htaccess 从基本身份验证中排除多个 url
[英]htaccess exclude multiple url from Basic Auth
问题描述
Hi i need to protect my app during the testing phase.
嗨,我需要在测试阶段保护我的应用程序。
I read this post about excluding one url from Basic Auth我读了这篇关于从基本身份验证中排除一个网址的帖子
But i'd like to exclude 2 urls :但我想排除 2 个网址:
/api/*
/oauth/v2/token
So the entire app will be protected except for those two urls, that will be public.所以整个应用程序将受到保护,除了这两个公开的 url。 Otherwise i can't access my api routes.否则我无法访问我的 api 路由。
My .htaccess for now is :我的 .htaccess 现在是:
# Protect the app with password
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
AuthType Basic
Require valid-user
So i'm guessing i should need some sort or regex in :所以我猜我应该需要某种形式或正则表达式:
SetEnvIf Request_URI ^/api/ noauth=1
How can i have like a OR condition?我怎么能有像 OR 条件?
3 个解决方案
解决方案1
3 已采纳 2016-06-05 14:16:03
Try :尝试:
SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
You can exclude uris, just seperate them using a bar |您可以排除 uris,只需使用栏将它们分开|
解决方案2
2 2016-06-05 16:19:51
You can wrap Require inside another directive, like Directory orLocation您可以将Require包装在另一个指令中,例如Directory或Location
<Location /api/>
Require all granted
</Location>
<Location /oauth/v2/token>
Require all granted
</Location>
Not asked, but Getting it working says about .htpasswd没有问,但让它工作说 .htpasswd
This file should be placed somewhere not accessible from the web.
So you shouldn't put .htpasswd inside public_html .所以你不应该把 .htpasswd 放在public_html里面。
解决方案3
1 2021-03-19 14:29:29
Apache 2.4 Auth/Access control has changed since 2.2. Apache 2.4 身份验证/访问控制自 2.2 以来发生了变化。 Here is the new syntax:这是新语法:
AuthType Basic
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.