From 20cde33c0b943c77a7c9d8d5d9c3d9281a6b13a5 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Fri, 1 Jun 2007 13:31:45 +0000
Subject: A better fix for the problem of the method not matching up with the
 digest auth.

---
 doc/httpauthd.conf.5 | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

(limited to 'doc/httpauthd.conf.5')

diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5
index bae1d2d..7bca8b6 100644
--- a/doc/httpauthd.conf.5
+++ b/doc/httpauthd.conf.5
@@ -148,14 +148,6 @@ How this exactly works depends on the method it applies to.
 [ Default:
 .Em 900
 ]
-.It Cd DigestIgnoreMethod
-When set to 
-.Em True
-allows the HTTP method value in 
-.Em Digest
-authentication to be mismatched with the actual request. This opens 
-up a variety of replay attacks, but is useful for pass-through 
-authentication (eg: a website using a SOAP service).
 .It Cd DigestIgnoreNC
 When set to 
 .Em True
@@ -166,10 +158,10 @@ authentication to be incorrect. This opens up various replay attacks.
 [ Default:
 .Em False
 ]
-.It Cd DigestIgnoreURI
+.It Cd DigestAllowAnyPath
 When set to 
 .Em True
-allows the URI value in
+allows the URI value or HTTP method in
 .Em Digest
 authentication to be mismatched with the URI requested. This opens up 
 a variety of replay attacks, but is useful for pass-through 
-- 
cgit v1.2.3