Documentation

http-basic-auth

HTTP Basic Authentication directive for HTTP server handlers

http-basic-auth

Validates HTTP Basic Authentication credentials by comparing the password from the HTTP Authorization header against user data retrieved from a backend.

Context

Valid inside authentication blocks for HTTP server handlers only. The HTTP server automatically extracts credentials from the Authorization: Basic header and populates aaa.identity and http.authorization.password before the authentication block runs.

Basic Syntax

authentication {
    # User and password (hash) lookup
    backend {
        name "USERS";
        query "FIND_USER";
    }
    # Validation
    http-basic-auth;
}

Behavior

The action compares http.authorization.password (from the HTTP request) against user.password (from the backend). It has three possible outcomes:

  1. Accept - Passwords match, authentication succeeds (HTTP 200 or continues to next action)
  2. Reject - Passwords don't match, authentication fails (HTTP 403 Forbidden)
  3. Ignore - No Authorization header present, passes through (allows public access)

Required context variables:

  • aaa.identity - Set automatically by HTTP server from Authorization header username
  • http.authorization.password - Set automatically by HTTP server from Authorization header password
  • user.password - Retrieved from backend for comparison

Backend mapping for user identification works the same as pap.

  • pap - PAP authentication for RADIUS

See Also

Navigation
Home
Related