堆栈内存溢出
  简体   繁体   English

.htaccess虚拟主机的基本身份验证?

[英].htaccess basic auth by virtual host?

 原文  2011-09-07 13:00:52       apache/ .htaccess/ basic-authentication/ .htpasswd

问题描述

I was wondering if it was possible to setup a conditional http basic auth requirement based on the virtual host URL in an .htaccess file. 我想知道是否可以根据.htaccess文件中的虚拟主机URL设置条件http基本身份验证要求。

For example what I want to do is have mysite.com and test.mysite.com run off the same code base in the same directory but password protect test.mysite.com. 例如,我想要做的是让mysite.com和test.mysite.com在同一目录中运行相同的代码库,但密码保护test.mysite.com。 It would be setup this way so that I wouldn't need to branch my code since my app code can see which vhost/url it's being served from and pick the database to serve content from. 它将以这种方式设置,以便我不需要分支我的代码,因为我的应用程序代码可以看到它从哪个vhost / url服务并选择数据库来提供内容。

3 个解决方案

解决方案1
 19 已采纳  2011-09-17 21:54:23

You can sort of kludge this by using mod_setenvif along with the mod_auth modules. 你可以使用mod_setenvifmod_auth模块来mod_setenvif这个问题。 Use the SetEnvIfNoCase directive to set which host is password protected. 使用SetEnvIfNoCase指令设置受密码保护的主机。 You'll need a couple of extra directives to satisfy access: 您需要一些额外的指令来满足访问: 

# Check for the hostname here
SetEnvIfNoCase HOST ^test\.mysite\.com\.?(:80)?$ PROTECTED_HOST

Then inside the Directory block (or just out in the open) you have your auth stuff setup, something like this: 然后在Directory块中(或者只是打开)你有你的auth设置,如下所示: 

AuthUserFile /var/www/test.mysite.com/htpasswd
AuthType Basic
AuthName "Password Protected"

Now for the require/satisfy stuff: 现在需要/满足的东西: 

Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!PROTECTED_HOST

This will make it so any host that doesn't match ^test\\.mysite\\.com\\.?(:80)?$ will have access without need for auth ( Allow from env=!PROTECTED_HOST ) but otherwise, we need a valid user ( Require valid-user ). 这将使任何主机与^test\\.mysite\\.com\\.?(:80)?$不匹配^test\\.mysite\\.com\\.?(:80)?$将无需auth访问( Allow from env=!PROTECTED_HOST ),否则,我们需要一个有效用户( Require valid-user )。 The Satisfy any ensures that we just need one of the 2, either the Allow or Require. Satisfy any确保我们只需要其中一个,即Allow或Require。

解决方案2
 12  2012-06-15 16:17:45

I had problems implementing Jon's solution: Although I am quite familiar with Apache conf and regular expressions, the authentication always fired. 我在实现Jon的解决方案时遇到了问题:虽然我对Apache conf和正则表达式非常熟悉,但身份验证始终会被解雇。 From a quick analyzes it looked like the Allow from env=!PROTECTED_HOST line did not kick in. 从快速分析看来,似乎Allow from env=!PROTECTED_HOST行的Allow from env=!PROTECTED_HOST没有启动。

But I found another solution that actually looks safer to me: 但我找到了另一种对我来说更安全的解决方案:

I created two virtual hosts for the two domains pointing to the same document root (which is fully allowed by the way). 我为指向同一文档根目录的两个域创建了两个虚拟主机(顺便说一下,这是完全允许的)。 In one of the vhosts I added the directives for basic auth (directly into the vhost directive block). 在其中一个虚拟主机中,我添加了基本身份验证的指令(直接进入vhost指令块)。

Works like a charm. 奇迹般有效。 And I have a better feeling that this is really safe - no risk to overlook any details in the regex pattern that would open up the gates for intruders. 而且我有一种更好的感觉,这是非常安全的 - 没有风险忽略正则表达式模式中的任何细节,这将打开入侵者的大门。 

<VirtualHost *:80>
    ServerName www.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    <Directory "/path/to/common/doc/root">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName protected.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    <Directory "/path/to/common/doc/root">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all

        AuthUserFile /path/to/htpasswd
        AuthName "Password please"
        AuthType Basic
        Require valid-user
    </Directory>
</VirtualHost>

解决方案3
 5  2011-09-17 22:26:41

Here's a solution similar to what Jon Lin proposed, but using RewriteCond to check the host name: 这是一个类似于Jon Lin提出的解决方案,但使用RewriteCond检查主机名: 

RewriteEngine On
RewriteCond %{HTTP_HOST} =protected.hostname.com
RewriteRule ^.*$ - [E=DENY:1]

AuthUserFile /path/to/htpasswd
AuthName "Password please"
AuthType Basic

Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!DENY

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .htaccess中的虚拟主机 - Virtual Host in .htaccess htaccess 文件基本身份验证适用于其他页面 - htaccess File Basic Auth applying to other pages htaccess 从基本身份验证中排除多个 url - htaccess exclude multiple url from Basic Auth .htaccess-禁用特定路径的基本身份验证 - .htaccess - Disable basic auth for specific path apache基本身份验证中断.htaccess中的重写 - apache basic auth breaks rewrite in .htaccess .htaccess基本身份验证和IP限制 - .htaccess basic auth combined with ip restriction htaccess 从基本身份验证中排除一个 url - htaccess exclude one url from Basic Auth .htaccess:结合使用IP阻止和基本身份验证 - .htaccess: combine IP block and basic auth 允许Paypal IPN绕过.htaccess中的基本身份验证 - Allow paypal ipn to bypass Basic Auth in .htaccess Apache虚拟主机基本身份验证无效吗? - Apache virtual host basic authentication having no effect?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM