django - 使用基本身份验证保护一些 Web 路径
我对 django 相当陌生,只是尝试了一些简单的实验来入门。我正在运行 django 1.0、apache2 prefork 和 mod_wsgi。 我正在尝试构建一个具有以下 url 结构的网站,
/
/members
/admin
根基本上是一个公共区域。
成员路径应使用基本身份验证进行保护(可能由 apache 进行身份验证)
应使用内置的 django 身份验证来保护管理路径。
按照文档中的示例,我基本上可以通过基本身份验证保护整个站点,但这不是我想要的。
除了虚拟主机配置:
WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
# Order allow,deny
# Allow from all
</Directory>
任何人都可以帮助我指出正确的方向(或直接告诉我=P)如何实现这一点?
谢谢
编辑: 玩了一下后,我发现我可以做类似的事情:
WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi
<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Directory>
django.wsgi 文件基本上是复制到另一个目录中的相同文件,因此 WSGIScriptAlias 是不同的。这是黑客式的,但它有效..
有更好的方法来做我想做的事吗?
这样做有什么缺点吗?
谢谢
i'm fairly new to django and just trying a couple simple experiments to get my feet wet. i'm running django 1.0, apache2 prefork and mod_wsgi.
I'm trying to build a site with the following url structure
/
/members
/admin
the root is basically a public area.
the members path should be protected using basic-authentication (probably authenticated by apache)
the admin path should be protected using the built in django authentication.
following the examples in documentation i can basically protect the entire site with basic authentication, but that's not what i want.
except from virtual host config:
WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
# Order allow,deny
# Allow from all
</Directory>
Can anyone help point me in the right direction (or flat out tell me =P) on how to make this possible?
thanks
edit:
after playing around a little i discovered i can do something like:
WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi
<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Directory>
The django.wsgi file is basically the same file copied into another directory so that the WSGIScriptAlias is different. It's hack-ish but it works..
Is there a better way to do what i'd like?
Are there any downsides to doing it like this?
thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
更改:
为:
我认为您不需要:
Change:
to:
I don't believe you should need: