Add note on special character handling with FakeBasicAuth.

author Joe Orton <jorton@apache.org>

Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)

committer Joe Orton <jorton@apache.org>

Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)
author Joe Orton <jorton@apache.org>
Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)
committer Joe Orton <jorton@apache.org>
Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml

index c13db2c655f9b209c5563846389d417219eccd58..fc94cc298efd5d2d5a1650d1a6050d300a389ada 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1473,6 +1473,13 @@ The available <em>option</em>s are:</p>
      directive within <module>mod_auth_basic</module> can be used as a more
      general mechanism for faking basic authentication, giving control over the
      structure of both the username and password.</p>
+
+    <note type="warning">
+      <p>The usernames used for <code>FakeBasicAuth</code> must not
+      include any non-ASCII characters, ASCII escape characters (such
+      a newline), or a colon.  If a colon is found, a 403 Forbidden
+      error will be generated with httpd 2.5.1 and later.</p>
+    </note>
  </li>
  <li><code>StrictRequire</code>
      <p>
author	Joe Orton <jorton@apache.org>
	Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 17 Nov 2017 17:24:27 +0000 (17:24 +0000)