<title>Apache module mod_auth_anon.c</title>
<h3>Apache HTTP Server Version 1.3</h3>
<h1 align="CENTER">Module mod_auth_anon</h1>
This module allows "anonymous" user access to authenticated
<p><a href="module-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="module-dict.html#SourceFile"
rel="Help"><strong>Source File:</strong></a>
mod_auth_anon.c<br />
<a href="module-dict.html#ModuleIdentifier"
rel="Help"><strong>Module Identifier:</strong></a>
anon_auth_module<br />
<a href="module-dict.html#Compatibility"
rel="Help"><strong>Compatibility:</strong></a> Available in
Apache 1.1 and later.</p>
<p>This module does access control in a manner similar to
anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
<p>Combined with other (database) access control methods, this
allows for effective user tracking and customization according
to a user profile while still keeping the site open for
'unregistered' users. One advantage of using Auth-based user
tracking is that, unlike magic-cookies and funny URL
pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
<h2><a id="Directives" name="Directives">Directives</a></h2>
<li><a href="#anonymous">Anonymous</a></li>
<li><a href="#Authoritative">Anonymous_Authoritative</a></li>
<li><a href="#LogEmail">Anonymous_LogEmail</a></li>
<li><a href="#MustGiveEmail">Anonymous_MustGiveEmail</a></li>
<li><a href="#NoUserID">Anonymous_NoUserID</a></li>
<li><a href="#VerifyEmail">Anonymous_VerifyEmail</a></li>
<h2><a id="Example" name="Example">Example</a></h2>
The example below (when combined with the Auth directives of a
htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
control system allows users in as 'guests' with the following
<li>It insists that the user enters a userId.
<li>It insists that the user enters a password.
<li>The password entered must be a valid email address, ie.
contain at least one '@' and a '.'.
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
<li>And the Email addresses entered in the passwd field are
logged to the error log file
<p>Excerpt of access.conf:</p>
Anonymous_NoUserId off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType basic
# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
# directive must be specified, or use
# Anonymous_Authoritative for public access.
# In the .htaccess for the public directory, add:
&lt;Files *&gt;
Order Deny,Allow
Allow from all
Require valid-user
<h2><a id="anonymous" name="anonymous">Anonymous
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous <em>user</em>
[<em>user</em>] ...<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> none<br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>A list of one or more 'magic' userIDs which are allowed
access without password verification. The userIDs are space
separated. It is possible to use the ' and " quotes to allow a
space in a userID as well as the \ escape character.</p>
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
I strongly suggest that the magic username
'<code>anonymous</code>' is always one of the allowed
<p>Example:<br />
<code>Anonymous anonymous "Not Registered" 'I don\'t
<p>This would allow the user to enter without password
verification by using the userId's 'anonymous',
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
<h2><a id="Authoritative"
name="Authoritative">Anonymous_Authoritative directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_Authoritative
on|off<br />
<a href="directive-dict.html#Default"
<code>Anonymous_Authoritative off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', there is no fall-through to other
authorization methods. So if a userID does not match the values
specified in the <code>Anonymous</code> directive, access is
<p>Be sure you know what you are doing when you decide to
switch it on. And remember that it is the linking order of the
modules (in the Configuration / Make file) which details the
order in which the Authorization modules are queried.</p>
<h2><a id="LogEmail" name="LogEmail">Anonymous_LogEmail
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_LogEmail
on|off<br />
<a href="directive-dict.html#Default"
<code>Anonymous_LogEmail on</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', the default, the 'password' entered (which
hopefully contains a sensible email address) is logged in the
error log.</p>
<h2><a id="MustGiveEmail"
name="MustGiveEmail">Anonymous_MustGiveEmail directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_MustGiveEmail
on|off<br />
<a href="directive-dict.html#Default"
<code>Anonymous_MustGiveEmail on</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>Specifies whether the user must specify an email address as
the password. This prohibits blank passwords.</p>
<h2><a id="NoUserID" name="NoUserID">Anonymous_NoUserID
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_NoUserID
on|off<br />
<a href="directive-dict.html#Default"
<code>Anonymous_NoUserID off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', users can leave the userID (and perhaps the
password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on
the OK button; which seems a natural reaction.</p>
<h2><a id="VerifyEmail"
name="VerifyEmail">Anonymous_VerifyEmail directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_VerifyEmail
on|off<br />
<a href="directive-dict.html#Default"
<code>Anonymous_VerifyEmail off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on' the 'password' entered is checked for at least
one '@' and a '.' to encourage users to enter valid email
addresses (see the above <code>Auth_LogEmail</code>).
