Bug 66341: Note that HttpProtocolOptions Strict blocks credentials in FTP proxy URLs

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933682 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_proxy_ftp.xml b/docs/manual/mod/mod_proxy_ftp.xml
index 476b91abe3de244ca12697a0bd7f74bce38da58e..be6aec914a60870cfb83f458e5ff47271536efeb 100644 (file)
--- a/docs/manual/mod/mod_proxy_ftp.xml
+++ b/docs/manual/mod/mod_proxy_ftp.xml
@@ -122,6 +122,14 @@ ForceType application/octet-stream
         ftp://<var>username</var>@<var>host</var>/myfile
       </example>
 
+      <note><title>HttpProtocolOptions</title>
+        <p>By default, <directive module="core"
+        >HttpProtocolOptions</directive> is set to <code>Strict</code>,
+        which rejects URLs containing userinfo (username or password)
+        per RFC 7230.  To use credentials in FTP URLs, you must set
+        <code>HttpProtocolOptions Unsafe</code>.</p>
+      </note>
+
       <p>If the FTP server asks for a password when given this username (which
       it should), then Apache will reply with a <code>401</code> (Authorization
       required) response, which causes the Browser to pop up the