The example below demonstrates how the mod_authnz_subrequest authentication and authorisation module would be used to block Web access to any XSL stylesheets while still allowing access to requests issued by the mod_transform module via the Apache2 sub-request mechanism.
As you can see the AuthType directive (on line 2) is used to indicate that we want to use sub-request authentication.
The SubRequestRejectMethod directive (on line 4) specifies the HTTP result code that should be returned to non-authenticated clients. In our example a value of 404 has been used to effectively hide these resources.
Finally the Require sub-request directive (on line 6) is used to provide a list of module names which are allowed to use the Apache2 sub-request mechanism to retrieve these resources.
Sometimes the module which you would like to allow access is not already in the list of modules supported by the mod_authnz_subrequest module. In this case you will need to declare additional modules, as shown in the example below.
The above example is very similar to the first example with the addition of the SubRequestDeclareType directive (on line 1) which is used to declare a new module name. In our example mod_donkey is the name of the module we wish to declare and donkey_derby_mod is the internal name of the module used to register with the Apache2 module system. Unfortunately, there is often no recourse but to look to the source-code of your target module for this text string.