709838 |
|
02-Nov-2008 |
chrisd |
Fix handling of authz configurations, make default authz logic replicate
2.2.x authz logic and support existing configurations (including .htaccess
files), and replace <Satisfy*>, Reject, and AuthzMergeRules directives
with Match, <Match*>, and AuthzMerge directives. |
a72211e92bab814bfa28ee086ca9b2a1a6095c92 644525 |
|
03-Apr-2008 |
chrisd |
Avoid calling access control hooks for internal requests with
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files. |
0d26b42fc1735e110c6dc83b114c56257b20070b 534533 |
|
02-May-2007 |
bnicholes |
re-introduce ap_satisfies API back into core and modify how the access_checker, check_user_id and auth_checker hooks are called so that they respect the precedence that is set through the satisfy ALL/ANY directive. This also restores the directives order, allow, deny, satisfyas supported directives rather than being deprecated. These directives still remain in mod_access_compat however. |