New in Apache HTTP Server 2.4 – Authorization, FCGI Proxy, and Mod_SSL

The authorization container directives <RequireAll>, <RequireAny> and <RequireNone> may be combined with each other and with the Require directive to express complex authorization logic.

The example below expresses the following authorization logic. In order to access the resource, the user must either be the superadmin user, or belong to both the admins group and the Administrators LDAP group and either belong to the sales group or have the LDAP dept attribute sales. Furthermore, in order to access the resource, the user must not belong to either the temps group or the LDAP group Temporary Employees.

<Directory /www/mydocs>

<RequireAll>

<RequireAny>

Require user superadmin
<RequireAll>

Require group admins
Require ldap-group cn=Administrators,o=Airius
<RequireAny>


Require group sales
Require ldap-attribute dept="sales"

</RequireAny>

</RequireAll>

</RequireAny>
<RequireNone>

Require group temps
Require ldap-group cn=Temporary Employees,o=Airius

</RequireNone>


</RequireAll>

</Directory>
Read More New in Apache HTTP Server 2.4 – Authorization, FCGI Proxy, and Mod_SSL

Advertisements