1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
4 <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
7 This file is generated from xml source: DO NOT EDIT
8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
10 <title>mod_authnz_fcgi - Apache HTTP Server Version 2.5</title>
11 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
12 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
13 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
14 <script src="../style/scripts/prettify.min.js" type="text/javascript">
17 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
19 <div id="page-header">
20 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
21 <p class="apache">Apache HTTP Server Version 2.5</p>
22 <img alt="" src="../images/feather.png" /></div>
23 <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
25 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
26 <div id="page-content">
27 <div id="preamble"><h1>Apache Module mod_authnz_fcgi</h1>
29 <p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p>
31 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Allows a FastCGI authorizer application to handle Apache
32 httpd authentication and authorization</td></tr>
33 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
34 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authnz_fcgi_module</td></tr>
35 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authnz_fcgi.c</td></tr>
36 <tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.10 and later</td></tr></table>
39 <p>This module allows FastCGI authorizer applications to
40 authenticate users and authorize access to resources. It supports
41 generic FastCGI authorizers which participate in a single phase
42 for authentication and authorization as well as Apache httpd-specific
43 authenticators and authorizors which participate in one or both
46 <p>FastCGI authorizers can authenticate using user id and password,
47 such as for Basic authentication, or can authenticate using arbitrary
50 <div id="quickview"><h3>Topics</h3>
52 <li><img alt="" src="../images/down.gif" /> <a href="#invocations">Invocation modes</a></li>
53 <li><img alt="" src="../images/down.gif" /> <a href="#examples">Additional examples</a></li>
54 <li><img alt="" src="../images/down.gif" /> <a href="#limitations">Limitations</a></li>
55 <li><img alt="" src="../images/down.gif" /> <a href="#logging">Logging</a></li>
56 </ul><h3 class="directives">Directives</h3>
58 <li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></li>
59 <li><img alt="" src="../images/down.gif" /> <a href="#authnzfcgidefineprovider">AuthnzFcgiDefineProvider</a></li>
61 <h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_authnz_fcgi">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_authnz_fcgi">Report a bug</a></li></ul><h3>See also</h3>
63 <li><a href="../howto/auth.html">Authentication, Authorization,
64 and Access Control</a></li>
65 <li><code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code></li>
66 <li><code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code></li>
67 <li><code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code></li>
68 </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
69 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
71 <h2><a name="invocations" id="invocations">Invocation modes</a></h2>
73 <p>The invocation modes for FastCGI authorizers supported by this
74 module are distinguished by two characteristics, <em>type</em> and
75 auth <em>mechanism</em>.</p>
77 <p><em>Type</em> is simply <code>authn</code> for authentication,
78 <code>authz</code> for authorization, or <code>authnz</code> for
79 combined authentication and authorization.</p>
81 <p>Auth <em>mechanism</em> refers to the Apache httpd configuration
82 mechanisms and processing phases, and can be <code>
83 AuthBasicProvider</code>, <code>Require</code>, or <code>
84 check_user_id</code>. The first two of these
85 correspond to the directives used to enable participation in the
86 appropriate processing phase.</p>
88 <p>Descriptions of each mode:</p>
91 <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
92 <code>AuthBasicProvider</code></dt>
95 <code>FCGI_ROLE</code> is set to <code>AUTHORIZER</code> and
96 <code>FCGI_APACHE_ROLE</code> is set to <code>AUTHENTICATOR</code>.
97 The application must be defined as provider type <em>authn</em>
98 using <code class="directive"><a href="#authnzfcgidefineprovider">
99 AuthnzFcgiDefineProvider</a></code> and enabled with
100 <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
101 When invoked, the application is
102 expected to authenticate the client using the provided user id and
103 password. Example application:
105 <pre class="prettyprint lang-perl">#!/usr/bin/perl
107 my $request = FCGI::Request();
108 while ($request->Accept() >= 0) {
109 die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
110 die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
111 die if !$ENV{'REMOTE_PASSWD'};
112 die if !$ENV{'REMOTE_USER'};
114 print STDERR "This text is written to the web server error log.\n";
116 if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
117 $ENV{'REMOTE_PASSWD'} eq "bar" ) {
118 print "Status: 200\n";
119 print "Variable-AUTHN_1: authn_01\n";
120 print "Variable-AUTHN_2: authn_02\n";
124 print "Status: 401\n\n";
129 Example configuration:
130 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
131 <Location "/protected/">
133 AuthName "Restricted"
134 AuthBasicProvider FooAuthn
136 </Location></pre>
140 <dt><em>Type</em> <code>authz</code>, <em>mechanism</em>
141 <code>Require</code></dt>
142 <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
143 AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
144 <code>AUTHORIZER</code>. The application must be defined as
145 provider type <em>authz</em> using <code class="directive"><a href="#authnzfcgidefineprovider">
146 AuthnzFcgiDefineProvider</a></code>. When invoked, the application
147 is expected to authorize the client using the provided user id and other
148 request data. Example application:
149 <pre class="prettyprint lang-perl">#!/usr/bin/perl
151 my $request = FCGI::Request();
152 while ($request->Accept() >= 0) {
153 die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER";
154 die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
155 die if $ENV{'REMOTE_PASSWD'};
157 print STDERR "This text is written to the web server error log.\n";
159 if ($ENV{'REMOTE_USER'} eq "foo1") {
160 print "Status: 200\n";
161 print "Variable-AUTHZ_1: authz_01\n";
162 print "Variable-AUTHZ_2: authz_02\n";
166 print "Status: 403\n\n";
