mod_auth_form.html.en revision e04d06603a7abd1090421cbc961685d5468f1039
beaad6ac31022179c44d88536811e9ccd9425696nd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
beaad6ac31022179c44d88536811e9ccd9425696nd<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
db878466c5e95073429dda0bdd001f45e9486e16fielding XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
db878466c5e95073429dda0bdd001f45e9486e16fielding This file is generated from xml source: DO NOT EDIT
db878466c5e95073429dda0bdd001f45e9486e16fielding XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
db878466c5e95073429dda0bdd001f45e9486e16fielding<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
beaad6ac31022179c44d88536811e9ccd9425696nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
beaad6ac31022179c44d88536811e9ccd9425696nd<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
beaad6ac31022179c44d88536811e9ccd9425696nd<script src="/style/scripts/prettify.js" type="text/javascript">
beaad6ac31022179c44d88536811e9ccd9425696nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
beaad6ac31022179c44d88536811e9ccd9425696nd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<p><span>Available Languages: </span><a href="/en/mod/mod_auth_form.html" title="English"> en </a></p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Form authentication</td></tr>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>auth_form_module</td></tr>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_auth_form.c</td></tr>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <p>Form authentication depends on the <code class="module"><a href="/mod/mod_session.html">mod_session</a></code>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd modules, and these modules make use of HTTP cookies, and as such can fall
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd victim to Cross Site Scripting attacks, or expose potentially private
7e68fce3cbd2246164e045a51ecd77f9f26680ednd information to clients. Please ensure that the relevant risks have
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd been taken into account before enabling the session functionality on
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd your server.</p>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <p>This module allows the use of an HTML login form to restrict access
7e68fce3cbd2246164e045a51ecd77f9f26680ednd by looking up users in the given providers. HTML forms require
7e68fce3cbd2246164e045a51ecd77f9f26680ednd significantly more configuration than the alternatives, however an
7e68fce3cbd2246164e045a51ecd77f9f26680ednd HTML login form can provide a much friendlier experience for end users.
66e48875fca2df6669dab4f2690ee36c6913c0ffnd <p>HTTP basic authentication is provided by
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code>, and HTTP digest authentication is
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd provided by <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. This module should
7e68fce3cbd2246164e045a51ecd77f9f26680ednd be combined with at least one authentication module
7e68fce3cbd2246164e045a51ecd77f9f26680ednd such as <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> and one authorization
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd module such as <code class="module"><a href="/mod/mod_authz_user.html">mod_authz_user</a></code>.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>Once the user has been successfully authenticated, the user's login
7e68fce3cbd2246164e045a51ecd77f9f26680ednd details will be stored in a session provided by <code class="module"><a href="/mod/mod_session.html">mod_session</a></code>.
8cfbcde8e416fd60132dd4324c42a5098da156cfnd<div id="quickview"><h3 class="directives">Directives</h3>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformauthoritative">AuthFormAuthoritative</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformbody">AuthFormBody</a></li>
f5f948a91315652103ddae08be22d76f63ba96d4nd<li><img alt="" src="/images/down.gif" /> <a href="#authformdisablenostore">AuthFormDisableNoStore</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformfakebasicauth">AuthFormFakeBasicAuth</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformlocation">AuthFormLocation</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformloginsuccesslocation">AuthFormLoginSuccessLocation</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformlogoutlocation">AuthFormLogoutLocation</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformmethod">AuthFormMethod</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformmimetype">AuthFormMimetype</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformpassword">AuthFormPassword</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformprovider">AuthFormProvider</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformsitepassphrase">AuthFormSitePassphrase</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformsize">AuthFormSize</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#authformusername">AuthFormUsername</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#basicconfig">Basic Configuration</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#standalone">Standalone Login</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#inline">Inline Login</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#inlinepreservebody">Inline Login with Body Preservation</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#loggingout">Logging Out</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><img alt="" src="/images/down.gif" /> <a href="#urlencoding">Usernames and Passwords</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><code class="module"><a href="/mod/mod_session.html">mod_session</a></code></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><code class="directive"><a href="/mod/mod_authn_core.html#authname">AuthName</a></code></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><code class="directive"><a href="/mod/mod_authn_core.html#authtype">AuthType</a></code></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<li><a href="/howto/auth.html">Authentication howto</a></li>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<h2><a name="basicconfig" id="basicconfig">Basic Configuration</a></h2>
f5f948a91315652103ddae08be22d76f63ba96d4nd <p>To protect a particular URL with <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code>, you need to
7e68fce3cbd2246164e045a51ecd77f9f26680ednd decide where you will store your <var>session</var>, and you will need to
7e68fce3cbd2246164e045a51ecd77f9f26680ednd decide what method you will use to authenticate. In this simple example, the
7e68fce3cbd2246164e045a51ecd77f9f26680ednd login details will be stored in a session based on
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="module"><a href="/mod/mod_session_cookie.html">mod_session_cookie</a></code>, and authentication will be attempted against
7e68fce3cbd2246164e045a51ecd77f9f26680ednd a file using <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code>. If authentication is unsuccessful,
7e68fce3cbd2246164e045a51ecd77f9f26680ednd the user will be redirected to the form login page.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">
7e68fce3cbd2246164e045a51ecd77f9f26680edndAuthFormProvider file
7e68fce3cbd2246164e045a51ecd77f9f26680edndAuthType form
7e68fce3cbd2246164e045a51ecd77f9f26680edndAuthName realm
7e68fce3cbd2246164e045a51ecd77f9f26680edndAuthFormLoginRequiredLocation http://example.com/login.html
7e68fce3cbd2246164e045a51ecd77f9f26680edndSessionCookieName session path=/
7e68fce3cbd2246164e045a51ecd77f9f26680edndSessionCryptoPassphrase secret
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>The directive <code class="directive"><a href="/mod/mod_authn_core.html#authtype">AuthType</a></code> will enable
7e68fce3cbd2246164e045a51ecd77f9f26680ednd the <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> authentication when set to the value <var>form</var>.
