diff options
33 files changed, 275 insertions, 78 deletions
diff --git a/docs/manual/convenience.map b/docs/manual/convenience.map index d854a7dc3a..dce68daaea 100644 --- a/docs/manual/convenience.map +++ b/docs/manual/convenience.map @@ -370,6 +370,24 @@ maxrequestworkers mod/mpm_common.html#maxrequestworkers maxspareservers mod/prefork.html#maxspareservers maxsparethreads mod/mpm_common.html#maxsparethreads maxthreads mod/mpm_netware.html#maxthreads +mdbaseserver mod/mod_md.html#mdbaseserver +mdcachallenges mod/mod_md.html#mdcachallenges +mdcertificateagreement mod/mod_md.html#mdcertificateagreement +mdcertificateauthority mod/mod_md.html#mdcertificateauthority +mdcertificateprotocol mod/mod_md.html#mdcertificateprotocol +mddrivemode mod/mod_md.html#mddrivemode +mdhttpproxy mod/mod_md.html#mdhttpproxy +mdmember mod/mod_md.html#mdmember +mdmembers mod/mod_md.html#mdmembers +mdmuststaple mod/mod_md.html#mdmuststaple +mdnotifycmd mod/mod_md.html#mdnotifycmd +mdomain mod/mod_md.html#mdomain +mdomainset mod/mod_md.html#mdomainset +mdportmap mod/mod_md.html#mdportmap +mdprivatekeys mod/mod_md.html#mdprivatekeys +mdrenewwindow mod/mod_md.html#mdrenewwindow +mdrequirehttps mod/mod_md.html#mdrequirehttps +mdstoredir mod/mod_md.html#mdstoredir memcacheconnttl mod/mod_socache_memcache.html#memcacheconnttl mergetrailers mod/core.html#mergetrailers metadir mod/mod_cern_meta.html#metadir @@ -461,6 +479,8 @@ remoteipheader mod/mod_remoteip.html#remoteipheader remoteipinternalproxy mod/mod_remoteip.html#remoteipinternalproxy remoteipinternalproxylist mod/mod_remoteip.html#remoteipinternalproxylist remoteipproxiesheader mod/mod_remoteip.html#remoteipproxiesheader +remoteipproxyprotocol mod/mod_remoteip.html#remoteipproxyprotocol +remoteipproxyprotocolexceptions mod/mod_remoteip.html#remoteipproxyprotocolexceptions remoteiptrustedproxy mod/mod_remoteip.html#remoteiptrustedproxy remoteiptrustedproxylist mod/mod_remoteip.html#remoteiptrustedproxylist removecharset mod/mod_mime.html#removecharset diff --git a/docs/manual/mod/directives.html.de b/docs/manual/mod/directives.html.de index 693b9beb7f..2e619aba72 100644 --- a/docs/manual/mod/directives.html.de +++ b/docs/manual/mod/directives.html.de @@ -521,6 +521,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index c421f3d4e4..7bf3078f11 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -522,6 +522,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.es b/docs/manual/mod/directives.html.es index 07a1213de9..62de0fd457 100644 --- a/docs/manual/mod/directives.html.es +++ b/docs/manual/mod/directives.html.es @@ -524,6 +524,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.ja.utf8 b/docs/manual/mod/directives.html.ja.utf8 index 05d50f8164..6a6ef51a1e 100644 --- a/docs/manual/mod/directives.html.ja.utf8 +++ b/docs/manual/mod/directives.html.ja.utf8 @@ -519,6 +519,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.ko.euc-kr b/docs/manual/mod/directives.html.ko.euc-kr index 31417e3c42..1250bf929e 100644 --- a/docs/manual/mod/directives.html.ko.euc-kr +++ b/docs/manual/mod/directives.html.ko.euc-kr @@ -519,6 +519,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.tr.utf8 b/docs/manual/mod/directives.html.tr.utf8 index 7b4768d49f..abe04bac67 100644 --- a/docs/manual/mod/directives.html.tr.utf8 +++ b/docs/manual/mod/directives.html.tr.utf8 @@ -518,6 +518,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/directives.html.zh-cn.utf8 b/docs/manual/mod/directives.html.zh-cn.utf8 index 63a6ee79a4..06f86fd5cb 100644 --- a/docs/manual/mod/directives.html.zh-cn.utf8 +++ b/docs/manual/mod/directives.html.zh-cn.utf8 @@ -517,6 +517,8 @@ <li><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li> diff --git a/docs/manual/mod/index.html.de b/docs/manual/mod/index.html.de index 4e4997725c..a12a4b3639 100644 --- a/docs/manual/mod/index.html.de +++ b/docs/manual/mod/index.html.de @@ -205,6 +205,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.en b/docs/manual/mod/index.html.en index 08afdd88c5..ce2b717584 100644 --- a/docs/manual/mod/index.html.en +++ b/docs/manual/mod/index.html.en @@ -201,6 +201,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.es b/docs/manual/mod/index.html.es index aa3d8fdf06..13531a3cc3 100644 --- a/docs/manual/mod/index.html.es +++ b/docs/manual/mod/index.html.es @@ -206,6 +206,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.ja.utf8 b/docs/manual/mod/index.html.ja.utf8 index 8bcb4d5c4f..ec87c617c7 100644 --- a/docs/manual/mod/index.html.ja.utf8 +++ b/docs/manual/mod/index.html.ja.utf8 @@ -193,6 +193,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.ko.euc-kr b/docs/manual/mod/index.html.ko.euc-kr index 040703af34..852a8c015f 100644 --- a/docs/manual/mod/index.html.ko.euc-kr +++ b/docs/manual/mod/index.html.ko.euc-kr @@ -191,6 +191,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.tr.utf8 b/docs/manual/mod/index.html.tr.utf8 index 6313343ebc..6289d9f321 100644 --- a/docs/manual/mod/index.html.tr.utf8 +++ b/docs/manual/mod/index.html.tr.utf8 @@ -197,6 +197,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/index.html.zh-cn.utf8 b/docs/manual/mod/index.html.zh-cn.utf8 index 2a20b708eb..860a905927 100644 --- a/docs/manual/mod/index.html.zh-cn.utf8 +++ b/docs/manual/mod/index.html.zh-cn.utf8 @@ -196,6 +196,7 @@ from Clients' networks in a proxy context.