171 Example configuration:
172 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/
173 <Location "/protected/">
176 AuthBasicProvider ...
178 </Location></pre>
182 <dt><em>Type</em> <code>authnz</code>, <em>mechanism</em>
183 <code>AuthBasicProvider</code> <em>+</em> <code>Require</code></dt>
185 <dd>In this mode, which supports the web server-agnostic FastCGI
186 <code>AUTHORIZER</code> protocol, <code>FCGI_ROLE</code> is set to
187 <code>AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is not set.
188 The application must be defined as provider type <em>authnz</em>
189 using <code class="directive"><a href="#authnzfcgidefineprovider">
190 AuthnzFcgiDefineProvider</a></code>. The application is expected to
191 handle both authentication and authorization in the same invocation
192 using the user id, password, and other request data. The invocation
193 occurs during the Apache httpd API authentication phase. If the
194 application returns 200 and the same provider is invoked during the
195 authorization phase (via <code class="directive">Require</code>), mod_authnz_fcgi
196 will return success for the authorization phase without invoking the
197 application. Example application:
198 <pre class="prettyprint lang-perl">#!/usr/bin/perl
200 my $request = FCGI::Request();
201 while ($request->Accept() >= 0) {
202 die if $ENV{'FCGI_APACHE_ROLE'};
203 die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
204 die if !$ENV{'REMOTE_PASSWD'};
205 die if !$ENV{'REMOTE_USER'};
207 print STDERR "This text is written to the web server error log.\n";
209 if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
210 $ENV{'REMOTE_PASSWD'} eq "bar" &&
211 $ENV{'REQUEST_URI'} =~ m%/bar/.*%) {
212 print "Status: 200\n";
213 print "Variable-AUTHNZ_1: authnz_01\n";
214 print "Variable-AUTHNZ_2: authnz_02\n";
218 print "Status: 401\n\n";
223 Example configuration:
224 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
225 <Location "/protected/">
227 AuthName "Restricted"
228 AuthBasicProvider FooAuthnz
230 </Location></pre>
234 <dt><em>Type</em> <code>authn</code>, <em>mechanism</em>
235 <code>check_user_id</code></dt>
237 <dd>In this mode, <code>FCGI_ROLE</code> is set to <code>
238 AUTHORIZER</code> and <code>FCGI_APACHE_ROLE</code> is set to
239 <code>AUTHENTICATOR</code>. The application must be defined as
240 provider type <em>authn</em> using <code class="directive"><a href="#authnzfcgidefineprovider">
241 AuthnzFcgiDefineProvider</a></code>. <code class="directive"><a href="#authnzfcgicheckauthnprovider">AuthnzFcgiCheckAuthnProvider</a></code>
242 specifies when it is called. Example application:
243 <pre class="prettyprint lang-perl">#!/usr/bin/perl
245 my $request = FCGI::Request();
246 while ($request->Accept() >= 0) {
247 die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
248 die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
250 # This authorizer assumes that the RequireBasicAuth option of
251 # AuthnzFcgiCheckAuthnProvider is On:
252 die if !$ENV{'REMOTE_PASSWD'};
253 die if !$ENV{'REMOTE_USER'};
255 print STDERR "This text is written to the web server error log.\n";
257 if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
258 $ENV{'REMOTE_PASSWD'} eq "bar" ) {
259 print "Status: 200\n";
260 print "Variable-AUTHNZ_1: authnz_01\n";
261 print "Variable-AUTHNZ_2: authnz_02\n";
265 print "Status: 401\n\n";
266 # If a response body is written here, it will be returned to
272 Example configuration:
273 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/
274 <Location "/protected/">
277 AuthnzFcgiCheckAuthnProvider FooAuthn \
279 RequireBasicAuth Off \
280 UserExpr "%{reqenv:REMOTE_USER}"
282 </Location></pre>
288 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
289 <div class="section">
290 <h2><a name="examples" id="examples">Additional examples</a></h2>
293 <li>If your application supports the separate authentication and
294 authorization roles (<code>AUTHENTICATOR</code> and <code>AUTHORIZER</code>), define
295 separate providers as follows, even if they map to the same
298 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
299 AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10102/</pre>
302 Specify the authn provider on
303 <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
304 and the authz provider on
305 <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>:
307 <pre class="prettyprint lang-config">AuthType Basic
308 AuthName "Restricted"
309 AuthBasicProvider FooAuthn
310 Require FooAuthz</pre>
314 <li>If your application supports the generic <code>AUTHORIZER</code> role
315 (authentication and authorizer in one invocation), define a
316 single provider as follows:
318 <pre class="prettyprint lang-config">AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/</pre>
321 Specify the authnz provider on both <code class="directive">AuthBasicProvider</code>
322 and <code class="directive">Require</code>:
324 <pre class="prettyprint lang-config">AuthType Basic
