我試圖排除基本http認證被阻止的路徑(URI)。 路徑是/ rest(http://example.com/rest)並且代表cakephp 3應用程序的控制器。它不是一個真正的文件,而是一個由rewite條件重寫並由webroot目錄中的index.php所管理的路徑。從http基本認證中排除特定的cakephp控制器
這裏的重寫規則:
/var/www/.htaccess
:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
/var/www/webroot/.htaccess
:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule^index.php [L]
</IfModule>
我運行的Apache 2.4和嘗試不同的配置:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
Require expr %{REQUEST_URI} =~ m#/rest/.*#
Require expr %{REQUEST_URI} =~ m#/index.php/rest/.*#
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
...改編自https://stackoverflow.com/a/33655232/1285585
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Allow from all
Satisfy any
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
...從https://serverfault.com/a/475845/229877
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</Virtualhost>
...從https://www.apachelounge.com/viewtopic.php?p=30200
...
<Location "/">
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI /rest noauth=1
SetEnvIf Request_URI ^/index.php/rest noauth=1
SetEnvIf Request_URI /index.php/rest noauth=1
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
</Location>
...從https://stackoverflow.com/a/8979889/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location ~ "/(rest|index.php/rest)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
...從https://stackoverflow.com/a/13296294/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Files "index.php/rest">
Satisfy Any
Allow from all
</Files>
<Files "rest">
Satisfy Any
Allow from all
</Files>
...從HTTP Basic Auth Exclude Single File
然而,他們都不上班。我總是使用wget或來自瀏覽器的身份驗證請求獲取401錯誤。
問題似乎是,路徑/休息通過條件,但然後被重寫到index.php,這是在基本身份驗證(並且必須)的控制下。
任何線索?
是什麼'REDIRECT_noauth'意味着什麼? – Shoan
如果發生重定向,SetEnvIf規則將被應用兩次:重定向之前和之後一次。如果Request_URI與重定向後的給定標記「^/rest /」匹配,則設置noauth環境變量,同時設置REDIRECT_noaut,如果Request_URI與重定向匹配PRIOR。 –