7e68fce3cbd2246164e045a51ecd77f9f26680ednd The directives <code class="directive"><a href="#authformprovider">AuthFormProvider</a></code> and
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="directive"><a href="/mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> specify that usernames
7e68fce3cbd2246164e045a51ecd77f9f26680ednd and passwords should be checked against the chosen file.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>The directives <code class="directive"><a href="/mod/mod_session.html#session">Session</a></code>,
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="directive"><a href="/mod/mod_session_cookie.html#sessioncookiename">SessionCookieName</a></code> and
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="directive"><a href="/mod/mod_session_crypto.html#sessioncryptopassphrase">SessionCryptoPassphrase</a></code> create an
7e68fce3cbd2246164e045a51ecd77f9f26680ednd encrypted session stored within an HTTP cookie on the browser. For more information
7e68fce3cbd2246164e045a51ecd77f9f26680ednd on the different options for configuring a session, read the documentation for
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="module"><a href="/mod/mod_session.html">mod_session</a></code>.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>In the simple example above, a URL has been protected by
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code>, but the user has yet to be given an opportunity to
7e68fce3cbd2246164e045a51ecd77f9f26680ednd enter their username and password. Options for doing so include providing a
7e68fce3cbd2246164e045a51ecd77f9f26680ednd dedicated standalone login page for this purpose, or for providing the login
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd page inline.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<h2><a name="standalone" id="standalone">Standalone Login</a></h2>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>The login form can be hosted as a standalone page, or can be provided inline on
7e68fce3cbd2246164e045a51ecd77f9f26680ednd the same page.</p>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <p>When configuring the login as a standalone page, unsuccessful authentication
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd attempts should be redirected to a login form created by the website for this purpose,
7e68fce3cbd2246164e045a51ecd77f9f26680ednd using the <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd directive. Typically this login page will contain an HTML form, asking the user to
7e68fce3cbd2246164e045a51ecd77f9f26680ednd provide their usename and password.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <div class="example"><h3>Example login form</h3><pre class="prettyprint lang-html">
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<form method="POST" action="/dologin.html">
7e68fce3cbd2246164e045a51ecd77f9f26680ednd Username: <input type="text" name="httpd_username" value="" />
7e68fce3cbd2246164e045a51ecd77f9f26680ednd Password: <input type="password" name="httpd_password" value="" />
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <input type="submit" name="login" value="Login" />
7e68fce3cbd2246164e045a51ecd77f9f26680ednd</form>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>The part that does the actual login is handled by the <var>form-login-handler</var>.
7e68fce3cbd2246164e045a51ecd77f9f26680ednd The action of the form should point at this handler, which is configured within
7e68fce3cbd2246164e045a51ecd77f9f26680ednd Apache httpd as follows:</p>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<Location /dologin.html>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd SetHandler form-login-handler
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd AuthFormLoginRequiredLocation http://example.com/login.html
7e68fce3cbd2246164e045a51ecd77f9f26680ednd AuthFormLoginSuccessLocation http://example.com/success.html
66e48875fca2df6669dab4f2690ee36c6913c0ffnd AuthFormProvider file
7e68fce3cbd2246164e045a51ecd77f9f26680ednd AuthType form
7e68fce3cbd2246164e045a51ecd77f9f26680ednd AuthName realm
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd Session On
7e68fce3cbd2246164e045a51ecd77f9f26680ednd SessionCookieName session path=/
7e68fce3cbd2246164e045a51ecd77f9f26680ednd SessionCryptoPassphrase secret
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd</Location>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <p>The URLs specified by the
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive will typically
7e68fce3cbd2246164e045a51ecd77f9f26680ednd point to a page explaining to the user that their login attempt was unsuccessful, and they
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd should try again. The <code class="directive"><a href="#authformloginsuccesslocation">AuthFormLoginSuccessLocation</a></code>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd directive specifies the URL the user should be redirected to upon successful login.</p>
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd <p>Alternatively, the URL to redirect the user to on success can be embedded within the login
7e68fce3cbd2246164e045a51ecd77f9f26680ednd form, as in the example below. As a result, the same <var>form-login-handler</var> can be
7e68fce3cbd2246164e045a51ecd77f9f26680ednd reused for different areas of a website.</p>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <div class="example"><h3>Example login form with location</h3><pre class="prettyprint lang-html">
7e68fce3cbd2246164e045a51ecd77f9f26680ednd<form method="POST" action="/dologin.html">
7e68fce3cbd2246164e045a51ecd77f9f26680ednd Username: <input type="text" name="httpd_username" value="" />
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd Password: <input type="password" name="httpd_password" value="" />
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <input type="submit" name="login" value="Login" />
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <input type="hidden" name="httpd_location" value="http://example.com/success.html" />
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd</form>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
7e68fce3cbd2246164e045a51ecd77f9f26680ednd <p>A risk exists that under certain circumstances, the login form configured
7e68fce3cbd2246164e045a51ecd77f9f26680ednd using inline login may be submitted more than once, revealing login credentials to
7e68fce3cbd2246164e045a51ecd77f9f26680ednd the application running underneath. The administrator must ensure that the underlying
7e68fce3cbd2246164e045a51ecd77f9f26680ednd application is properly secured to prevent abuse. If in doubt, use the
29fb68cf24dbdb4985cbb4734cb6074ea4bbab26nd standalone login configuration.</p>
configure <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> to authenticate users inline, without being
<code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> that isn't configured with a
<code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive,
ErrorDocument 401 /login.shtml
AuthFormLoginRequiredLocation http://example.com/login.html
<code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> will intercept this POST request, and if
<h2><a name="inlinepreservebody" id="inlinepreservebody">Inline Login with Body Preservation</a></h2>
<p><code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> addresses this by allowing the method and body
<input type="hidden" name="httpd_body" value="name1=value1&name2=value2" /></strong><br />
<p>One option is to use the <code class="module"><a href="/mod/mod_include.html">mod_include</a></code> module along with the
<code class="directive"><a href="/mod/mod_request.html#keptbodysize">KeptBodySize</a></code> directive, along with a suitable
<code class="directive"><a href="#authformlogoutlocation">AuthFormLogoutLocation</a></code> directive,
AuthFormLogoutLocation http://example.com/loggedout.html
<code class="directive"><a href="/mod/mod_session.html#sessionmaxage">SessionMaxAge</a></code> directive to a small
AuthFormLogoutLocation http://example.com/loggedout.html
<div class="directive-section"><h2><a name="AuthFormAuthoritative" id="AuthFormAuthoritative">AuthFormAuthoritative</a> <a name="authformauthoritative" id="authformauthoritative">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization and authentication are passed to
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormAuthoritative On|Off</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthFormAuthoritative On</code></td></tr>
<p>Normally, each authorization module listed in <code class="directive"><a href="#authformprovider">AuthFormProvider</a></code> will attempt
combining <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> with third-party modules
that are not configured with the <code class="directive"><a href="#authformprovider">AuthFormProvider</a></code>
<div class="directive-section"><h2><a name="AuthFormBody" id="AuthFormBody">AuthFormBody</a> <a name="authformbody" id="authformbody">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying the body of the request to attempt on successful login</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormBody <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_body</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformmethod">AuthFormMethod</a></code> directive specifies
<div class="directive-section"><h2><a name="AuthFormDisableNoStore" id="AuthFormDisableNoStore">AuthFormDisableNoStore</a> <a name="authformdisablenostore" id="authformdisablenostore">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Disable the CacheControl no-store header on the login page</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormDisableNoStore <var>On|Off</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthFormDisableNoStore Off</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformdisablenostore">AuthFormDisableNoStore</a></code> flag
<div class="directive-section"><h2><a name="AuthFormFakeBasicAuth" id="AuthFormFakeBasicAuth">AuthFormFakeBasicAuth</a> <a name="authformfakebasicauth" id="authformfakebasicauth">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Fake a Basic Authentication header</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormFakeBasicAuth <var>On|Off</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthFormFakeBasicAuth Off</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformfakebasicauth">AuthFormFakeBasicAuth</a></code> flag
