Mercurial > hg > nginx-site
changeset 2523:2bb06b3fbcc5
Documented the "auth_delay" directive.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Mon, 13 Apr 2020 16:55:23 +0100 |
| parents | 91d725e52633 |
| children | d60376fec8a1 |
| files | xml/en/docs/http/ngx_http_core_module.xml xml/ru/docs/http/ngx_http_core_module.xml |
| diffstat | 2 files changed, 40 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_core_module.xml +++ b/xml/en/docs/http/ngx_http_core_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_core_module" link="/en/docs/http/ngx_http_core_module.html" lang="en" - rev="89"> + rev="90"> <section id="directives" name="Directives"> @@ -249,6 +249,25 @@ location /images/ { </directive> +<directive name="auth_delay"> +<syntax><value>time</value></syntax> +<default>0s</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.17.10</appeared-in> + +<para> +Delays processing of unauthorized requests with 401 response code +to prevent timing attacks when access is limited by +<link doc="ngx_http_auth_basic_module.xml">password</link>, by the +<link doc="ngx_http_auth_request_module.xml">result of subrequest</link>, +or by <link doc="ngx_http_auth_jwt_module.xml">JWT</link>. +</para> + +</directive> + + <directive name="chunked_transfer_encoding"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>on</default>
--- a/xml/ru/docs/http/ngx_http_core_module.xml +++ b/xml/ru/docs/http/ngx_http_core_module.xml @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_core_module" link="/ru/docs/http/ngx_http_core_module.html" lang="ru" - rev="89"> + rev="90"> <section id="directives" name="Директивы"> @@ -248,6 +248,25 @@ location /images/ { </directive> +<directive name="auth_delay"> +<syntax><value>время</value></syntax> +<default>0s</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.17.10</appeared-in> + +<para> +Задерживает обработку неавторизованных запросов с кодом ответа 401 +для предотвращения атак по времени в случае ограничения доступа по +<link doc="ngx_http_auth_basic_module.xml">паролю</link>, по +<link doc="ngx_http_auth_request_module.xml">результату подзапроса</link> +или по <link doc="ngx_http_auth_jwt_module.xml">JWT</link>. +</para> + +</directive> + + <directive name="chunked_transfer_encoding"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>on</default>