diff options
author | Stef Walter <stef@memberwebs.com> | 2007-05-31 23:29:35 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2007-05-31 23:29:35 +0000 |
commit | 6d7feb248daf16c260007388692d6de48416d9b7 (patch) | |
tree | 7bb76f937b738c78f8c6dabd66e7b721e1b73b3a /doc | |
parent | 82a32ff78428bec9f9a4f69cc21ccf9d197a38ff (diff) |
Support ignoring the HTTP method.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/httpauthd.conf.5 | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5 index 8d967c3..bae1d2d 100644 --- a/doc/httpauthd.conf.5 +++ b/doc/httpauthd.conf.5 @@ -148,6 +148,14 @@ How this exactly works depends on the method it applies to. [ Default: .Em 900 ] +.It Cd DigestIgnoreMethod +When set to +.Em True +allows the HTTP method value in +.Em Digest +authentication to be mismatched with the actual request. This opens +up a variety of replay attacks, but is useful for pass-through +authentication (eg: a website using a SOAP service). .It Cd DigestIgnoreNC When set to .Em True @@ -164,7 +172,8 @@ When set to allows the URI value in .Em Digest authentication to be mismatched with the URI requested. This opens up -a variety of replay attacks, but may be necessary in some cases. +a variety of replay attacks, but is useful for pass-through +authentication (eg: a website using a SOAP service). .Pp [ Default: .Em False |