Browse Source
Set auth.extern-authn = "enable" to check REMOTE_USER (if set) against require rules, and proceed if allowed. If REMOTE_USER is not present, or the require rules do not match, then check configured auth scheme. REMOTE_USER might be set by another module, e.g. mod_openssl client cert verification and REMOTE_USER configured with ssl.verifyclient.username) x-ref: "[mod_auth] allow SSL clientcert authenticated users to bypass AUTH" https://redmine.lighttpd.net/issues/2481personal/stbuehler/mod-csrf
1 changed files with 12 additions and 0 deletions
Loading…
Reference in new issue