summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorEric Covener <covener@apache.org>2023-02-19 19:59:44 +0100
committerEric Covener <covener@apache.org>2023-02-19 19:59:44 +0100
commit9605760cff84574a013bf337f6cefae2b4f424f6 (patch)
tree3172bb57f3a2f34eaa7f5b14fc1db1f660378d84 /docs
parentRe-order the fields of 'struct h2_session_props' to avoid a hole and some pad... (diff)
downloadapache2-9605760cff84574a013bf337f6cefae2b4f424f6.tar.xz
apache2-9605760cff84574a013bf337f6cefae2b4f424f6.zip
fixups vs. early in check_authn
[skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907762 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r--docs/manual/mod/mod_auth_basic.xml6
-rw-r--r--docs/manual/mod/mod_ssl.xml8
2 files changed, 13 insertions, 1 deletions
diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml
index 49536ed8b3..4f0a3271ba 100644
--- a/docs/manual/mod/mod_auth_basic.xml
+++ b/docs/manual/mod/mod_auth_basic.xml
@@ -131,6 +131,12 @@ username and password</description>
will be used. To disable fake basic authentication for an URL
space, specify "AuthBasicFake off".</p>
+ <note>
+ The Authorization header added by this directive is <em>not</em>
+ input into any authentication or authorization within the local
+ server. It is designed to be passed along to upstream servers.
+ </note>
+
<p>In this example, we pass a fixed username and password to a
backend server.</p>
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index e196e6e2fd..dbe3345da7 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1538,7 +1538,13 @@ The available <em>option</em>s are:</p>
<p>Note that the <directive module="mod_auth_basic">AuthBasicFake</directive>
directive within <module>mod_auth_basic</module> can be used as a more
general mechanism for faking basic authentication, giving control over the
- structure of both the username and password.</p>
+ structure of both the username and password. </p>
+
+ <note>Unlike the <code>FakeBasicAuth</code>
+ option, the <directive module="mod_auth_basic">AuthBasicFake</directive> directive
+ does not set an Authorization header early enough to be processed by authentication
+ and authorization in the local server, it is only intended for upstream servers.
+ </note>
<note type="warning">
<p>The usernames used for <code>FakeBasicAuth</code> must not