Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
| Description: | Form authentication |
|---|---|
| Status: | Base |
| Module Identifier: | auth_form_module |
| Source File: | mod_auth_form.c |
| Compatibility: | Available in Apache 2.3 and later |
Form authentication depends on the mod_session
modules, and these modules make use of HTTP cookies, and as such can fall
victim to Cross Site Scripting attacks, or expose potentially private
information to clients. Please ensure that the relevant risks have
been taken into account before enabling the session functionality on
your server.
This module allows the use of an HTML login form to restrict access by looking up users in the given providers. HTML forms require significantly more configuration than the alternatives, however an HTML login form can provide a much friendlier experience for end users.
HTTP basic authentication is provided by
mod_auth_basic, and HTTP digest authentication is
provided by mod_auth_digest. This module should
be combined with at least one authentication module
such as mod_authn_file and one authorization
module such as mod_authz_user.
Once the user has been successfully authenticated, the user's login
details will be stored in a session provided by mod_session.
