如何进行有条件的 .htaccess 密码保护

发布于 2024-10-20 21:01:15 字数 413 浏览 8 评论 0原文

我正在尝试使用 .htaccess 对特定网址进行密码保护。不同的 url 指向相同的文件,但工作方式不同。我现在只需要用密码保护一个网址。我正在尝试使用 setenvif 来执行此操作,但它似乎不起作用。我可能不完全理解 apache setenv 模块的目的或用途。

这是我的代码,似乎不起作用

SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" protecturl
<IfDefine protecturl>
  Require valid-user
  AuthName "Please enter your name and password"
  AuthType Basic
  AuthUserFile .htpasswd
</IfDefine>

I'm trying to password protect a specific url using a .htaccess. Different urls point to the same files but have different workings. I now need to password protect only one url. I'm trying to do this using setenvif but it doesn't seem to work. I might not fully understand the purpose or use of the apache setenv module.

This is my code what doesn't seem to work

SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" protecturl
<IfDefine protecturl>
  Require valid-user
  AuthName "Please enter your name and password"
  AuthType Basic
  AuthUserFile .htpasswd
</IfDefine>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

友谊不毕业 2024-10-27 21:01:15

我终于想通了。我确实不得不使用 mod_rewrite 引擎。我决心找到一个不需要创建额外文件或目录的解决方案。

相同的文件,没有额外的目录,一个 .htaccess:

# Case we are in the protected area!
RewriteCond %{REQUEST_FILENAME} index.php [OR]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{HTTP_HOST} ^(protected)\.mydomain\.com$
RewriteRule ^(.*)$ admin.php%{REQUEST_URI} [L]

#default rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

#only protect access to admin.php which is a symlink to index.php
<FilesMatch "admin.php">
  AuthUserFile .htpasswd
  AuthName EnterPassword
  AuthType Basic
  require valid-user
</FilesMatch>

I finally figured it out. I indeed had to use the mod_rewrite engine. I was determined to have a solution which didn't involve me having to make extra files or directories.

Same files, no extra directories, one .htaccess:

# Case we are in the protected area!
RewriteCond %{REQUEST_FILENAME} index.php [OR]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{HTTP_HOST} ^(protected)\.mydomain\.com$
RewriteRule ^(.*)$ admin.php%{REQUEST_URI} [L]

#default rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

#only protect access to admin.php which is a symlink to index.php
<FilesMatch "admin.php">
  AuthUserFile .htpasswd
  AuthName EnterPassword
  AuthType Basic
  require valid-user
</FilesMatch>
萌吟 2024-10-27 21:01:15

好吧,这实际上可以在没有 mod_rewrite 的情况下通过 SetEnvIf 来实现。
我需要它作为开发网站来测试 Facebook OpenGraph 标签的工作原理。

# allow facebook external hit
SetEnvIf user-agent "facebookexternalhit/1.1" allowthis
# disallow some other stuff
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" !allowthis

AuthType Basic
AuthName "dev access"
AuthUserFile .htpasswd
Require valid-user

Allow from allowthis=1
Satisfy Any

IfDefine 适用于与环境变量不同的定义。

引用自 apache 文档

参数名称参数是在服务器启动时通过 -Dparameter- 在 httpd 命令行上给出的定义。

Well, this can actually be achieved without mod_rewrite and with SetEnvIf.
I needed it for dev site to test how Facebook OpenGraph tags work.

# allow facebook external hit
SetEnvIf user-agent "facebookexternalhit/1.1" allowthis
# disallow some other stuff
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" !allowthis

AuthType Basic
AuthName "dev access"
AuthUserFile .htpasswd
Require valid-user

Allow from allowthis=1
Satisfy Any

The IfDefine works on defines which are not same as environment variables.

A quote from apache docs:

The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.

守望孤独 2024-10-27 21:01:15

可能无法直接直接实现,但您是否可以有另一个受密码保护的目录,其中链接有原始目录?您可以使用 mod_rewrite 将匹配请求重定向到受密码保护的目录。

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.myhost.tld$
RewriteRule ^/foo/(.*)$ /bar/linkeddir/$1

Might not be directly possible directly but could you have another password protected directory which has the original directory linked into it? You could the use mod_rewrite to redirect the matching requests to password protected directory.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.myhost.tld$
RewriteRule ^/foo/(.*)$ /bar/linkeddir/$1
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文