Apache Server Information
- Module Name: mod_auth_form.c
- Content handlers: yes
- Configuration Phase Participation:
Create Directory Config, Merge Directory Configs
- Request Phase Participation:
Verify User ID, Note Authentication Failure, Content Handlers
- Module Directives:
- AuthFormProvider - specify the auth providers for a directory or location
- AuthFormUsername - The field of the login form carrying the username
- AuthFormPassword - The field of the login form carrying the password
- AuthFormLocation - The field of the login form carrying the URL to redirect on successful login.
- AuthFormMethod - The field of the login form carrying the original request method.
- AuthFormMimetype - The field of the login form carrying the original request mimetype.
- AuthFormBody - The field of the login form carrying the urlencoded original request body.
- AuthFormSize - Maximum size of body parsed by the form parser
- AuthFormLoginRequiredLocation - If set, redirect the browser to this URL rather than return 401 Not Authorized.
- AuthFormLoginSuccessLocation - If set, redirect the browser to this URL when a login processed by the login handler is successful.
- AuthFormLogoutLocation - The URL of the logout successful page. An attempt to access an URL handled by the handler form-logout-handler will result in an redirect to this page after logout.
- AuthFormSitePassphrase - If set, use this passphrase to determine whether the user should be authenticated. Bypasses the user authentication check on every website hit, and is useful for high traffic sites.
- AuthFormAuthoritative - Set to 'Off' to allow access control to be passed along to lower modules if the UserID is not known to this module
- AuthFormFakeBasicAuth - Set to 'On' to pass through authentication to the rest of the server as a basic authentication header.
- AuthFormDisableNoStore - Set to 'on' to stop the sending of a Cache-Control no-store header with the login screen. This allows the browser to cache the credentials, but at the risk of it being possible for the login form to be resubmitted and revealed to the backend server through XSS. Use at own risk.
- Current Configuration: