将 URL 重写(强制使用 https)与 http 身份验证结合起来?
我有一个域 mattpotts.com 并设置了一个子域 dev.mattpotts.com 供我进行开发,然后将文件复制到普通域当他们准备好出发时。
我的目录结构如下, dev.mattpotts.com 指向 dev/
+-public_html/
+-project1/
+-project2/
+-project3/
+-dev/
+-project1
+-project2
+-project3我基本上希望能够从 http://mattpotts.com/ 访问通过添加 更改为 dev. 将 project1https://dev.mattpotts.com/project1。
我在 dev/ 中有以下 .htaccess 并且它可以工作,所需要做的就是强制使用 https。
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} dev
RewriteRule ^(.*)$ https://dev.mattpotts.com$1 [R,L]我想强制使用 https,以便我可以在目录上安全地使用 http 身份验证。然而,当我将它与以下规则结合起来时,它不起作用。我已经设置了 .htpasswd 但我什至还没有显示登录表单。
AuthType Basic AuthName "Dev Protected Area" AuthUserFile .htpasswd Require valid-user
如何成功组合一组 .htaccess 规则?
编辑,非常奇怪的事情正在发生!
https://dev.mattpotts.com/project1/ 显示“你好!”来自非开发版本的网站(注意 https) http://dev.mattpotts.com/project1/ 显示“hello dev!” (根据需要)来自开发版本。这是怎么回事?
I have a domain, mattpotts.com and have set up a sub-domain dev.mattpotts.com for me to develop on and will then copy the files to the normal domain when they're ready to go.
My directory structure is as follows and dev.mattpotts.com points to dev/
+-public_html/
+-project1/
+-project2/
+-project3/
+-dev/
+-project1
+-project2
+-project3I basically want to be able to go from http://mattpotts.com/project1 to https://dev.mattpotts.com/project1 by adding dev..
I have the following .htaccess in dev/ and it works, all this needs to do is force https.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} dev
RewriteRule ^(.*)$ https://dev.mattpotts.com$1 [R,L]I want to force https so that I can securely use http auth on the directory. However, when I combine it with the following rules, it doesn't work. I have my .htpasswd set up but I've not even had the login form show up yet.
AuthType Basic AuthName "Dev Protected Area" AuthUserFile .htpasswd Require valid-user
How can I successfully combine the to set of .htaccess rules?
Edit, very strange things are happening!
https://dev.mattpotts.com/project1/ displays 'hello!' from non dev version of site (note https)
http://dev.mattpotts.com/project1/ displays 'hello dev!' (as desired) from dev version. What's going on here?!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您已告诉我们您的
.htaccess文件所在位置,但尚未告诉我们您的.htpasswd文件所在位置。根据 Apache 文档 AuthUserFile:换句话说,它正在像
/etc/apache2/.htpasswd这样的地方寻找.htpasswd。因此,要么将您的 .htpasswd 文件移动到那里,要么让您的指令包含该文件的绝对路径,例如:但是,出于安全原因,我强烈建议保留您的 .htpasswd 文件位于文档根目录之外。
You've told us where your
.htaccessfile is, but you haven't told us where your.htpasswdfile is. According to the Apache documentation on AuthUserFile:So in other words, it is looking for the
.htpasswdin somewhere like/etc/apache2/.htpasswd. So either move your.htpasswdfile there, or make your directive contain an absolute path to the file, e.g.:However, for security reasons, I highly recommend keeping your
.htpasswdfile outside of your document root.这些问题应该是相互独立的:我是否正确理解“强制 HTTPS”部分的工作原理?
也就是说,AuthUserFile .htpasswd 可能在错误的位置寻找 .htpasswd。最简单的解决方法是将完整路径和名称放在那里,例如 AuthUserFile /home/matt/www/public_html/dev/.htpasswd (或任何有 dev 目录的地方)。
These issues should be independent of each other: do I understand correctly that the "force HTTPS" part works?
That said,
AuthUserFile .htpasswdmay be looking for .htpasswd in the wrong place. The easiest fix is to put the full path and name there, e.g.AuthUserFile /home/matt/www/public_html/dev/.htpasswd(or wherever you have the dev directory).