Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_auth_basic_module.xml @ 2559:82e6029db0c0
Updated with Netcraft June 2020 Web Server Survey stats.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Thu, 25 Jun 2020 13:12:56 +0100 |
parents | 66a30a380fba |
children | eeed494bba51 |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_auth_basic_module" link="/en/docs/http/ngx_http_auth_basic_module.html" lang="en" rev="9"> <section id="summary"> <para> The <literal>ngx_http_auth_basic_module</literal> module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol. </para> <para> Access can also be limited by <link doc="ngx_http_access_module.xml">address</link>, by the <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>, or by <link doc="ngx_http_auth_jwt_module.xml">JWT</link>. Simultaneous limitation of access by address and by password is controlled by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. </para> </section> <section id="example" name="Example Configuration"> <para> <example> location / { auth_basic "closed site"; auth_basic_user_file conf/htpasswd; } </example> </para> </section> <section id="directives" name="Directives"> <directive name="auth_basic"> <syntax><value>string</value> | <literal>off</literal></syntax> <default>off</default> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a <value>realm</value>. Parameter value can contain variables (1.3.10, 1.2.7). The special value <literal>off</literal> allows cancelling the effect of the <literal>auth_basic</literal> directive inherited from the previous configuration level. </para> </directive> <directive name="auth_basic_user_file"> <syntax><value>file</value></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Specifies a file that keeps user names and passwords, in the following format: <example> # comment name1:password1 name2:password2:comment name3:password3 </example> The <value>file</value> name can contain variables. </para> <para> The following password types are supported: <list type="bullet"> <listitem> encrypted with the <c-func>crypt</c-func> function; can be generated using the “<command>htpasswd</command>” utility from the Apache HTTP Server distribution or the “<command>openssl passwd</command>” command; </listitem> <listitem> hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools; </listitem> <listitem> specified by the “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>” syntax (1.0.3+) as described in <link url="https://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>; currently implemented schemes include <literal>PLAIN</literal> (an example one, should not be used), <literal>SHA</literal> (1.3.13) (plain SHA-1 hashing, should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot). <note> Support for <literal>SHA</literal> scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to <link url="http://en.wikipedia.org/wiki/Rainbow_attack">rainbow table</link> attacks. </note> </listitem> </list> </para> </directive> </section> </module>