Basic use
Example 1
The example below demonstrates how the mod_authnz_subrequest authentication and authorisation module would be used to block Web access to any XSL stylesheets while still allowing access to requests issued by the mod_transform module via the Apache2 sub-request mechanism.
- <LocationMatch "^.*\.xsl$">
- AuthType SubRequest
- SubRequestRejectMethod 404
- Require sub-request mod_transform
- </LocationMatch>
As you can see the AuthType directive (on line 2) is used to indicate that we want to use sub-request authentication.
The SubRequestRejectMethod directive (on line 4) specifies the HTTP result code that should be returned to non-authenticated clients. In our example a value of 404 has been used to effectively hide these resources.
Finally the Require sub-request directive (on line 6) is used to provide a list of module names which are allowed to use the Apache2 sub-request mechanism to retrieve these resources.
Example 2
Sometimes the module which you would like to allow access is not already in the list of modules supported by the mod_authnz_subrequest module. In this case you will need to declare additional modules, as shown in the example below.
- SubRequestDeclareType mod_donkey donkey_derby_mod
- <LocationMatch "^.*\.xsl$">
- AuthType SubRequest
- Require sub-request mod_include mod_donkey
- </LocationMatch>
The above example is very similar to the first example with the addition of the SubRequestDeclareType directive (on line 1) which is used to declare a new module name. In our example mod_donkey is the name of the module we wish to declare and donkey_derby_mod is the internal name of the module used to register with the Apache2 module system. Unfortunately, there is often no recourse but to look to the source-code of your target module for this text string.