</dd> <dt><a href="mod_proxy_http2.html">mod_proxy_http2</a></dt><dd>HTTP/2 support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_scgi.html">mod_proxy_scgi</a></dt><dd>SCGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> +<dt><a href="mod_proxy_uwsgi.html">mod_proxy_uwsgi</a></dt><dd>UWSGI gateway module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_proxy_wstunnel.html">mod_proxy_wstunnel</a></dt><dd>Websockets support module for <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></dd> <dt><a href="mod_ratelimit.html" id="R" name="R">mod_ratelimit</a></dt><dd>Bandwidth Rate Limiting for Clients</dd> diff --git a/docs/manual/mod/mod_remoteip.html.en b/docs/manual/mod/mod_remoteip.html.en index cd829fc56c..ceaeb21ba2 100644 --- a/docs/manual/mod/mod_remoteip.html.en +++ b/docs/manual/mod/mod_remoteip.html.en @@ -47,6 +47,12 @@ via the request headers. with the useragent IP address reported in the request header configured with the <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive.</p> + <p>Additionally, this module implements the server side of + HAProxy's + <a href="http://blog.haproxy.com/haproxy/proxy-protocol/">PROXY Protocol</a> when + using the <code class="directive"><a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></code> + directive.</p> + <p>Once replaced as instructed, this overridden useragent IP address is then used for the <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> <code class="directive"><a href="../mod/mod_authz_core.html#require">Require ip</a></code> @@ -69,6 +75,8 @@ via the request headers. <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li> </ul> @@ -77,6 +85,7 @@ via the request headers. <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li> <li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li> <li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li> +<li><a href="http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt">Proxy Protocol Spec</a></li> <li><a href="#comments_section">Comments</a></li></ul></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> @@ -216,6 +225,77 @@ RemoteIPProxiesHeader X-Forwarded-By</pre> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="RemoteIPProxyProtocol" id="RemoteIPProxyProtocol">RemoteIPProxyProtocol</a> <a name="remoteipproxyprotocol" id="remoteipproxyprotocol">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable or disable PROXY protocol handling</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RemoteIPProxyProtocol On|Off</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>RemoteIPProxyProtocol is only available in httpd 2.4.28 and newer</td></tr> +</table> + <p>The <code class="directive">RemoteIPProxyProtocol</code> directive enables or + disables the reading and handling of the PROXY protocol connection header. + If enabled with the <code>On</code> flag, the upstream client <em>must</em> + send the header every time it opens a connection or the connection will + be aborted unless it is in the list of disabled hosts provided by the + <code class="directive"><a href="#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></code> + directive.</p> + + <p>While this directive may be specified in any virtual host, it is + important to understand that because the PROXY protocol is connection + based and protocol agnostic, the enabling and disabling is actually based + on IP address and port. This means that if you have multiple name-based + virtual hosts for the same host and port, and you enable it for any one of + them, then it is enabled for all of them (with that host and port). It also + means that if you attempt to enable the PROXY protocol in one and disable + in the other, that won't work; in such a case, the last one wins and a + notice will be logged indicating which setting was being overridden.</p> + + <pre class="prettyprint lang-config">Listen 80 +<VirtualHost *:80> + ServerName www.example.com + RemoteIPProxyProtocol On + + #Requests to this virtual host must have a PROXY protocol + # header provided. If it is missing, the connection will + # be aborted +</VirtualHost> + +Listen 8080 +<VirtualHost *:8080> + ServerName www.example.com + RemoteIPProxyProtocol On + RemoteIPProxyProtocolExceptions 127.0.0.1 10.0.0.0/8 + + #Requests to this virtual host must have a PROXY protocol + # header provided. If it is missing, the connection will + # be aborted except when coming from localhost or the + # 10.x.x.x RFC1918 range +</VirtualHost></pre> + + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="RemoteIPProxyProtocolExceptions" id="RemoteIPProxyProtocolExceptions">RemoteIPProxyProtocolExceptions</a> <a name="remoteipproxyprotocolexceptions" id="remoteipproxyprotocolexceptions">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Disable processing of PROXY header for certain hosts or networks</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>RemoteIPProxyProtocolExceptions is only available in httpd 2.4.28 and newer</td></tr> +</table> + <p>The <code class="directive">RemoteIPProxyProtocol</code> directive enables or + disables the reading and handling of the PROXY protocol connection header. + Sometimes it is desirable to require clients to provide the PROXY header, but + permit other clients to connect without it. This directive allows a server + administrator to configure a single host or CIDR range of hosts that may do + so. This is generally useful for monitoring and administrative traffic to a + virtual host direct to the server behind the upstream load balancer.</p> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="RemoteIPTrustedProxy" id="RemoteIPTrustedProxy">RemoteIPTrustedProxy</a> <a name="remoteiptrustedproxy" id="remoteiptrustedproxy">Directive</a></h2> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 730dc3a9a0..2fa37d4a7b 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -1504,7 +1504,8 @@ The available (case-insensitive) <em>protocol</em>s are:</p> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded CA Certificates for Remote Server Auth</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCACertificateFile <em>file-path</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1525,7 +1526,8 @@ preference. This can be used alternatively and/or additionally to <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded CA Certificates for Remote Server Auth</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCACertificatePath <em>directory-path</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1549,7 +1551,8 @@ contains the appropriate symbolic links.</p> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable CRL-based revocation checking for Remote Server Auth</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCARevocationCheck chain|leaf|none</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCARevocationCheck none</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1586,7 +1589,8 @@ to succeed - otherwise it will fail with an <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded CA CRLs for Remote Server Auth</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCARevocationFile <em>file-path</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1607,7 +1611,8 @@ used alternatively and/or additionally to <code class="directive"><a href="#sslp <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded CA CRLs for Remote Server Auth</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCARevocationPath <em>directory-path</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1632,7 +1637,8 @@ contains the appropriate symbolic links.</p> </td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCheckPeerCN on|off</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCheckPeerCN on</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1673,7 +1679,8 @@ SSLProxyCheckPeerName off</pre> </td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCheckPeerExpire on|off</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCheckPeerExpire on</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1693,7 +1700,8 @@ sent. </td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCheckPeerName on|off</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCheckPeerName on</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.4.5 and later</td></tr> @@ -1733,8 +1741,8 @@ improvements. proxy handshake</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyCipherSuite <em>cipher-spec</em></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> -<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1750,7 +1758,8 @@ for additional information.</p> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>SSL Proxy Engine Operation Switch</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyEngine on|off</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyEngine off</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1779,7 +1788,7 @@ server to proxy SSL/TLS requests.</p> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificateChainFile <em>filename</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1808,7 +1817,7 @@ SSLProxyCACertificateFile</a></code>.</p> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificateFile <em>filename</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1833,7 +1842,7 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>. <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyMachineCertificatePath <em>directory</em></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1858,8 +1867,8 @@ directory contains the appropriate symbolic links.</p> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Configure usable SSL protocol flavors for proxy usage</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyProtocol [+|-]<em>protocol</em> ...</code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyProtocol all -SSLv3 (up to 2.4.16: all)</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> -<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Options</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1879,7 +1888,8 @@ for additional information. <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Type of remote server Certificate verification</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerify <em>level</em></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerify none</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> @@ -1916,7 +1926,8 @@ authentication (but can be used to establish SSL test pages, etc.)</p> Certificate verification</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLProxyVerifyDepth <em>number</em></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SSLProxyVerifyDepth 1</code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, proxy section</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>Not applicable</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr> </table> diff --git a/docs/manual/mod/overrides.html.en b/docs/manual/mod/overrides.html.en index 20b84da9b9..ee5389e5ff 100644 --- a/docs/manual/mod/overrides.html.en +++ b/docs/manual/mod/overrides.html.en @@ -351,23 +351,20 @@ user authentication</td></tr> <tr><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> <tr><td colspan="2" class="descr">Cipher Suite available for negotiation in SSL handshake</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr class="odd"><td colspan="2" class="descr">Cipher Suite available for negotiation in SSL -proxy handshake</td></tr> -<tr><td><a href="mod_ssl.html#sslrenegbuffersize">SSLRenegBufferSize</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr><td colspan="2" class="descr">Set the size for the SSL renegotiation buffer</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslrequire">SSLRequire</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr class="odd"><td colspan="2" class="descr">Allow access only when an arbitrarily complex +<tr class="odd"><td><a href="mod_ssl.html#sslrenegbuffersize">SSLRenegBufferSize</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Set the size for the SSL renegotiation buffer</td></tr> +<tr><td><a href="mod_ssl.html#sslrequire">SSLRequire</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Allow access only when an arbitrarily complex boolean expression is true</td></tr> -<tr><td><a href="mod_ssl.html#sslrequiressl">SSLRequireSSL</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr><td colspan="2" class="descr">Deny access when SSL is not used for the +<tr class="odd"><td><a href="mod_ssl.html#sslrequiressl">SSLRequireSSL</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Deny access when SSL is not used for the HTTP request</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslusername">SSLUserName</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr class="odd"><td colspan="2" class="descr">Variable name to determine user name</td></tr> -<tr><td><a href="mod_ssl.html#sslverifyclient">SSLVerifyClient</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr><td colspan="2" class="descr">Type of Client Certificate verification</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslverifydepth">SSLVerifyDepth</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr class="odd"><td colspan="2" class="descr">Maximum depth of CA Certificates in Client +<tr><td><a href="mod_ssl.html#sslusername">SSLUserName</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Variable name to determine user name</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslverifyclient">SSLVerifyClient</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Type of Client Certificate verification</td></tr> +<tr><td><a href="mod_ssl.html#sslverifydepth">SSLVerifyDepth</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Maximum depth of CA Certificates in Client Certificate verification</td></tr> </table></div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a name="override-fileinfo">FileInfo</a></h2> <p> @@ -672,6 +669,48 @@ except the named ones</td></tr> <tr><td colspan="2" class="descr">Controls the default access state and the order in which <code class="directive">Allow</code> and <code class="directive">Deny</code> are evaluated.</td></tr> +</table></div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a name="override-not applicable">Not applicable</a></h2> + <p><em> + [This section has no description. It's possible that the documentation is + incomplete, or that the directives here have an incorrect or misspelled + Override type. Please consider reporting this in the + <a href="#comments_section">comments section</a>.] + </em></p> + <table class="qref"><tr><td><a href="mod_ssl.html#sslproxycacertificatefile">SSLProxyCACertificateFile</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">File of concatenated PEM-encoded CA Certificates +for Remote Server Auth</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxycacertificatepath">SSLProxyCACertificatePath</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Directory of PEM-encoded CA Certificates for +Remote Server Auth</td></tr> +<tr><td><a href="mod_ssl.html#sslproxycarevocationcheck">SSLProxyCARevocationCheck</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Enable CRL-based revocation checking for Remote Server Auth</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxycarevocationfile">SSLProxyCARevocationFile</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">File of concatenated PEM-encoded CA CRLs for +Remote Server Auth</td></tr> +<tr><td><a href="mod_ssl.html#sslproxycarevocationpath">SSLProxyCARevocationPath</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Directory of PEM-encoded CA CRLs for +Remote Server Auth</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxycheckpeercn">SSLProxyCheckPeerCN</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Whether to check the remote server certificate's CN field +</td></tr> +<tr><td><a href="mod_ssl.html#sslproxycheckpeerexpire">SSLProxyCheckPeerExpire</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Whether to check if remote server certificate is expired +</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Configure host name checking for remote server certificates +</td></tr> +<tr><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Cipher Suite available for negotiation in SSL +proxy handshake</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">SSL Proxy Engine Operation Switch</td></tr> +<tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Configure usable SSL protocol flavors for proxy usage</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr class="odd"><td colspan="2" class="descr">Type of remote server Certificate verification</td></tr> +<tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> +<tr><td colspan="2" class="descr">Maximum depth of CA Certificates in Remote Server +Certificate verification</td></tr> </table></div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a name="override-options">Options</a></h2> <p> The following directives are allowed in .htaccess files when @@ -702,10 +741,8 @@ directory</td></tr> <tr><td colspan="2" class="descr">Reflect an input header to the output headers</td></tr> <tr class="odd"><td><a href="mod_ssl.html#ssloptions">SSLOptions</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> <tr class="odd"><td colspan="2" class="descr">Configure various SSL engine run-time options</td></tr> -<tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol</a></td><td class="module"><a href="mod_ssl.html">mod_ssl</a></td></tr> -<tr><td colspan="2" class="descr">Configure usable SSL protocol flavors for proxy usage</td></tr> -<tr class="odd"><td><a href="mod_include.html#xbithack">XBitHack</a></td><td class="module"><a href="mod_include.html">mod_include</a></td></tr> -<tr class="odd"><td colspan="2" class="descr">Parse SSI directives in files with the execute bit +<tr><td><a href="mod_include.html#xbithack">XBitHack</a></td><td class="module"><a href="mod_include.html">mod_include</a></td></tr> +<tr><td colspan="2" class="descr">Parse SSI directives in files with the execute bit set</td></tr> </table></div></div></div><div class="bottomlang"> <p><span>Available Languages: </span><a href="../en/mod/overrides.html" title="English"> en </a></p> diff --git a/docs/manual/mod/quickreference.html.de b/docs/manual/mod/quickreference.html.de index 1e0b906efe..f0d9dc30aa 100644 --- a/docs/manual/mod/quickreference.html.de +++ b/docs/manual/mod/quickreference.html.de @@ -56,6 +56,7 @@ <tr><th>v</th><td>Virtual Host</td></tr> <tr><th>d</th><td>Verzeichnis</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>C</th><td>Core</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -839,6 +840,8 @@ a different URL</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -1045,12 +1048,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index 7c840f1ea1..3865c8c864 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -54,6 +54,7 @@ <tr><th>v</th><td>virtual host</td></tr> <tr><th>d</th><td>directory</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th>p</th><td>proxy section</td></tr> </table></td> <td><table><tr><th>C</th><td>Core</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -831,6 +832,8 @@ a different URL</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -1018,30 +1021,30 @@ handshake</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslpassphrasedialog">SSLPassPhraseDialog <em>type</em></a></td><td> builtin </td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of pass phrase dialog for encrypted private keys</td></tr> <tr><td><a href="mod_ssl.html#sslprotocol">SSLProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL/TLS protocol versions</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxycacertificatefile">SSLProxyCACertificateFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA Certificates +<tr class="odd"><td><a href="mod_ssl.html#sslproxycacertificatefile">SSLProxyCACertificateFile <em>file-path</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA Certificates for Remote Server Auth</td></tr> -<tr><td><a href="mod_ssl.html#sslproxycacertificatepath">SSLProxyCACertificatePath <em>directory-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded CA Certificates for +<tr><td><a href="mod_ssl.html#sslproxycacertificatepath">SSLProxyCACertificatePath <em>directory-path</em></a></td><td></td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Directory of PEM-encoded CA Certificates for Remote Server Auth</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxycarevocationcheck">SSLProxyCARevocationCheck chain|leaf|none</a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable CRL-based revocation checking for Remote Server Auth</td></tr> -<tr><td><a href="mod_ssl.html#sslproxycarevocationfile">SSLProxyCARevocationFile <em>file-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded CA CRLs for +<tr class="odd"><td><a href="mod_ssl.html#sslproxycarevocationcheck">SSLProxyCARevocationCheck chain|leaf|none</a></td><td> none </td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Enable CRL-based revocation checking for Remote Server Auth</td></tr> +<tr><td><a href="mod_ssl.html#sslproxycarevocationfile">SSLProxyCARevocationFile <em>file-path</em></a></td><td></td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded CA CRLs for Remote Server Auth</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxycarevocationpath">SSLProxyCARevocationPath <em>directory-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded CA CRLs for +<tr class="odd"><td><a href="mod_ssl.html#sslproxycarevocationpath">SSLProxyCARevocationPath <em>directory-path</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded CA CRLs for Remote Server Auth</td></tr> -<tr><td><a href="mod_ssl.html#sslproxycheckpeercn">SSLProxyCheckPeerCN on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Whether to check the remote server certificate's CN field +<tr><td><a href="mod_ssl.html#sslproxycheckpeercn">SSLProxyCheckPeerCN on|off</a></td><td> on </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Whether to check the remote server certificate's CN field </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxycheckpeerexpire">SSLProxyCheckPeerExpire on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Whether to check if remote server certificate is expired +<tr class="odd"><td><a href="mod_ssl.html#sslproxycheckpeerexpire">SSLProxyCheckPeerExpire on|off</a></td><td> on </td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Whether to check if remote server certificate is expired </td></tr> -<tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates +<tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> -<tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> -<tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server +<tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>svp</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> +<tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>svp</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server Certificate verification</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslrandomseed">SSLRandomSeed <em>context</em> <em>source</em> [<em>bytes</em>]</a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Pseudo Random Number Generator (PRNG) seeding diff --git a/docs/manual/mod/quickreference.html.es b/docs/manual/mod/quickreference.html.es index a05d35404c..549ebbb4a9 100644 --- a/docs/manual/mod/quickreference.html.es +++ b/docs/manual/mod/quickreference.html.es @@ -57,6 +57,7 @@ <tr><th>v</th><td>virtual host</td></tr> <tr><th>d</th><td>directorio</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>C</th><td>Core</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -834,6 +835,8 @@ a different URL</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -1036,12 +1039,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/mod/quickreference.html.ja.utf8 b/docs/manual/mod/quickreference.html.ja.utf8 index 3277d3732b..20a0e314ec 100644 --- a/docs/manual/mod/quickreference.html.ja.utf8 +++ b/docs/manual/mod/quickreference.html.ja.utf8 @@ -56,6 +56,7 @@ <tr><th>v</th><td>バーチャルホスト</td></tr> <tr><th>d</th><td>ディレクトリ</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>C</th><td>Core</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -780,6 +781,8 @@ header</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -963,12 +966,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/mod/quickreference.html.ko.euc-kr b/docs/manual/mod/quickreference.html.ko.euc-kr index 5138087867..0447d5a846 100644 --- a/docs/manual/mod/quickreference.html.ko.euc-kr +++ b/docs/manual/mod/quickreference.html.ko.euc-kr @@ -53,6 +53,7 @@ <tr><th>v</th><td>ȣƮ</td></tr> <tr><th>d</th><td>directory</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>C</th><td>Core</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -797,6 +798,8 @@ header for proxied requests</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -992,12 +995,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/mod/quickreference.html.tr.utf8 b/docs/manual/mod/quickreference.html.tr.utf8 index 78987ea92b..49bcaeea7b 100644 --- a/docs/manual/mod/quickreference.html.tr.utf8 +++ b/docs/manual/mod/quickreference.html.tr.utf8 @@ -54,6 +54,7 @@ <tr><th>k</th><td>sanal konak</td></tr> <tr><th>d</th><td>dizin</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>Ç</th><td>Çekirdek</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -829,6 +830,8 @@ URL’ye yönlendirir.