Bug 52852

Summary: A wrong example is given in the manual of "mod_authn_anon". Plz correct it. Thx
Product: Apache httpd-2 Reporter: Tianyin Xu <tixu>
Component: DocumentationAssignee: HTTP Server Documentation List <docs>
Status: RESOLVED FIXED    
Severity: normal CC: tixu
Priority: P2 Keywords: FixedInTrunk
Version: 2.4.1   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Tianyin Xu 2012-03-08 01:32:47 UTC
Hi, 

The only example given in mod_authn_anon is incorrect:

please check http://httpd.apache.org/docs/2.4/mod/mod_authn_anon.html 
the example is as follows:

<Directory /var/www/html/private>
AuthName "Use 'anonymous' & Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd

Anonymous_NoUserID off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome

Require all granted

Require valid-user
</Directory>

If you configure Apache like this, you are never required to input an anonymous account as well as the email.

The problem is due to the conf entry "Require all granted".

"When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like <RequireAll>, they are implicitly contained within a <RequireAny> directive. Thus the first one to authorize a user authorizes the entire request, and subsequent Require directives are ignored."

Please delete that conf entry.

Thanks!!
Comment 1 Igor Galić 2012-03-08 11:59:08 UTC
Fixed in trunk in r1298353
Haven't seen it update yet, though.