This project is not covered by Drupal’s security advisory policy.


The 6.x branch of this module is deprecated in favour of the Secure Site module version 6.x-2.1 and up. Please read #354219: Add 'Only force authentication on the following restricted pages' setting before migrating.


This module allows users to authenticate using HTTP authentication.

What it does:

  • Accept - but not force - HTTP authentication on the whole website.
  • For anonymous users, force HTTP authentication when an Access denied page is shown on configured pages. (This will not work if you use a custom access denied page.)
  • Force HTTP authentication when authenticate is in the query string (e.g. This is handy for reading RSS feeds that contain more items if authenticated in your favourite news reader (the latter must support HTTP authentication, but doesn't necessarily need to support cookies).

What it doesn't do:

  • Secure (parts of) your website. In that case you should take a look at the Secure Site module.

If you are running PHP in CGI, please check out issue #97663.

Project Information