Apache 基本身份验证（允许的除外）

发布于 2024-09-30 21:28:42 字数 534 浏览 2 评论 0原文

问题：我在 /var/www/files/ 下有一些文件，我希望从特定 IP 地址访问它们，而不需要用户名/密码。但是，我希望任何其他 IP 地址都应该需要登录才能访问。

这是在我的 httpd.conf 中：

<Directory /var/www/files/>
        Order deny,allow
        Deny from all
        Allow from 192.168 
        AuthUserFile /etc/apache2/basic.pwd 
        AuthName "Please enter username and password" 
        AuthType Basic 
        Require user valid-user 
</Directory>

但是，如果我理解正确的话，这意味着来自 192.168.* 的任何客户端都可以访问该目录，但需要有效用户才能查看其内容。任何其他 IP 地址都将被拒绝。正确的？

先感谢您。

原文

Problem: I have some files under /var/www/files/ that I want them to be accessed from specific IP addresses WITHOUT requiring user/password. However, I would like that any other IP address SHOULD require login to gain access.

This is in my httpd.conf:

<Directory /var/www/files/>
        Order deny,allow
        Deny from all
        Allow from 192.168 
        AuthUserFile /etc/apache2/basic.pwd 
        AuthName "Please enter username and password" 
        AuthType Basic 
        Require user valid-user 
</Directory>

But, if I understood correctly, this means that any client coming from 192.168.* will have access to that directory BUT will require a valid-user to view its content. And any other IP address will be denied. right?

Thank you in advance.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

痴梦一场 2024-10-07 21:28:42

这就是 Apache 2.4+ 的做法（因为不再支持 Satisfy Any）。

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <RequireAny>
      Require ip 22.33.44.55
      Require valid-user
    </RequireAny>

</Directory>

如果您想同时需要 IP 地址和登录名/密码，请将更改为

我希望这对某人有帮助 - 因为它花了我一会儿去弄清楚。

This is how it's done for Apache 2.4+ (since Satisfy Any is no longer supported).

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <RequireAny>
      Require ip 22.33.44.55
      Require valid-user
    </RequireAny>

</Directory>

If you want to require both IP address -and- Login/Password, change <RequireAny> to <RequireAll>

I hope this helps someone - as it took me a while to figure it out.

回复收藏 0 原文

戴着白色围巾的女孩 2024-10-07 21:28:42

编辑：这可能是可接受的答案，但很旧。对于新的 Apache 安装，请使用 Brian在这里回答

添加以下内容：满足任何（这意味着这两个应该通过）。

语法是：

Require valid-user

或：

Require user <userid>

edit: this may be accepted answer, but old. For new Apache installs, use Brians answer here

Add this: Satisfy Any (which means either of those 2 should be passed).

And the syntax is either:

Require valid-user

Or:

Require user <userid>

回复收藏 0 原文

静若繁花 2024-10-07 21:28:42

如果您的服务器位于代理后面，则不能直接依赖 Require ip。但是，您可以使用 需要 env:

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    SetEnvIF X-Forwarded-For "22.33.44.55" AllowIP

    <RequireAny>
      Require env AllowIP
      Require valid-user
    </RequireAny>

</Directory>

想法的来源

If your server is behind a proxy, you can't rely on the Require ip directly. However, you can use the Require env:

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    SetEnvIF X-Forwarded-For "22.33.44.55" AllowIP

    <RequireAny>
      Require env AllowIP
      Require valid-user
    </RequireAny>

</Directory>

The source of the idea

回复收藏 0 原文

冷清清 2024-10-07 21:28:42

在 Apache 2.4+ 中，如果您还想根据 IP 块设置固定用户名，您可以使用 AuthBasicFake 指令与运行时 If 指令。

此示例授予对 22.33.44.55/32 和 66.77.88.99/32 的直接访问权限并设置用户名 demouser，所有其他人都必须登录。

<Location>
    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <If "-R '22.33.44.55/32' || -R '66.77.88.99/32'">
        AuthBasicFake demouser
        Require all granted
    </If>
    <Else>
        Require valid-user
    </Else>
</Location>

At Apache 2.4+, if you also like to set a fixed username based on the IP block you could use AuthBasicFake directive together with runtime If directive.

This example with grant direct access to 22.33.44.55/32 and 66.77.88.99/32 and sets username demouser, all others must login.

<Location>
    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <If "-R '22.33.44.55/32' || -R '66.77.88.99/32'">
        AuthBasicFake demouser
        Require all granted
    </If>
    <Else>
        Require valid-user
    </Else>
</Location>

回复收藏 0 原文

音栖息无 2024-10-07 21:28:42

SetEnvIF X-Forwarded-For "192.168.135.159" AllowIP
SetEnvIF X-Forwarded-For "192.168.135.135" AllowIP

AuthType Basic
AuthName "admin"
AuthUserFile "/var/www/domain.com/cms/.htpasswd"

<RequireAll>
Require env AllowIP
require valid-user
</RequireAll>

我还检查了许多变体。此代码适用于 2.4 版本的 apache 100%

SetEnvIF X-Forwarded-For "192.168.135.159" AllowIP
SetEnvIF X-Forwarded-For "192.168.135.135" AllowIP

AuthType Basic
AuthName "admin"
AuthUserFile "/var/www/domain.com/cms/.htpasswd"

<RequireAll>
Require env AllowIP
require valid-user
</RequireAll>

İ also checked many variants. this code üorks with 2.4 version of apache 100%

回复收藏 0 原文

~没有更多了~