如何使用 htaccess 限制对条目的访问?
我需要用密码保护网站上的几个条目。在模板级别很容易做到,但这是入门级别。我正在运行表达式引擎。
我尝试设置 htaccess 文件,但尚未生效。
它是这样的:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/server/.htpasswds/.htpasswd
AuthGroupFile /dev/null
<Files template_group/entry_name>
require valid-user
</Files>
其中 template_group 是实际 template_group 的名称,entry_name 是条目的实际名称。
任何帮助将不胜感激。
谢谢。
I need to password protect a couple of entries on a site. It is easy to do at the template level but this is at the entry level. I am running Expression Engine.
I tried setting up an htaccess file but it is not yet effective.
It is like this:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/server/.htpasswds/.htpasswd
AuthGroupFile /dev/null
<Files template_group/entry_name>
require valid-user
</Files>
Where template_group is the name of the actual template_group and entry_name is the actual name of the entry.
Any assistance will be appreciated.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
虽然 ExpressionEngine 提供了自己的模板访问限制方法来密码保护页面和模板 - 包括处理 .htaccess Apache Basic HTTP 身份验证 - 在某些情况下您可能不想或无法使用它:
例如,ExpressionEngine 的 Freelancer 版本 不包括 会员管理模块,因此 模板首选项管理器不提供访问限制。
此外,如果您选择使用 ExpressionEngine 的 HTTP 身份验证,则只有 [在 ExpressionEngine 中] 拥有成员帐户的用户才能登录,因为 EE 使用其本地成员数据库进行身份验证。
如果您属于 DIY 类型,则可以修改
httpd.conf以限制和密码保护对 ExpressionEngine 页面、条目和模板的访问。此技术的工作原理如下:
httpd.conf.htpasswd或.htgroup文件注意:由于我们尝试在 URL 级别而不是物理文件系统上匹配对象,因此我们必须使用
将以下内容放入服务器的
httpd.conf或vhost.conf文件中:请务必更改根据您的喜好和托管环境的指令。
如果您还没有创建
.htpasswd密码文件来加密所需的密码,可以使用命令行或 在线 .htaccess 密码生成器:htpasswd -c /path/to/website/.htpasswd username如果 htpasswd 命令不在您的 Unix 路径,您必须输入该文件的完整路径才能运行它。在我的服务器上,它将是:
/usr/sbin/htpasswd -c /path/to/website/.htpasswd username然后,htpasswd 会询问您用户的密码,并要求您输入它再次确认:
一切就位并正常工作后,任何对
/private*的请求都将由 Apache 处理,然后再路由到 ExpressionEngine。瞧 — Apache受密码保护的目录与 ExpressionEngine(或任何 CMS,例如 WordPress、MovableType 或 TextPattern)协调工作。
While ExpressionEngine provides its own means for Template Access Restriction to password-protect pages and templates — including handling .htaccess Apache Basic HTTP Authentication — there are situations where you might not want to, or are unable, to use it:
For example, the Freelancer Version of ExpressionEngine doesn't include the Member Management Module, so the Template Preferences Manager doesn't offer Access Restrictions.
Also, if you elect to use ExpressionEngine's HTTP Authentication, only users with member accounts [in ExpressionEngine] will be able to login, since EE uses its local member database for authentication.
If you're the DIY type, you can modify your
httpd.confto limit and password-protect access to ExpressionEngine pages, entries and templates.This technique works by:
httpd.conf.htpasswdor.htgroupfilesNote: Since we are attempting to match objects at the URL level and not the physical filesystem, we must use a
<Location>or<LocationMatch>directive1.Put the following in your server's
httpd.conforvhost.conffile:Be sure to change the values of the directive to your liking and your hosting environment.
If you haven't already, create the
.htpasswdpassword file to encrypt the desired passwords, either using the command line or an Online .htaccess Password Generator:htpasswd -c /path/to/website/.htpasswd usernameIf the htpasswd command is not in your Unix path, you'll have to type the full path to the file to get it to run. On my server, it would be:
/usr/sbin/htpasswd -c /path/to/website/.htpasswd usernameThen, htpasswd will ask you for the user's password, and ask you to type it again to confirm:
With everything in place and working, any request to
/private*will be handled by Apache before it's routed to ExpressionEngine.Voilà — Apache password-protected directories working in harmony with ExpressionEngine (or any CMS really, such as WordPress, MovableType or TextPattern).
我回答了两个类似 关于此主题的问题可能有益于你。
不过,有多种方法可以对 ExpressionEngine 站点中的页面进行密码保护:
到目前为止,针对您的情况最简单的解决方案是使用内置的 ExpressionEngine 控制面板中的模板首选项管理器 并分配“私有”条目到需要身份验证的模板。
第三方附加组件,例如 Yuri Salimovskiy 的 Entry Access IntoEEtive 可能会对您有所帮助。 条目访问使您能够限制某些成员或成员组对某些频道条目的前端访问。
I answered two similar questions on this subject that may be of benefit to you.
Nevertheless, there are several ways to password-protect pages in an ExpressionEngine site:
By far the easiest solution to your situation is to use the built-in Template Preferences Manager in the ExpressionEngine Control Panel and assign the "private" entries to a template that requires authentication.
A third-party add-on such as Entry Access by Yuri Salimovskiy of IntoEEtive may aide in your benefit. Entry Access enables you to restrict front-end access to certain channel entries for certain members or member group.