...
Space-delimited list of Apache AuthTypes (unused otherwise) to process as though they were “shibboleth”, which is always included and is the default AuthType the module processes.
unsetHeaderValue = foo
Causes “unset” variables to carry a designated value instead of being “cleared/unset”.
checkSpoofing = true | false
Must be enabled if headers are used, enables logic that tries to detect header spoofing/smuggling while not causing false positives on internal sub-requests.
spoofKey = <random value>
Instead of a random value being generated internally, uses a specified random value to detect header spoofing/smuggling.
catchAll = true | false
Whether to try and catch all C++ runtime exceptions or only “known” exceptions. Failure to catch an exception terminates a process with prejudice.
[extensions]
<pathname> = true | false
...