</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sk</td><td>T</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sk</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sk</td><td>T</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sk</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sk</td><td>T</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sk</td><td>T</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sk</td><td>T</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -1030,12 +1033,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>skdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sk</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sk</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sk</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sk</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sk</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/mod/quickreference.html.zh-cn.utf8 b/docs/manual/mod/quickreference.html.zh-cn.utf8 index c458e4b17a..0f012e91a1 100644 --- a/docs/manual/mod/quickreference.html.zh-cn.utf8 +++ b/docs/manual/mod/quickreference.html.zh-cn.utf8 @@ -49,6 +49,7 @@ <tr><th>v</th><td>虚拟主机</td></tr> <tr><th>d</th><td>目录</td></tr> <tr><th>h</th><td>.htaccess</td></tr> +<tr><th /><td /></tr> </table></td> <td><table><tr><th>C</th><td>核心</td></tr> <tr><th>M</th><td>MPM</td></tr> @@ -826,6 +827,8 @@ a different URL</td></tr> <tr><td><a href="mod_remoteip.html#remoteipinternalproxy">RemoteIPInternalProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader <var>HeaderFieldName</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare the header field which will record all intermediate IP addresses</td></tr> +<tr class="odd"><td><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol On|Off</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Enable or disable PROXY protocol handling</td></tr> +<tr><td><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]</a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Disable processing of PROXY header for certain hosts or networks</td></tr> <tr class="odd"><td><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var> ...</a></td><td></td><td>sv</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr><td><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList <var>filename</var></a></td><td></td><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Declare client intranet IP addresses trusted to present the RemoteIPHeader value</td></tr> <tr class="odd"><td><a href="mod_mime.html#removecharset">RemoveCharset <var>extension</var> [<var>extension</var>] @@ -1028,12 +1031,12 @@ Remote Server Auth</td></tr> </td></tr> <tr><td><a href="mod_ssl.html#sslproxycheckpeername">SSLProxyCheckPeerName on|off</a></td><td> on </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure host name checking for remote server certificates </td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL +<tr class="odd"><td><a href="mod_ssl.html#sslproxyciphersuite">SSLProxyCipherSuite <em>cipher-spec</em></a></td><td> ALL:!ADH:RC4+RSA:+H +</td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL proxy handshake</td></tr> <tr><td><a href="mod_ssl.html#sslproxyengine">SSLProxyEngine on|off</a></td><td> off </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">SSL Proxy Engine Operation Switch</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> -<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>s</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> -<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>s</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatechainfile">SSLProxyMachineCertificateChainFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate</td></tr> +<tr><td><a href="mod_ssl.html#sslproxymachinecertificatefile">SSLProxyMachineCertificateFile <em>filename</em></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of concatenated PEM-encoded client certificates and keys to be used by the proxy</td></tr> +<tr class="odd"><td><a href="mod_ssl.html#sslproxymachinecertificatepath">SSLProxyMachineCertificatePath <em>directory</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded client certificates and keys to be used by the proxy</td></tr> <tr><td><a href="mod_ssl.html#sslproxyprotocol">SSLProxyProtocol [+|-]<em>protocol</em> ...</a></td><td> all -SSLv3 (up to 2 +</td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Configure usable SSL protocol flavors for proxy usage</td></tr> <tr class="odd"><td><a href="mod_ssl.html#sslproxyverify">SSLProxyVerify <em>level</em></a></td><td> none </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Type of remote server Certificate verification</td></tr> <tr><td><a href="mod_ssl.html#sslproxyverifydepth">SSLProxyVerifyDepth <em>number</em></a></td><td> 1 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Maximum depth of CA Certificates in Remote Server diff --git a/docs/manual/sections.html.tr.utf8 b/docs/manual/sections.html.tr.utf8 index b18be77b1c..862bf9f9c8 100644 --- a/docs/manual/sections.html.tr.utf8 +++ b/docs/manual/sections.html.tr.utf8 @@ -29,6 +29,7 @@ <a href="./ko/sections.