Add an error msg when encountering a spoofed identity. If this would

have been here in the first place. Makes issues like these be found easier in the future. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100937 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2003-08-07 23:57:11 +00:00
parent 7a51a3d41a
commit 8fc6144ca2
1 changed files with 2 additions and 0 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -880,6 +880,8 @@ int ssl_hook_UserCheck(request_rec *r)
            password = auth_line;

            if ((username[0] == '/') && strEQ(password, "password")) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                 "Encountered FakeBasicAuth spoof: %s", username);
                return HTTP_FORBIDDEN;
            }
        }