diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/httpauthd.conf.5 | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5 index 8d967c3..bae1d2d 100644 --- a/doc/httpauthd.conf.5 +++ b/doc/httpauthd.conf.5 @@ -148,6 +148,14 @@ How this exactly works depends on the method it applies to. [ Default: .Em 900 ] +.It Cd DigestIgnoreMethod +When set to +.Em True +allows the HTTP method value in +.Em Digest +authentication to be mismatched with the actual request. This opens +up a variety of replay attacks, but is useful for pass-through +authentication (eg: a website using a SOAP service). .It Cd DigestIgnoreNC When set to .Em True @@ -164,7 +172,8 @@ When set to allows the URI value in .Em Digest authentication to be mismatched with the URI requested. This opens up -a variety of replay attacks, but may be necessary in some cases. +a variety of replay attacks, but is useful for pass-through +authentication (eg: a website using a SOAP service). .Pp [ Default: .Em False |