diff options
author | Eric Covener <covener@apache.org> | 2023-02-19 19:59:44 +0100 |
---|---|---|
committer | Eric Covener <covener@apache.org> | 2023-02-19 19:59:44 +0100 |
commit | 9605760cff84574a013bf337f6cefae2b4f424f6 (patch) | |
tree | 3172bb57f3a2f34eaa7f5b14fc1db1f660378d84 /docs | |
parent | Re-order the fields of 'struct h2_session_props' to avoid a hole and some pad... (diff) | |
download | apache2-9605760cff84574a013bf337f6cefae2b4f424f6.tar.xz apache2-9605760cff84574a013bf337f6cefae2b4f424f6.zip |
fixups vs. early in check_authn
[skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907762 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r-- | docs/manual/mod/mod_auth_basic.xml | 6 | ||||
-rw-r--r-- | docs/manual/mod/mod_ssl.xml | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index 49536ed8b3..4f0a3271ba 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -131,6 +131,12 @@ username and password</description> will be used. To disable fake basic authentication for an URL space, specify "AuthBasicFake off".</p> + <note> + The Authorization header added by this directive is <em>not</em> + input into any authentication or authorization within the local + server. It is designed to be passed along to upstream servers. + </note> + <p>In this example, we pass a fixed username and password to a backend server.</p> diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index e196e6e2fd..dbe3345da7 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -1538,7 +1538,13 @@ The available <em>option</em>s are:</p> <p>Note that the <directive module="mod_auth_basic">AuthBasicFake</directive> directive within <module>mod_auth_basic</module> can be used as a more general mechanism for faking basic authentication, giving control over the - structure of both the username and password.</p> + structure of both the username and password. </p> + + <note>Unlike the <code>FakeBasicAuth</code> + option, the <directive module="mod_auth_basic">AuthBasicFake</directive> directive + does not set an Authorization header early enough to be processed by authentication + and authorization in the local server, it is only intended for upstream servers. + </note> <note type="warning"> <p>The usernames used for <code>FakeBasicAuth</code> must not |