nginx-site: xml/en/docs/http/ngx_http_auth_basic

annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 840:9dab69f2b71d

Documented nginx 1.2.7 changes. - variables support in the "auth_basic" directive; - new generic variables $pipe, $request_length, $time_iso8601, and $time_local; - IPv6 support in ngx_http_geo_module and ngx_http_geoip_module; - "gzip" and "flush" parameters of the "access_log" directive.

author	Ruslan Ermilov <ru@nginx.com>
date	Tue, 12 Feb 2013 16:45:45 +0400
parents	f563967a4f59
children	95c3c3bbf1ce

rev	line source
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	1 <?xml version="1.0"?>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	2
580 be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 494 diff changeset	3 <!--
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 494 diff changeset	4 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 494 diff changeset	5 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 494 diff changeset	6 -->
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 494 diff changeset	7
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	9
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	10 <module name="Module ngx_http_auth_basic_module"
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	11 link="/en/docs/http/ngx_http_auth_basic_module.html"
589 764fbac1b8b4 Added document revision. Ruslan Ermilov <ru@nginx.com> parents: 580 diff changeset	12 lang="en"
840 9dab69f2b71d Documented nginx 1.2.7 changes. Ruslan Ermilov <ru@nginx.com> parents: 836 diff changeset	13 rev="5">
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	14
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	15 <section id="summary">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	16
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	17 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	18 The <literal>ngx_http_auth_basic_module</literal> module allows
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	19 to limit access to resources by validating the user name and password
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	20 using the “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	21 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	22
494 244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	23 <para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	24 Access can also be limited by
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	25 <link doc="ngx_http_auth_basic_module.xml">address</link>.
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	26 Simultaneous limitation of access by address and by password is controlled
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	27 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	28 </para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module, Ruslan Ermilov <ru@nginx.com> parents: 351 diff changeset	29
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	30 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	31
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	32
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	33 <section id="example" name="Example Configuration">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	34
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	35 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	36 <example>
351 a4fa80755eab Consistently strip initial offset in examples. Ruslan Ermilov <ru@nginx.com> parents: 315 diff changeset	37 location / {
a4fa80755eab Consistently strip initial offset in examples. Ruslan Ermilov <ru@nginx.com> parents: 315 diff changeset	38 auth_basic "closed site";
a4fa80755eab Consistently strip initial offset in examples. Ruslan Ermilov <ru@nginx.com> parents: 315 diff changeset	39 auth_basic_user_file conf/htpasswd;
a4fa80755eab Consistently strip initial offset in examples. Ruslan Ermilov <ru@nginx.com> parents: 315 diff changeset	40 }
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	41 </example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	42 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	43
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	44 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	45
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	46
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	47 <section id="directives" name="Directives">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	48
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	49 <directive name="auth_basic">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	50 <syntax><value>string</value> \| <literal>off</literal></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	51 <default>off</default>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	52 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	53 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	54 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	55 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	56
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	57 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	58 Enables validation of user name and password using the
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	59 “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	60 The specified parameter is used as a <value>realm</value>.
840 9dab69f2b71d Documented nginx 1.2.7 changes. Ruslan Ermilov <ru@nginx.com> parents: 836 diff changeset	61 Value of the parameter can contain variables (1.3.10, 1.2.7).
784 7d15bd7fc58d The "auth_basic" directive now supports variables. Ruslan Ermilov <ru@nginx.com> parents: 655 diff changeset	62 The special value <literal>off</literal> allows to cancel the effect
7d15bd7fc58d The "auth_basic" directive now supports variables. Ruslan Ermilov <ru@nginx.com> parents: 655 diff changeset	63 of the <literal>auth_basic</literal> directive
7d15bd7fc58d The "auth_basic" directive now supports variables. Ruslan Ermilov <ru@nginx.com> parents: 655 diff changeset	64 inherited from the previous configuration level.
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	65 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	66
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	67 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	68
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	69
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	70 <directive name="auth_basic_user_file">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	71 <syntax><value>file</value></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	72 <default/>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	73 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	74 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	75 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	76 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	77
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	78 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	79 Specifies a file that keeps user names and passwords,
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	80 in the following format:
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	81 <example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	82 # comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	83 name1:password1
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	84 name2:password2:comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	85 name3:password3
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	86 </example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	87 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	88
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	89 <para>
655 93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	90 The following password types are supported:
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	91 <list type="bullet">
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	92
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	93 <listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	94 encrypted with the <c-func>crypt</c-func> function; can be generated using
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	95 the “<command>htpasswd</command>” utility from the Apache HTTP Server
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	96 distribution or the “<command>openssl passwd</command>” command;
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	97 </listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	98
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	99 <listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	100 hashed with the Apache variant of the MD5-based password algorithm (apr1);
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	101 can be generated with the same tools;
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	102 </listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	103
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	104 <listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	105 specified by the
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	106 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>”
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	107 syntax (1.0.3+) as described in
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	108 <link url="http://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>;
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	109 currently implemented schemes include <literal>PLAIN</literal> (an example one,
836 f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	110 should not be used), <literal>SHA</literal> (1.3.13) (plain SHA-1
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	111 hashing, should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing,
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	112 used by some software packages, notably OpenLDAP and Dovecot).
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	113 <note>
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	114 Support for <literal>SHA</literal> scheme was added only to aid
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	115 in migration from other web servers.
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	116 It should not be used for new passwords since unsalted SHA-1 hashing
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	117 that it employs is vulnerable to
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	118 <link url="http://en.wikipedia.org/wiki/Rainbow_attack">rainbow table</link>
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	119 attacks.
f563967a4f59 Auth basic: ${SHA} password scheme. Ruslan Ermilov <ru@nginx.com> parents: 784 diff changeset	120 </note>
655 93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	121 </listitem>
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	122
93d2a54d247c Added information about supported password types. Vladimir Homutov <vl@nginx.com> parents: 589 diff changeset	123 </list>
315 e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	124 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	125
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	126 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	127
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	128 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	129
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module, Ruslan Ermilov <ru@nginx.com> parents: diff changeset	130 </module>

Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 840:9dab69f2b71d