Add note on special character handling with FakeBasicAuth.

PR: 52644 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1815599 13f79535-47bb-0310-9956-ffa450edef68
author: Joe Orton <jorton@apache.org> 2017-11-17 18:24:27 +0100
committer: Joe Orton <jorton@apache.org> 2017-11-17 18:24:27 +0100
commit: 8440a7dbd7b2a3b30f21028a197255abd5c906e4 (patch)
tree: c9a7d497eda98b3ca24e6ee3f1d625b7eb53fe64 /docs/manual/mod/mod_ssl.xml
parent: Bumped. (diff)
download: apache2-8440a7dbd7b2a3b30f21028a197255abd5c906e4.tar.xz
apache2-8440a7dbd7b2a3b30f21028a197255abd5c906e4.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index c13db2c655..fc94cc298e 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1473,6 +1473,13 @@ The available <em>option</em>s are:</p>
     directive within <module>mod_auth_basic</module> can be used as a more
     general mechanism for faking basic authentication, giving control over the
     structure of both the username and password.</p>
+
+    <note type="warning">
+      <p>The usernames used for <code>FakeBasicAuth</code> must not
+      include any non-ASCII characters, ASCII escape characters (such
+      a newline), or a colon.  If a colon is found, a 403 Forbidden
+      error will be generated with httpd 2.5.1 and later.</p>
+    </note>
 </li>
 <li><code>StrictRequire</code>
     <p>
author	Joe Orton <jorton@apache.org>	2017-11-17 18:24:27 +0100
committer	Joe Orton <jorton@apache.org>	2017-11-17 18:24:27 +0100
commit	8440a7dbd7b2a3b30f21028a197255abd5c906e4 (patch)
tree	c9a7d497eda98b3ca24e6ee3f1d625b7eb53fe64 /docs/manual/mod/mod_ssl.xml
parent	Bumped. (diff)
download	apache2-8440a7dbd7b2a3b30f21028a197255abd5c906e4.tar.xz apache2-8440a7dbd7b2a3b30f21028a197255abd5c906e4.zip