<div class="directive-section"><h2><a name="AuthFormLocation" id="AuthFormLocation">AuthFormLocation</a> <a name="authformlocation" id="authformlocation">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying a URL to redirect to on successful login</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormLocation <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_location</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformlocation">AuthFormLocation</a></code> directive specifies
<div class="directive-section"><h2><a name="AuthFormLoginRequiredLocation" id="AuthFormLoginRequiredLocation">AuthFormLoginRequiredLocation</a> <a name="authformloginrequiredlocation" id="authformloginrequiredlocation">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL of the page to be redirected to should login be required</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormLoginRequiredLocation <var>url</var></code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive
<code class="directive"><a href="/mod/core.html#errordocument">ErrorDocument</a></code> directive. This directive overrides this
<div class="directive-section"><h2><a name="AuthFormLoginSuccessLocation" id="AuthFormLoginSuccessLocation">AuthFormLoginSuccessLocation</a> <a name="authformloginsuccesslocation" id="authformloginsuccesslocation">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL of the page to be redirected to should login be successful</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormLoginSuccessLocation <var>url</var></code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformloginsuccesslocation">AuthFormLoginSuccessLocation</a></code> directive
<div class="directive-section"><h2><a name="AuthFormLogoutLocation" id="AuthFormLogoutLocation">AuthFormLogoutLocation</a> <a name="authformlogoutlocation" id="authformlogoutlocation">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL to redirect to after a user has logged out</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormLogoutLocation <var>uri</var></code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformlogoutlocation">AuthFormLogoutLocation</a></code> directive
AuthFormLogoutLocation http://example.com/loggedout.html
<div class="directive-section"><h2><a name="AuthFormMethod" id="AuthFormMethod">AuthFormMethod</a> <a name="authformmethod" id="authformmethod">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying the method of the request to attempt on successful login</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormMethod <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_method</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformmethod">AuthFormMethod</a></code> directive specifies
<div class="directive-section"><h2><a name="AuthFormMimetype" id="AuthFormMimetype">AuthFormMimetype</a> <a name="authformmimetype" id="authformmimetype">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying the mimetype of the body of the request to attempt on successful login</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormMimetype <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_mimetype</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformmethod">AuthFormMethod</a></code> directive specifies
<div class="directive-section"><h2><a name="AuthFormPassword" id="AuthFormPassword">AuthFormPassword</a> <a name="authformpassword" id="authformpassword">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying the login password</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormPassword <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_password</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformpassword">AuthFormPassword</a></code> directive specifies
<div class="directive-section"><h2><a name="AuthFormProvider" id="AuthFormProvider">AuthFormProvider</a> <a name="authformprovider" id="authformprovider">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormProvider <var>provider-name</var>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthFormProvider file</code></td></tr>
by the <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
<p>Providers are implemented by <code class="module"><a href="/mod/mod_authn_dbm.html">mod_authn_dbm</a></code>,
<code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code>, <code class="module"><a href="/mod/mod_authn_dbd.html">mod_authn_dbd</a></code>,
<code class="module"><a href="/mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> and <code class="module"><a href="/mod/mod_authn_socache.html">mod_authn_socache</a></code>.</p>
<div class="directive-section"><h2><a name="AuthFormSitePassphrase" id="AuthFormSitePassphrase">AuthFormSitePassphrase</a> <a name="authformsitepassphrase" id="authformsitepassphrase">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Bypass authentication checks for high traffic sites</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormSitePassphrase <var>secret</var></code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformsitepassphrase">AuthFormSitePassphrase</a></code> directive
<code class="module"><a href="/mod/mod_session_cookie.html">mod_session_cookie</a></code>, and the session is not protected with
<code class="module"><a href="/mod/mod_session_crypto.html">mod_session_crypto</a></code>, the passphrase is open to potential exposure
<div class="directive-section"><h2><a name="AuthFormSize" id="AuthFormSize">AuthFormSize</a> <a name="authformsize" id="authformsize">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The largest size of the form in bytes that will be parsed for the login details</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormBody <var>size</var></code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<code class="directive"><a href="#authformbody">AuthFormBody</a></code>, you probably want to set this
field to a similar size as the <code class="directive"><a href="/mod/mod_request.html#keptbodysize">KeptBodySize</a></code>
<div class="directive-section"><h2><a name="AuthFormUsername" id="AuthFormUsername">AuthFormUsername</a> <a name="authformusername" id="authformusername">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The name of a form field carrying the login username</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthFormUsername <var>fieldname</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>httpd_username</code></td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.3.0 and later</td></tr>
<p>The <code class="directive"><a href="#authformusername">AuthFormUsername</a></code> directive specifies
<p><span>Available Languages: </span><a href="/en/mod/mod_auth_form.html" title="English"> en </a></p>
</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_auth_form.html';
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--