apache 中带有基于位置的 ACL 的 mod_rewrite ?
有一个 CGI 脚本为我们的客户提供一些 API。调用语法为:
script.cgi?module=<str>&func=<str>[&other-options]
任务是为不同的模块制定不同的认证规则。
或者,拥有漂亮的 URL 会很棒。
我的配置:
<VirtualHost *:80>
DocumentRoot /var/www/example
ServerName example.com
# Global policy is to deny all
<Location />
Order deny,allow
Deny from all
</Location>
# doesn't work :(
<Location /api/foo>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
RewriteEngine On
# The only allowed type of requests:
RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT]
# All others are forbidden:
RewriteRule /(.*) - [F]
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 5
ScriptAlias /cgi-bin /var/www/example
<Directory /var/www/example>
Options -Indexes
AddHandler cgi-script .cgi
</Directory>
</VirtualHost>
嗯,我知道问题是处理该指令的顺序。
将在 mod_rewrite 完成其工作后进行处理。但我相信有办法改变它。 :)
使用标准 Order Deny,allow
+ Allow from
指令是更好的选择,因为它通常用于其他类似的地方。
感谢您的关注。 :)
There is a CGI-script that provides some API for our customers. Call syntax is:
script.cgi?module=<str>&func=<str>[&other-options]
The task is to make different authentiction rules for different modules.
Optionally, it will be great to have nice URLs.
My config:
<VirtualHost *:80>
DocumentRoot /var/www/example
ServerName example.com
# Global policy is to deny all
<Location />
Order deny,allow
Deny from all
</Location>
# doesn't work :(
<Location /api/foo>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
RewriteEngine On
# The only allowed type of requests:
RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT]
# All others are forbidden:
RewriteRule /(.*) - [F]
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 5
ScriptAlias /cgi-bin /var/www/example
<Directory /var/www/example>
Options -Indexes
AddHandler cgi-script .cgi
</Directory>
</VirtualHost>
Well, I know that problem is order of processing that directives. <Location>
s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :)
Using of standard Order deny,allow
+ Allow from <something>
directives is preferable because it's commonly used in other places like this.
Thank you for your attention. :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论