Bug 52852 - A wrong example is given in the manual of "mod_authn_anon". Plz correct it. Thx
Summary: A wrong example is given in the manual of "mod_authn_anon". Plz correct it. Thx
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.4.1
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2012-03-08 01:32 UTC by Tianyin Xu
Modified: 2012-03-08 11:59 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tianyin Xu 2012-03-08 01:32:47 UTC 
Hi, 

The only example given in mod_authn_anon is incorrect:

please check http://httpd.apache.org/docs/2.4/mod/mod_authn_anon.html 
the example is as follows:

<Directory /var/www/html/private>
AuthName "Use 'anonymous' & Email address for guest entry"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd

Anonymous_NoUserID off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome

Require all granted

Require valid-user
</Directory>

If you configure Apache like this, you are never required to input an anonymous account as well as the email.

The problem is due to the conf entry "Require all granted".

"When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like <RequireAll>, they are implicitly contained within a <RequireAny> directive. Thus the first one to authorize a user authorizes the entire request, and subsequent Require directives are ignored."

Please delete that conf entry.

Thanks!!
Comment 1 Mina Galić 2012-03-08 11:59:08 UTC 
Fixed in trunk in r1298353
Haven't seen it update yet, though.