HTTP-AUTH

HTTP-AUTH is a browser based method of authentication. It is available in versions from 1.11.0a once the [[System Administration#site.auth|site.auth] system variable is set to "http".

Why NOT to use HTTP-AUTH

The biggest problem with HTTP-AUTH is the lack of a standardised way to get a browser to logout of the system. There are numerous bodges or workarounds but these don't work consistently in different browsers.

For this reason FreeNATS will just display a message informing you of this fact and destroying the session when you select logoff. If you attempt to access FreeNATS again while the browser has your username/password cached it will still just log you back in.

Credentials in the URL

With HTTP-AUTH it always used to be possible to authenticate within the URL with the form of http://username:password@www.somesite.com/.

However Internet Explorer for one now no longer supports these URLs.

If you are using a browser or access system that allows them then you can use the URL-based credentials but you must use them against the document root only (e.g. http://username:password@server.com/freenats/ NOT http://username:password@server.com/freenats/somepage.php).

If you really want to encode credentials in the URL you are much better to use direct logins and encode them and the destination page in the URL query string.

Bypass HTTP-AUTH

If for some reason you have enabled HTTP-AUTH but are experiencing difficulties and so can't get into the admin interface to disable it just pass the variable auth=basic to the main page.