summaryrefslogtreecommitdiff
path: root/doc/httpauthd.conf.5
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2007-06-01 13:31:45 +0000
committerStef Walter <stef@memberwebs.com>2007-06-01 13:31:45 +0000
commit20cde33c0b943c77a7c9d8d5d9c3d9281a6b13a5 (patch)
treea92ce9cbf1d56ec162ab2b179116b627dd2c2b30 /doc/httpauthd.conf.5
parent9ab8871e7d0387a7326d5179ab5b64a4995fce0d (diff)
A better fix for the problem of the method not matching up with the digest auth.
Diffstat (limited to 'doc/httpauthd.conf.5')
-rw-r--r--doc/httpauthd.conf.512
1 files changed, 2 insertions, 10 deletions
diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5
index bae1d2d..7bca8b6 100644
--- a/doc/httpauthd.conf.5
+++ b/doc/httpauthd.conf.5
@@ -148,14 +148,6 @@ How this exactly works depends on the method it applies to.
[ Default:
.Em 900
]
-.It Cd DigestIgnoreMethod
-When set to
-.Em True
-allows the HTTP method value in
-.Em Digest
-authentication to be mismatched with the actual request. This opens
-up a variety of replay attacks, but is useful for pass-through
-authentication (eg: a website using a SOAP service).
.It Cd DigestIgnoreNC
When set to
.Em True
@@ -166,10 +158,10 @@ authentication to be incorrect. This opens up various replay attacks.
[ Default:
.Em False
]
-.It Cd DigestIgnoreURI
+.It Cd DigestAllowAnyPath
When set to
.Em True
-allows the URI value in
+allows the URI value or HTTP method in
.Em Digest
authentication to be mismatched with the URI requested. This opens up
a variety of replay attacks, but is useful for pass-through