325 AuthName "Restricted"
326 AuthBasicProvider FooAuthnz
327 Require FooAuthnz</pre>
331 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
332 <div class="section">
333 <h2><a name="limitations" id="limitations">Limitations</a></h2>
335 <p>The following are potential features which are not currently
339 <dt>Apache httpd access checker</dt>
340 <dd>The Apache httpd API <em>access check</em> phase is a separate
341 phase from authentication and authorization. Some other FastCGI
342 implementations implement this phase, which is denoted by the
343 setting of <code>FCGI_APACHE_ROLE</code> to <code>ACCESS_CHECKER</code>.</dd>
345 <dt>Local (Unix) sockets or pipes</dt>
346 <dd>Only TCP sockets are currently supported.</dd>
348 <dt>Support for mod_authn_socache</dt>
349 <dd>mod_authn_socache interaction should be implemented for
350 applications which participate in Apache httpd-style
353 <dt>Support for digest authentication using AuthDigestProvider</dt>
354 <dd>This is expected to be a permanent limitation as there is
355 no authorizer flow for retrieving a hash.</dd>
357 <dt>Application process management</dt>
358 <dd>This is expected to be permanently out of scope for
359 this module. Application processes must be controlled by
360 other means. For example, <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code> can be used to
363 <dt>AP_AUTH_INTERNAL_PER_URI</dt>
364 <dd>All providers are currently registered as
365 AP_AUTH_INTERNAL_PER_CONF, which means that checks are not
366 performed again for internal subrequests with the same
367 access control configuration as the initial request.</dd>
369 <dt>Protocol data charset conversion</dt>
370 <dd>If mod_authnz_fcgi runs in an EBCDIC compilation
371 environment, all FastCGI protocol data is written in EBCDIC
372 and expected to be received in EBCDIC.</dd>
374 <dt>Multiple requests per connection</dt>
375 <dd>Currently the connection to the FastCGI authorizer is
376 closed after every phase of processing. For example, if the
377 authorizer handles separate <em>authn</em> and <em>authz</em>
378 phases then two connections will be used.</dd>
381 <dd>URIs from clients can't be mapped, such as with the <code class="directive">
382 ProxyPass</code> used with FastCGI responders.</dd>
386 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
387 <div class="section">
388 <h2><a name="logging" id="logging">Logging</a></h2>
391 <li>Processing errors are logged at log level <code>error</code>
393 <li>Messages written by the application are logged at log
394 level <code>warn</code>.</li>
395 <li>General messages for debugging are logged at log level
396 <code>debug</code>.</li>
397 <li>Environment variables passed to the application are
398 logged at log level <code>trace2</code>. The value of the
399 <code>REMOTE_PASSWD</code> variable will be obscured,
400 but <strong>any other sensitive data will be visible in the
402 <li>All I/O between the module and the FastCGI application,
403 including all environment variables, will be logged in printable
404 and hex format at log level <code>trace5</code>. <strong>All
405 sensitive data will be visible in the log.</strong></li>
408 <p><code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> can be used
409 to configure a log level specific to mod_authnz_fcgi. For
412 <pre class="prettyprint lang-config">LogLevel info authnz_fcgi:trace8</pre>
416 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
417 <div class="directive-section"><h2><a name="AuthnzFcgiCheckAuthnProvider" id="AuthnzFcgiCheckAuthnProvider">AuthnzFcgiCheckAuthnProvider</a> <a name="authnzfcgicheckauthnprovider" id="authnzfcgicheckauthnprovider">Directive</a></h2>
418 <table class="directive">
419 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables a FastCGI application to handle the check_authn
420 authentication hook.</td></tr>
421 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiCheckAuthnProvider <em>provider-name</em>|<code>None</code>
422 <em>option</em> ...</code></td></tr>
423 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
424 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
425 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
426 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr>
428 <p>This directive is used to enable a FastCGI authorizer to
429 handle a specific processing phase of authentication or
432 <p>Some capabilities of FastCGI authorizers require enablement
433 using this directive instead of
434 <code class="directive">AuthBasicProvider</code>:</p>
437 <li>Non-Basic authentication; generally, determining the user
438 id of the client and returning it from the authorizer; see the
439 <code>UserExpr</code> option below</li>
440 <li>Selecting a custom response code; for a non-200 response
441 from the authorizer, the code from the authorizer will be the
442 status of the response</li>
443 <li>Setting the body of a non-200 response; if the authorizer
