Home >Backend Development >PHP Tutorial >Apache2.4 authz_core_module module usage, authzcoreerror_PHP tutorial

Apache2.4 authz_core_module module usage, authzcoreerror_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:21:592096browse

Apache2.4 authz_core_module module is used, authzcoreerror

Description: Core Authorization
Status: Base
Moduledentifier: authz_core_module
Sourceile: mod_authz_core.c
Compatibility: Available in Apache HTTPD 2.3 and later

This module provides core authorization functions. Authenticated users can allow or deny access to some websites. mod_authz_core Various authorization providers provide registration functionality. It is usually with

Used together with authentication provider modules such as mod_authn_file mod_authz_user etc. and authorization modules. It also allows advanced logic to be applied to authorization processing.

Example

The following example creates two different ldap authorization providers based on aliases of the ldap-group authorization provider. This example allows an authorized location to check multiple ldap group memberships within a host:

<AuthzProviderAlias ldap-group ldap-group-alias1 cn=<span>my</span>-group,o=ctx><span>
    AuthLDAPBindDN cn</span>=youruser,o=<span>ctx
    AuthLDAPBindPassword yourpassword
    AuthLDAPURL ldap</span>://ldap.host/o=<span>ctx
</span></AuthzProviderAlias>

<AuthzProviderAlias ldap-group ldap-group-alias2 cn=<span>my</span>-other-group,o=dev><span>
    AuthLDAPBindDN cn</span>=yourotheruser,o=<span>dev
    AuthLDAPBindPassword yourotherpassword
    AuthLDAPURL ldap</span>://other.ldap.host/o=dev?<span>cn
</span></AuthzProviderAlias><span>

Alias </span>/secure /webpages/<span>secure
</span><Directory /webpages/secure>
    <span>Require</span><span> all granted
    
    AuthBasicProvider file
    
    AuthType Basic
    AuthName LDAP_Protected_Place
    
    </span><span>#</span><span>implied OR operation</span>
    <span>Require</span> ldap-group-<span>alias1
    </span><span>Require</span> ldap-group-<span>alias2
</span></Directory>

Authorization Containers

The authorization container directives a8451d0119df2639f67f93f9426f7790, 60abab5f94a6593a6ae9b2bc9dc72ccd and 0b6cfdf5bfb12e54396d782d5122a499 can be combined with each other, requiring directives to express complex authorization logic.

The following example expresses the following authorization logic. In order to access the resource, the user must be the superadmin user, or be in the Admin group and Administrators LDAP group and belong to the Sales group or LDAP attribute Sales department. Additionally, in order to access resources, the user must not belong to the Temporary Workers group or the LDAP Group Temporary Employees.

<Directory /www/mydocs>
    <RequireAll>
        <RequireAny>
            <span>Require</span><span> user superadmin
            </span><RequireAll>
                <span>Require</span><span> group admins
                </span><span>Require</span> ldap-group cn=Administrators,o=<span>Airius
                </span><RequireAny>
                    <span>Require</span><span> group sales
                    </span><span>Require</span> ldap-attribute dept=<span>"</span><span>sales</span><span>"</span>
                </RequireAny>
            </RequireAll>
        </RequireAny>
        <RequireNone>
            <span>Require</span><span> group temps
            </span><span>Require</span> ldap-group cn=Temporary Employees,o=<span>Airius
        </span></RequireNone>
    </RequireAll>
</Directory>

mod_authz_core provides some directives that general authorization providers can use.

Require env

The env provider allows access control to the server based on the presence of an environment variable. When you need to specify the env-variable of env, then request to be allowed to access the environment variable whether the env-variable exists. The server can set environment variables in a flexible manner based on the features requested by the client using the directive provided by mod_setenvif. Therefore, this directive can be used to allow access to a client based on factors such as user agent (browser type), referrer or other HTTP request header fields.

SetEnvIf User-Agent ^KnockKnock/<span>2</span>\.<span>0</span><span> let_me_in
</span><Directory /docroot>
    <span>Require</span><span> env let_me_in
</span></Directory>

In this case, the browser's user-agent string, KnockKnock/2.0 will be allowed access, and everyone else will be denied.

When the server looks for paths inside subrequests such as DirectoryIndex by looking at mod_autoindex or generating a directory listing, the per-request subrequest environment variable is not inherited. Additionally, the SetEnvIf directive does not evaluate separate subrequests due to the API phase used by mod_setenvif.

Original text: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html

How to install apache 24 with commands

The command installation you mentioned must be on Linux system
There are two methods
1. RPM package installation
The easiest way is to use yum -y install httpd and that's it
2 , source code installation, download the version you want, and then follow the steps below
#tar zxvf apache 2.4.*
#cd apache2.4.*
#configure
#make
#make install
That’s it
Wu Chaoyang [authoritative expert]

apache24 will die after a while. Please give me some advice

No need to look for it, it can’t be solved. A common problem under win, apache technology is not a product of win. It is recommended to use iis under win and trust Microsoft's technology.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/852741.htmlTechArticleApache2.4 authz_core_module module usage, authzcoreerror Description: Core Authorization Status: Base Moduledentifier: authz_core_module Sourceile: mod_authz_core.c Compatibility :...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn