Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 1005:2275611970dd
Removed open_file_cache_errors from proxy_store examples.
The open_file_cache_errors directive is mostly unrelated and off by default,
there is no real need to have it in examples.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 22 Oct 2013 17:37:46 +0400 |
parents | f10ebd7c60b4 |
children | dad3af7a1019 |
rev | line source |
---|---|
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
7 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_http_auth_basic_module" |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/http/ngx_http_auth_basic_module.html" |
589 | 12 lang="en" |
971
6316a7579448
Documented the "ngx_http_auth_request" module.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
13 rev="6"> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
16 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
17 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
18 The <literal>ngx_http_auth_basic_module</literal> module allows |
966 | 19 limiting access to resources by validating the user name and password |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
20 using the “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
21 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
22 |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
23 <para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
24 Access can also be limited by |
990 | 25 <link doc="ngx_http_access_module.xml">address</link> or by the |
971
6316a7579448
Documented the "ngx_http_auth_request" module.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
26 <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>. |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
27 Simultaneous limitation of access by address and by password is controlled |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
28 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
29 </para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
30 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
31 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
32 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
33 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
34 <section id="example" name="Example Configuration"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 <example> |
351
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
38 location / { |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
39 auth_basic "closed site"; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
40 auth_basic_user_file conf/htpasswd; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
41 } |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
42 </example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
43 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
44 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
45 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
46 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
47 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
48 <section id="directives" name="Directives"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
49 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
50 <directive name="auth_basic"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>string</value> | <literal>off</literal></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
52 <default>off</default> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
53 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
55 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
56 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
57 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
58 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
59 Enables validation of user name and password using the |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
60 “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
61 The specified parameter is used as a <value>realm</value>. |
966 | 62 Parameter value can contain variables (1.3.10, 1.2.7). |
63 The special value <literal>off</literal> allows cancelling the effect | |
784
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
64 of the <literal>auth_basic</literal> directive |
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
65 inherited from the previous configuration level. |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 <directive name="auth_basic_user_file"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
72 <syntax><value>file</value></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 <default/> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
76 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
78 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 Specifies a file that keeps user names and passwords, |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 in the following format: |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
82 <example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
83 # comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
84 name1:password1 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
85 name2:password2:comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
86 name3:password3 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
87 </example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
88 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
89 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
90 <para> |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
91 The following password types are supported: |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
92 <list type="bullet"> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
93 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
94 <listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
95 encrypted with the <c-func>crypt</c-func> function; can be generated using |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
96 the “<command>htpasswd</command>” utility from the Apache HTTP Server |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
97 distribution or the “<command>openssl passwd</command>” command; |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
98 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
99 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
100 <listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
101 hashed with the Apache variant of the MD5-based password algorithm (apr1); |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
102 can be generated with the same tools; |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
103 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
104 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
105 <listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
106 specified by the |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
107 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>” |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
108 syntax (1.0.3+) as described in |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
109 <link url="http://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>; |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
110 currently implemented schemes include <literal>PLAIN</literal> (an example one, |
836
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
111 should not be used), <literal>SHA</literal> (1.3.13) (plain SHA-1 |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
112 hashing, should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing, |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
113 used by some software packages, notably OpenLDAP and Dovecot). |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
114 <note> |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
115 Support for <literal>SHA</literal> scheme was added only to aid |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
116 in migration from other web servers. |
966 | 117 It should not be used for new passwords, since unsalted SHA-1 hashing |
836
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
118 that it employs is vulnerable to |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
119 <link url="http://en.wikipedia.org/wiki/Rainbow_attack">rainbow table</link> |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
120 attacks. |
f563967a4f59
Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents:
784
diff
changeset
|
121 </note> |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
122 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
123 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
124 </list> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
125 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
126 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
127 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
128 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
129 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
130 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
131 </module> |