Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
| Description: | Core Authorization |
|---|---|
| Status: | Base |
| Module Identifier: | authz_core_module |
| Source File: | mod_authz_core.c |
| Compatibility: | Available in Apache HTTPD 2.3 and later |
This module provides core authorization capabilities so that
authenticated users can be allowed or denied access to portions
of the web site. mod_authz_core provides the
functionality to register various authorization providers. It is
usually used in conjunction with an authentication
provider module such as mod_authn_file and an
authorization module such as mod_authz_user. It
also allows for advanced logic to be applied to the
authorization processing.
AuthMerging <AuthzProviderAlias> AuthzSendForbiddenOnFailure Require <RequireAll> <RequireAny> <RequireNone>
The authorization container directives
<RequireAll>,
<RequireAny>
and
<RequireNone>
may be combined with each other and with the
Require
directive to express complex authorization logic.
The example below expresses the following authorization logic.
In order to access the resource, the user must either be the
superadmin user, or belong to both the
admins group and the Administrators LDAP
group and either belong to the sales group or
have the LDAP dept attribute sales.
Furthermore, in order to access the resource, the user must
not belong to either the temps group or the
LDAP group Temporary Employees.
<Directory "/www/mydocs">
<RequireAll>
<RequireAny>
Require user superadmin
<RequireAll>
Require group admins
Require ldap-group "cn=Administrators,o=Airius"
<RequireAny>
Require group sales
Require ldap-attribute dept="sales"
</RequireAny>
</RequireAll>
</RequireAny>
<RequireNone>
Require group temps
Require ldap-group "cn=Temporary Employees,o=Airius"
</RequireNone>
</RequireAll>
</Directory>