Apache .htaccess - 在尝试保护时无法访问文件?
我试图仅为我锁定一个文件(它是一个日志,我不希望用户看到它)。
这是我的 .htpasswd:
foo:bar
这是我的 .htaccess:
AuthUserFile /home/kapip/public_html/.htpasswd
AuthType Basic
AuthName "This is allowed for admin purposes only"
<Files "users.log">
Require valid-user
</Files>
即使我在对话框后输入了正确的密码,对话框也会闪烁,就像发送了请求一样,然后再次弹出。无论我输入什么,我都看不到我的文件。
一些规格
- 我使用共享主机
- .htpasswd、.htaccess 和日志文件位于同一目录中
- 即使我将 users.log 更改为 users.txt,它仍然不起作用
- 如果我当它要求提供凭据时单击“取消”,它会给出 401 响应
请帮助我! :(
I am attempting to lock a file out for me only (it's a log, and I don't want users to see it).
This is my .htpasswd:
foo:bar
And this is my .htaccess:
AuthUserFile /home/kapip/public_html/.htpasswd
AuthType Basic
AuthName "This is allowed for admin purposes only"
<Files "users.log">
Require valid-user
</Files>
Even if I put in the correct password after the dialog, the dialog just flashes as if the request was sent, and then it pops up again. No matter what I put in, I can't see my file.
Some Specs
- I'm on shared hosting
- The .htpasswd, .htaccess, and log file are in the same directory
- Even if i change users.log to users.txt, it still doesn't work
- If I click "cancel" when it asks for credentials, it gives a 401 Response
Please help me! :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否在密码文件上运行了
htpasswd -c?它通常是哈希值而不是明文密码。查看 htpasswd 手册页。编辑:
如果您没有 shell 访问权限,您可以使用 htpasswd 生成器 并将文件复制到您的共享主机。您应该能够使用 cPanel 的文件管理器。
我建议的一件事是:您不应该将 htpasswd 文件放在 public_html 目录中,人们将能够通过 http://your-domain/.htpasswd 这是非常糟糕的
Did you run
htpasswd -con your password file? It's normally a hash and not a plaintext password. Take a look at the htpasswd man page.EDIT:
If you don't have shell access, you can create your htpasswd file using the htpasswd generator and the copy the file to your shared host. You should be able to use cPanel's FileManager.
One thing that I would suggest though: You should NOT put your htpasswd file in your public_html directory, people will be able to access it via http://your-domain/.htpasswd which is VERY BAD