[英]Ubuntu 16.04 Apache2 only requires password once?
I have a server running, and setup an htaccess file. 我正在运行服务器,并设置了htaccess文件。 Everything works and it does require a password to gain access to the folder I set, but once the password is used, it has never required verification again.
一切正常,并且确实需要输入密码才能访问我设置的文件夹,但是一旦使用了密码,就不再需要再次验证。 Seems insecure, so I'm wondering how to require re-entering a password.
似乎不安全,所以我想知道如何要求重新输入密码。 Like some kind of time-out on the access, but I don't know what to look for, and all I've found is people trying to stop needing a password all the time.
就像访问中的某种超时一样,但是我不知道要寻找什么,我发现所有发现都是人们一直试图不再需要密码。
Please help with either a solution, or point me in the right direction for what I need to be searching for. 请提供解决方案的帮助,或为我要寻找的正确方向指明方向。
I am using ssl, and .httaccess file with basic auth setup in the apache config file. 我在apache配置文件中使用ssl和.httaccess文件进行基本身份验证设置。
<Directory "/var/www/html">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
As I know, apache/HTTP authentication don't gives you control. 据我所知,apache / HTTP身份验证无法控制您。 After first authentication, your server cannot instruct the browser to logout or timeout.
首次身份验证后,您的服务器无法指示浏览器注销或超时。 HTTP authentication does not work with session/cookies and the browser shall continually send authentication credentials.
HTTP身份验证不适用于会话/ cookie,浏览器应不断发送身份验证凭据。 To logout you should close the browser.
要注销,您应该关闭浏览器。
looking in Apache webpage: AuthDigestNonceLifetime
Directive could be useful the value is in seconds for the time. 在Apache网页上查找:
AuthDigestNonceLifetime
指令可能有用,该值以秒为单位。 i use 300 here. 我在这里用300。
<Directory "/var/www/html">
AuthType Digest
AuthName "Restricted-Content"
AuthDigestDomain "http://127.0.1.2"
AuthDigestProvider file
AuthUserFile /etc/apache2/.htpasswd
AuthDigestNonceLifetime 30
Require valid-user
</Directory>
Also you will have to use the htdigest
command to generate the .htpasswd
file 另外,您还必须使用
htdigest
命令生成.htpasswd
文件
htdigest -c /etc/apache2/.htpasswd Restricted-Content username
then set the password then set the AuthDigestDomain
to your URL or IP 然后设置密码,然后将
AuthDigestDomain
设置为您的URL或IP
this conffiguration can only work with the degest based authentication. 此配置只能与基于摘要的身份验证一起使用。 although the user must clear their browser cache manually.
尽管用户必须手动清除其浏览器缓存。
but i would recommend you switch to a different method for autentication, unless its the only option for the application 但是我建议您切换到另一种方法来进行验证,除非它是该应用程序的唯一选择
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.