From: Joe Orton <jorton@apache.org>
Date: Fri, 17 Nov 2017 17:24:27 +0000 (+0000)
Subject: Add note on special character handling with FakeBasicAuth.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8440a7dbd7b2a3b30f21028a197255abd5c906e4;p=apache

Add note on special character handling with FakeBasicAuth.

PR: 52644


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1815599 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index c13db2c655..fc94cc298e 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1473,6 +1473,13 @@ The available <em>option</em>s are:</p>
     directive within <module>mod_auth_basic</module> can be used as a more
     general mechanism for faking basic authentication, giving control over the
     structure of both the username and password.</p>
+
+    <note type="warning">
+      <p>The usernames used for <code>FakeBasicAuth</code> must not
+      include any non-ASCII characters, ASCII escape characters (such
+      a newline), or a colon.  If a colon is found, a 403 Forbidden
+      error will be generated with httpd 2.5.1 and later.</p>
+    </note>
 </li>
 <li><code>StrictRequire</code>
     <p>