[英].htaccess basic auth by virtual host?
I was wondering if it was possible to setup a conditional http basic auth requirement based on the virtual host URL in an .htaccess file. 我想知道是否可以根据.htaccess文件中的虚拟主机URL设置条件http基本身份验证要求。
For example what I want to do is have mysite.com and test.mysite.com run off the same code base in the same directory but password protect test.mysite.com. 例如,我想要做的是让mysite.com和test.mysite.com在同一目录中运行相同的代码库,但密码保护test.mysite.com。 It would be setup this way so that I wouldn't need to branch my code since my app code can see which vhost/url it's being served from and pick the database to serve content from.
它将以这种方式设置,以便我不需要分支我的代码,因为我的应用程序代码可以看到它从哪个vhost / url服务并选择数据库来提供内容。
You can sort of kludge this by using mod_setenvif
along with the mod_auth
modules. 你可以使用
mod_setenvif
和mod_auth
模块来mod_setenvif
这个问题。 Use the SetEnvIfNoCase
directive to set which host is password protected. 使用
SetEnvIfNoCase
指令设置受密码保护的主机。 You'll need a couple of extra directives to satisfy access: 您需要一些额外的指令来满足访问:
# Check for the hostname here
SetEnvIfNoCase HOST ^test\.mysite\.com\.?(:80)?$ PROTECTED_HOST
Then inside the Directory
block (or just out in the open) you have your auth stuff setup, something like this: 然后在
Directory
块中(或者只是打开)你有你的auth设置,如下所示:
AuthUserFile /var/www/test.mysite.com/htpasswd
AuthType Basic
AuthName "Password Protected"
Now for the require/satisfy stuff: 现在需要/满足的东西:
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!PROTECTED_HOST
This will make it so any host that doesn't match ^test\\.mysite\\.com\\.?(:80)?$
will have access without need for auth ( Allow from env=!PROTECTED_HOST
) but otherwise, we need a valid user ( Require valid-user
). 这将使任何主机与
^test\\.mysite\\.com\\.?(:80)?$
不匹配^test\\.mysite\\.com\\.?(:80)?$
将无需auth访问( Allow from env=!PROTECTED_HOST
),否则,我们需要一个有效用户( Require valid-user
)。 The Satisfy any
ensures that we just need one of the 2, either the Allow or Require. Satisfy any
确保我们只需要其中一个,即Allow或Require。
I had problems implementing Jon's solution: Although I am quite familiar with Apache conf and regular expressions, the authentication always fired. 我在实现Jon的解决方案时遇到了问题:虽然我对Apache conf和正则表达式非常熟悉,但身份验证始终会被解雇。 From a quick analyzes it looked like the
Allow from env=!PROTECTED_HOST
line did not kick in. 从快速分析看来,似乎
Allow from env=!PROTECTED_HOST
行的Allow from env=!PROTECTED_HOST
没有启动。
But I found another solution that actually looks safer to me: 但我找到了另一种对我来说更安全的解决方案:
I created two virtual hosts for the two domains pointing to the same document root (which is fully allowed by the way). 我为指向同一文档根目录的两个域创建了两个虚拟主机(顺便说一下,这是完全允许的)。 In one of the vhosts I added the directives for basic auth (directly into the vhost directive block).
在其中一个虚拟主机中,我添加了基本身份验证的指令(直接进入vhost指令块)。
Works like a charm. 奇迹般有效。 And I have a better feeling that this is really safe - no risk to overlook any details in the regex pattern that would open up the gates for intruders.
而且我有一种更好的感觉,这是非常安全的 - 没有风险忽略正则表达式模式中的任何细节,这将打开入侵者的大门。
<VirtualHost *:80>
ServerName www.mysite.com
DocumentRoot "/path/to/common/doc/root"
<Directory "/path/to/common/doc/root">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName protected.mysite.com
DocumentRoot "/path/to/common/doc/root"
<Directory "/path/to/common/doc/root">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
AuthUserFile /path/to/htpasswd
AuthName "Password please"
AuthType Basic
Require valid-user
</Directory>
</VirtualHost>
Here's a solution similar to what Jon Lin proposed, but using RewriteCond
to check the host name: 这是一个类似于Jon Lin提出的解决方案,但使用
RewriteCond
检查主机名:
RewriteEngine On
RewriteCond %{HTTP_HOST} =protected.hostname.com
RewriteRule ^.*$ - [E=DENY:1]
AuthUserFile /path/to/htpasswd
AuthName "Password please"
AuthType Basic
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!DENY
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.