diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml
index 299eccaa36..1e22d0a5c4 100644
--- a/docs/manual/mod/mod_auth_basic.xml
+++ b/docs/manual/mod/mod_auth_basic.xml
@@ -113,7 +113,7 @@ lower level modules
AuthBasicFake
Fake basic authentication using the given expressions for
username and password
-AuthBasicFake username password
+AuthBasicFake off|username [password]
none
directory.htaccess
@@ -127,6 +127,10 @@ username and password
which allows both the username and password to be set based on
request parameters.
+ If the password is not specified, the default value "password"
+ will be used. To disable fake basic authentication for an URL
+ space, specify "AuthBasicFake off".
+
In this example, we pass a fixed username and password to a
backend server.
@@ -147,7 +151,7 @@ username and password
Certificate Example
<Location /secure>
- AuthBasicFake %{SSL_CLIENT_S_DN_Email} password
+ AuthBasicFake %{SSL_CLIENT_S_DN_Email}
</Location>
@@ -165,6 +169,14 @@ username and password
+ Exclusion Example
+
+<Location /public>
+ AuthBasicFake off
+</Location>
+
+
+
diff --git a/modules/aaa/mod_auth_basic.c b/modules/aaa/mod_auth_basic.c
index 9d451b6344..8c1367b30a 100644
--- a/modules/aaa/mod_auth_basic.c
+++ b/modules/aaa/mod_auth_basic.c
@@ -130,26 +130,47 @@ static const char *set_authoritative(cmd_parms * cmd, void *config, int flag)
return NULL;
}
-static const char *add_basic_fake(cmd_parms * cmd, void *config, const char *user, const char *pass)
+static const char *add_basic_fake(cmd_parms * cmd, void *config,
+ const char *user, const char *pass)
{
auth_basic_config_rec *conf = (auth_basic_config_rec *) config;
const char *err;
- conf->fakeuser = ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
- &err, NULL);
- if (err) {
- return apr_psprintf(cmd->pool,
- "Could not parse fake username expression '%s': %s",
- user, err);
+ if (!strcasecmp(user, "off")) {
+
+ conf->fakeuser = NULL;
+ conf->fakepass = NULL;
+ conf->fake_set = 1;
+
}
- conf->fakepass = ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
- &err, NULL);
- if (err) {
- return apr_psprintf(cmd->pool,
- "Could not parse fake password expression '%s': %s",
- user, err);
+ else {
+
+ /* if password is unspecified, set it to the fixed string "password" to
+ * be compatible with the behaviour of mod_ssl.
+ */
+ if (!pass) {
+ pass = "password";
+ }
+
+ conf->fakeuser =
+ ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
+ &err, NULL);
+ if (err) {
+ return apr_psprintf(cmd->pool,
+ "Could not parse fake username expression '%s': %s", user,
+ err);
+ }
+ conf->fakepass =
+ ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
+ &err, NULL);
+ if (err) {
+ return apr_psprintf(cmd->pool,
+ "Could not parse fake password expression '%s': %s", user,
+ err);
+ }
+ conf->fake_set = 1;
+
}
- conf->fake_set = 1;
return NULL;
}
@@ -161,9 +182,10 @@ static const command_rec auth_basic_cmds[] =
AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
- AP_INIT_TAKE2("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
"Fake basic authentication using the given expressions for "
- "username and password"),
+ "username and password, 'off' to disable. Password defaults "
+ "to 'password' if missing."),
{NULL}
};
@@ -365,7 +387,7 @@ static int authenticate_basic_fake(request_rec *r)
auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_basic_module);
- if (!conf->fake_set) {
+ if (!conf->fakeuser) {
return DECLINED;
}