documentation rebuild

</div>

<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>

<ul id="topics">

<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#logic">Authorization Containers</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>

<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>

</ul><h3 class="directives">Directives</h3>

<ul id="toc">

<li><img alt="" src="../images/down.gif" /> <a href="#authmerging">AuthMerging</a></li>

<li><a href="#comments_section">Comments</a></li></ul></div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>

    <p>Extended authorization providers can be created within the configuration

    file and assigned an alias name.  The alias providers can then be referenced

    through the <code class="directive"><a href="#require">Require</a></code> directive

    in the same way as a base authorization provider.  Besides the ability to

    create and alias an extended provider, it also allows the same extended

    authorization provider to be referenced by multiple locations.

    </p>

    <h3><a name="example" id="example">Example</a></h3>

        <p>The example below creates two different ldap authorization provider

        aliases based on the ldap-group authorization provider.  This example

        allows a single authorization location to check group membership within

        multiple ldap hosts:

        </p>

        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;

    AuthLDAPBindDN cn=youruser,o=ctx

    AuthLDAPBindPassword yourpassword

    AuthLDAPURL ldap://ldap.host/o=ctx

</AuthzProviderAlias>

<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>

    AuthLDAPBindDN cn=yourotheruser,o=dev

    AuthLDAPBindPassword yourotherpassword

    AuthLDAPURL ldap://other.ldap.host/o=dev?cn

</AuthzProviderAlias>

Alias "/secure" "/webpages/secure"

<Directory "/webpages/secure">

    Require all granted

    AuthBasicProvider file

    AuthType Basic

    AuthName LDAP_Protected_Place

    #implied OR operation

    Require ldap-group-alias1

    Require ldap-group-alias2

&lt;/Directory&gt;</pre>

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

<h2><a name="logic" id="logic">Authorization Containers</a></h2>

    <p>The authorization container directives

            Require user superadmin

            <RequireAll>

                Require group admins

                Require ldap-group cn=Administrators,o=Airius

                Require ldap-group "cn=Administrators,o=Airius"

                <RequireAny>

                    Require group sales

                    Require ldap-attribute dept="sales"

        </RequireAny>

        <RequireNone>

            Require group temps

            Require ldap-group cn=Temporary Employees,o=Airius

            Require ldap-group "cn=Temporary Employees,o=Airius"

        </RequireNone>

    </RequireAll>

&lt;/Directory&gt;</pre>

    <code>User-Agent</code> (browser type), <code>Referer</code>, or

    other HTTP request header fields.</p>

    <pre class="prettyprint lang-config">SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in

    <pre class="prettyprint lang-config">SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in

<Directory "/docroot">

    Require env let_me_in

&lt;/Directory&gt;</pre>

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>

    <p>Extended authorization providers can be created within the configuration

    file and assigned an alias name.  The alias providers can then be referenced

    through the <code class="directive"><a href="#require">Require</a></code> directive

    in the same way as a base authorization provider.  Besides the ability to

    create and alias an extended provider, it also allows the same extended

    authorization provider to be referenced by multiple locations.

    </p>

    <h3><a name="example" id="example">Example</a></h3>

        <p>The example below creates two different ldap authorization provider

        aliases based on the ldap-group authorization provider.  This example

        allows a single authorization location to check group membership within

        multiple ldap hosts:

        </p>

        <pre class="prettyprint lang-config">&lt;AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"&gt;

    AuthLDAPBindDN "cn=youruser,o=ctx"

    AuthLDAPBindPassword yourpassword

    AuthLDAPUrl "ldap://ldap.host/o=ctx"

</AuthzProviderAlias>

<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev">

    AuthLDAPBindDN "cn=yourotheruser,o=dev"

    AuthLDAPBindPassword yourotherpassword

    AuthLDAPUrl "ldap://other.ldap.host/o=dev?cn"

</AuthzProviderAlias>

Alias "/secure" "/webpages/secure"

<Directory "/webpages/secure">

    Require all granted

    AuthBasicProvider file

    AuthType Basic

    AuthName LDAP_Protected_Place

    #implied OR operation

    Require ldap-group-alias1

    Require ldap-group-alias2

&lt;/Directory&gt;</pre>

</div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="directive-section"><h2><a name="AuthMerging" id="AuthMerging">AuthMerging</a> <a name="authmerging" id="authmerging">Directive</a></h2>

<h3>See also</h3>

<ul>

<li><a href="../howto/access.html">Access control howto</a></li>

<li><a href="../howto/access.html">Access Control howto</a></li>

<li><a href="#logic">Authorization Containers</a></li>

<li><code class="module"><a href="../mod/mod_authn_core.html">mod_authn_core</a></code></li>

<li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>

<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>

<!-- French translation : Lucien GENTIS -->

<!-- Reviewed by : Vincent Deffontaines -->

<!-- English Revision : 1829392 -->

<!-- English Revision: 1829392:1834205 (outdated) -->

<!--

 Licensed to the Apache Software Foundation (ASF) under one or more

  <variants>

    <variant>en</variant>

    <variant>fr</variant>

    <variant outdated="yes">fr</variant>

  </variants>

</metafile>

        to override the <code class="directive">ProxyIOBufferSize</code> for a specific worker.

        This must be at least 512 or set to 0 for the system default of 8192.

    </td></tr>

    <tr><td>responsefieldsize</td>

        <td>8192</td>

        <td>Adjust the size of the proxy response field buffer. The buffer size

            should be at least the size of the largest expected header size from

            a proxied response. Setting the value to 0 will use the system

            default of 8192 bytes.<br />

        Available in Apache HTTP Server 2.4.34 and later.

    </td></tr>

    <tr><td>keepalive</td>

        <td>Off</td>

        <td><p>This parameter should be used when you have a firewall between your

    environment variables will not exist when this interpolation happens,

    so you may still have to resort to <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>

    for complex rules.  Also note that interpolation is not supported

    within the scheme portion of a URL.  Dynamic determination of the

    scheme can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> as in the

    following example.</p>

    within the scheme/hostname/port portion of a URL. Dynamic determination of

    those fields can be accomplished with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.

    The following example describes how to use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>

    to dynamically set the scheme to http or https:</p>

    <pre class="prettyprint lang-config">RewriteEngine On

    and causes them to substitute the value of an environment

    variable <code>varname</code> for the string <code>${varname}</code>

    in configuration directives if the <var>interpolate</var> option is set.</p>

    <p>Keep this turned off (for server performance) unless you need it!</p>

    <p>The scheme/hostname/port portion of <code class="directive">ProxyPass</code> cannot

    contain variables, please consider using <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> instead.</p>

    <p>Keep this turned off (for server performance) unless you need it!

    Adding variables to <code class="directive">ProxyPass</code> for example may lead to

    using the default mod_proxy's workers configured (that don't allow any fine

    tuning like connections reuse, etc..).</p>

</div>

<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">

<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>

<!-- English Revision: 1834093 -->

<!-- English Revision: 1834093:1834234 (outdated) -->

<!-- French translation : Lucien GENTIS -->

<!-- Reviewed by : Vincent Deffontaines -->