444 provides a response body with a non-200 response, that body
445 will be returned to the client; up to 8192 bytes of text are
450 <dt><em>provider-name</em></dt>
451 <dd>This is the name of a provider defined with <code class="directive">
452 AuthnzFcgiDefineProvider</code>.</dd>
454 <dt><code>None</code></dt>
455 <dd>Specify <code>None</code> to disable a provider enabled
456 with this directive in an outer scope, such as in a parent
459 <dt><em>option</em></dt>
460 <dd>The following options are supported:
463 <dt>Authoritative On|Off (default On)</dt>
464 <dd>This controls whether or not other modules are allowed
465 to run when this module has a FastCGI authorizer configured
466 and it fails the request.</dd>
468 <dt>DefaultUser <em>userid</em></dt>
469 <dd>When the authorizer returns success and <code>UserExpr</code>
470 is configured and evaluates to an empty string (e.g., authorizer
471 didn't return a variable), this value will be used as the user
472 id. This is typically used when the authorizer has a concept of
473 guest, or unauthenticated, users and guest users are mapped to
474 some specific user id for logging and other purposes.</dd>
476 <dt>RequireBasicAuth On|Off (default Off)</dt>
477 <dd>This controls whether or not Basic auth is required
478 before passing the request to the authorizer. If required,
479 the authorizer won't be invoked without a user id and
480 password; 401 will be returned for a request without that.</dd>
482 <dt>UserExpr <em>expr</em> (no default)</dt>
483 <dd>When Basic authentication isn't provided by the client
484 and the authorizer determines the user, this expression,
485 evaluated after calling the authorizer, determines the
486 user. The expression follows <a href="../expr.html">
487 ap_expr syntax</a> and must resolve to a string. A typical
488 use is to reference a <code>Variable-<em>XXX</em></code>
489 setting returned by the authorizer using an option like
490 <code>UserExpr "%{reqenv:<em>XXX</em>}"</code>. If
491 this option is specified and the user id can't be retrieved
492 using the expression after a successful authentication, the
493 request will be rejected with a 500 error.</dd>
500 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
501 <div class="directive-section"><h2><a name="AuthnzFcgiDefineProvider" id="AuthnzFcgiDefineProvider">AuthnzFcgiDefineProvider</a> <a name="authnzfcgidefineprovider" id="authnzfcgidefineprovider">Directive</a></h2>
502 <table class="directive">
503 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines a FastCGI application as a provider for
504 authentication and/or authorization</td></tr>
505 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthnzFcgiDefineProvider <em>type</em> <em>provider-name</em>
506 <em>backend-address</em></code></td></tr>
507 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
508 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
509 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
510 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_fcgi</td></tr>
512 <p>This directive is used to define a FastCGI application as
513 a provider for a particular phase of authentication or
517 <dt><em>type</em></dt>
518 <dd>This must be set to <em>authn</em> for authentication,
519 <em>authz</em> for authorization, or <em>authnz</em> for
520 a generic FastCGI authorizer which performs both checks.</dd>
522 <dt><em>provider-name</em></dt>
523 <dd>This is used to assign a name to the provider which is
524 used in other directives such as
525 <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
527 <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code>.</dd>
529 <dt><em>backend-address</em></dt>
530 <dd>This specifies the address of the application, in the form
531 <em>fcgi://hostname:port/</em>. The application process(es)
532 must be managed independently, such as with
533 <code class="program"><a href="../programs/fcgistarter.html">fcgistarter</a></code>.</dd>
538 <div class="bottomlang">
539 <p><span>Available Languages: </span><a href="../en/mod/mod_authnz_fcgi.html" title="English"> en </a></p>
540 </div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
541 <script type="text/javascript"><!--//--><![CDATA[//><!--
542 var comments_shortname = 'httpd';
543 var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authnz_fcgi.html';
545 if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
546 d.write('<div id="comments_thread"><\/div>');
547 var s = d.createElement('script');
548 s.type = 'text/javascript';
550 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
551 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
554 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
556 })(window, document);
557 //--><!]]></script></div><div id="footer">
558 <p class="apache">Copyright 2016 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
559 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
560 if (typeof(prettyPrint) !== 'undefined') {