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | <a href="./tr/sections.html" title="Türkçe"> tr </a></p> </div> +<div class="outofdate">Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.</div> <p><a href="configuring.html">Yapılandırma dosyaları</a>ndaki yönergeler sunucunun tamamına uygulanacağı gibi sadece belli dizinler, diff --git a/docs/manual/sitemap.html.de b/docs/manual/sitemap.html.de index 36dc52b596..16b8742381 100644 --- a/docs/manual/sitemap.html.de +++ b/docs/manual/sitemap.html.de @@ -280,6 +280,7 @@ HPUX betreiben</a></li> <li><a href="mod/mod_proxy_http.html">Apache-Modul mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Apache-Modul mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Apache-Modul mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Apache-Modul mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Apache-Modul mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Apache-Modul mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Apache-Modul mod_reflector</a></li> diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en index ba31666958..39e3aceb4d 100644 --- a/docs/manual/sitemap.html.en +++ b/docs/manual/sitemap.html.en @@ -279,6 +279,7 @@ log_server_status</a></li> <li><a href="mod/mod_proxy_http.html">Apache Module mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Apache Module mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Apache Module mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Apache Module mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Apache Module mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Apache Module mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Apache Module mod_reflector</a></li> diff --git a/docs/manual/sitemap.html.es b/docs/manual/sitemap.html.es index 5fd827a18d..0013111b03 100644 --- a/docs/manual/sitemap.html.es +++ b/docs/manual/sitemap.html.es @@ -259,6 +259,7 @@ usados para describir las directivas de Apache</a></li> <li><a href="mod/mod_proxy_http.html">Mdulo Apache mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Mdulo Apache mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Mdulo Apache mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Mdulo Apache mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Mdulo Apache mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Mdulo Apache mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Mdulo Apache mod_reflector</a></li> diff --git a/docs/manual/sitemap.html.ja.utf8 b/docs/manual/sitemap.html.ja.utf8 index 54079545b9..bf61923cf8 100644 --- a/docs/manual/sitemap.html.ja.utf8 +++ b/docs/manual/sitemap.html.ja.utf8 @@ -258,6 +258,7 @@ <li><a href="mod/mod_proxy_http.html">Apache モジュール mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Apache モジュール mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Apache モジュール mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Apache モジュール mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Apache モジュール mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Apache モジュール mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Apache モジュール mod_reflector</a></li> diff --git a/docs/manual/sitemap.html.tr.utf8 b/docs/manual/sitemap.html.tr.utf8 index 21ebf0290b..0350d457c0 100644 --- a/docs/manual/sitemap.html.tr.utf8 +++ b/docs/manual/sitemap.html.tr.utf8 @@ -274,6 +274,7 @@ Windows ile Apache Kullanımı</a></li> <li><a href="mod/mod_proxy_http.html">Apache Modülü mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Apache Modülü mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Apache Modülü mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Apache Modülü mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Apache Modülü mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Apache Modülü mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Apache Modülü mod_reflector</a></li> diff --git a/docs/manual/sitemap.html.zh-cn.utf8 b/docs/manual/sitemap.html.zh-cn.utf8 index fafa174013..fa54e77275 100644 --- a/docs/manual/sitemap.html.zh-cn.utf8 +++ b/docs/manual/sitemap.html.zh-cn.utf8 @@ -258,6 +258,7 @@ <li><a href="mod/mod_proxy_http.html">Apache 模块 mod_proxy_http</a></li> <li><a href="mod/mod_proxy_http2.html">Apache 模块 mod_proxy_http2</a></li> <li><a href="mod/mod_proxy_scgi.html">Apache 模块 mod_proxy_scgi</a></li> +<li><a href="mod/mod_proxy_uwsgi.html">Apache 模块 mod_proxy_uwsgi</a></li> <li><a href="mod/mod_proxy_wstunnel.html">Apache 模块 mod_proxy_wstunnel</a></li> <li><a href="mod/mod_ratelimit.html">Apache 模块 mod_ratelimit</a></li> <li><a href="mod/mod_reflector.html">Apache 模块 mod_reflector</a></li> diff --git a/include/ap_release.h b/include/ap_release.h index 9f26aeaace..815dbab71c 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -44,7 +44,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 #define AP_SERVER_PATCHLEVEL_NUMBER 30 -#define AP_SERVER_DEVBUILD_BOOLEAN 1 +#define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ |