实际上使用 mod_rewrite chroot 客户端？

发布于 2024-10-27 13:36:32 字数 783 浏览 1 评论 0原文

我正在尝试为各种客户端设置一个 webdav 网站来上传/下载文件。但是我不希望每个客户都能看到其他客户的数据。每个客户端都使用 SSL 客户端证书进行身份验证，因此我想将它们 chroot 到自己的目录树中。

例如：

https://example.com/webdav/upload
应该映射到文件系统位置
/somewebroot/webdav/SSL_USERNAME/upload

我认为我可以使用 mod_rewrite 来实现此目的，但我的规则似乎使我进入无限重定向循环。有什么想法吗？

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{REQUEST_URI} !^%{SSL:SSL_CLIENT_S_DN_CN}/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>

原文

I am attempting to setup a webdav website for various clients to upload/download files. However I don't want each client to see the other clients' data. Each client uses SSL client certificates to authenticate, so I would like to chroot them into their own directory tree.

For example:

https://example.com/webdav/upload
Should map to filesystem location
/somewebroot/webdav/SSL_USERNAME/upload

I thought that I could use mod_rewrite for this but my rules seem to send me into an infinite redirection loop. Any thoughts?

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{REQUEST_URI} !^%{SSL:SSL_CLIENT_S_DN_CN}/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

冷…雨湿花 2024-11-03 13:36:32

一旦您发现“RewriteCond”不支持 PATTERN 中的服务器变量，修复此问题就相当简单。因此，您必须使用反向引用将其纳入模式。此外，“RewriteCond”不使用“RewriteBase”指令，因此您也必须考虑到这一点。

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN}::%{REQUEST_URI} !^(.*)::/webdav/\1/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>

The fix for this is fairly simple once you figure out that "RewriteCond" does not support server variables in the PATTERN. So you have to get it into the pattern by using a backreference. Also "RewriteCond" does not use the "RewriteBase" directive so you also have to take that into account as well.

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN}::%{REQUEST_URI} !^(.*)::/webdav/\1/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>

回复收藏 0 原文

~没有更多了~