我們使用Apache-2.4提供的新認證和授權框架,並且需要關閉整個站點(位置/)以進行未經授權的訪問,除了一個子目錄(Location/foo),其中可以獲得授權cookie。這似乎是AuthMerging是使用該指令,但事情不工作:Apache 2.4 - 如何關閉除一個子目錄以外的整個站點?
<Location />
AuthType form
AuthFormProvider foo
Session On
SessionCookieName ti2f
Include conf/sessionpw.conf
AuthName TI
<RequireAll>
Require foo ipaddress
Require foo expiration
</RequireAll>
ErrorDocument 401 /foo/
</Location>
<Location /foo>
AuthMerging Or
Require all granted
DirectoryIndex index.php
</Location>
不幸的是,進入/富仍受阻 - 401未授權。隨着LogLevel的手搖我可以看到mod_authz_core記錄了以下消息:
authorization result of Require all granted: granted
authorization result of <RequireAny>: granted
authorization result of AuthMerging Any: granted
authorization result of Require all granted: granted
authorization result of <RequireAny>: granted
authorization result of AuthMerging Any: granted
authorization result of Require foo ipaddress: denied (no authenticated user yet)
authorization result of Require foo expiration: denied (no authenticated user yet)
authorization result of <RequireAll>: denied (no authenticated user yet)
authorization result of <RequireAny>: denied (no authenticated user yet)
與AuthMerging設置爲「或者」爲sublocation /富,爲什麼阿帕奇檢查父位置的需要,指示不惜一切後,「要求所有批准「補助金?
謝謝,馬克。這可能工作。但我仍然困惑,爲什麼我的方法不工作。如果AuthMerging設置爲Or,Apache爲什麼應用更高位置的規則? –
事實上,它不會很簡單地工作 - 請參閱我對自己問題的回答...沒有authz規則的位置不是/ foo /,而是/php-fpm/foo/index.php –