| Description: | Core Authorization |
|---|---|
| Status: | Base |
| Moduledentifier: | authz_core_module |
| Sourceile: | mod_authz_core.c |
| Compatibility: | Available in Apache HTTPD 2.3 and later |
This module provides core authorization functions. Authenticated users can allow or deny access to some websites. mod_authz_core Various authorization providers provide registration functionality. It is usually with
Used together with authentication provider modules such as mod_authn_file mod_authz_user etc. and authorization modules. It also allows advanced logic to be applied to authorization processing.
The following example creates two different ldap authorization providers based on aliases of the ldap-group authorization provider. This example allows an authorized location to check multiple ldap group memberships within a host:
<AuthzProviderAlias ldap-group ldap-group-alias1 cn=<span>my</span>-group,o=ctx><span>
AuthLDAPBindDN cn</span>=youruser,o=<span>ctx
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap</span>://ldap.host/o=<span>ctx
</span></AuthzProviderAlias>
<AuthzProviderAlias ldap-group ldap-group-alias2 cn=<span>my</span>-other-group,o=dev><span>
AuthLDAPBindDN cn</span>=yourotheruser,o=<span>dev
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap</span>://other.ldap.host/o=dev?<span>cn
</span></AuthzProviderAlias><span>
Alias </span>/secure /webpages/<span>secure
</span><Directory /webpages/secure>
<span>Require</span><span> all granted
AuthBasicProvider file
AuthType Basic
AuthName LDAP_Protected_Place
</span><span>#</span><span>implied OR operation</span>
<span>Require</span> ldap-group-<span>alias1
</span><span>Require</span> ldap-group-<span>alias2
</span></Directory>The authorization container directives < RequireAll >, < RequireAny > and < RequireNone > can be combined with each other, requiring directives to express complex authorization logic.
The following example expresses the following authorization logic. In order to access the resource, the user must be the superadmin user, or be in the Admin group and Administrators LDAP group and belong to the Sales group or LDAP attribute Sales department. Additionally, in order to access resources, the user must not belong to the Temporary Workers group or the LDAP Group Temporary Employees.
<Directory /www/mydocs>
<RequireAll>
<RequireAny>
<span>Require</span><span> user superadmin
</span><RequireAll>
<span>Require</span><span> group admins
</span><span>Require</span> ldap-group cn=Administrators,o=<span>Airius
</span><RequireAny>
<span>Require</span><span> group sales
</span><span>Require</span> ldap-attribute dept=<span>"</span><span>sales</span><span>"</span>
</RequireAny>
</RequireAll>
</RequireAny>
<RequireNone>
<span>Require</span><span> group temps
</span><span>Require</span> ldap-group cn=Temporary Employees,o=<span>Airius
</span></RequireNone>
</RequireAll>
</Directory>mod_authz_core provides some directives that general authorization providers can use.
The env provider allows access control to the server based on the presence of an environment variable. When you need to specify the env-variable of env, then request to be allowed to access the environment variable whether the env-variable exists. The server can set environment variables in a flexible manner based on the features requested by the client using the directive provided by mod_setenvif. Therefore, this directive can be used to allow access to a client based on factors such as user agent (browser type), referrer or other HTTP request header fields.
SetEnvIf User-Agent ^KnockKnock/<span>2</span>\.<span>0</span><span> let_me_in
</span><Directory /docroot>
<span>Require</span><span> env let_me_in
</span></Directory>In this case, the browser's user-agent string, KnockKnock/2.0 will be allowed access, and everyone else will be denied.
When the server looks for paths inside subrequests such as DirectoryIndex by looking at mod_autoindex or generating a directory listing, the per-request subrequest environment variable is not inherited. Additionally, the SetEnvIf directive does not evaluate separate subrequests due to the API phase used by mod_setenvif.
Original text: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
The command installation you mentioned must be on Linux system
There are two methods
1. RPM package installation
The easiest way is to use yum -y install httpd and that's it
2 , source code installation, download the version you want, and then follow the steps below
#tar zxvf apache 2.4.*
#cd apache2.4.*
#configure
#make
#make install
That’s it
Wu Chaoyang
[authoritative expert]
No need to look for it, it can’t be solved. A common problem under win, apache technology is not a product of win. It is recommended to use iis under win and trust Microsoft's technology.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
