将子域重写为文件,然后删除 .htaccess 身份验证
我正在为 Symfony 1.4 项目重写一个域。
我的 .htaccess
AuthUserFile /var/www/.htpasswd
AuthType Basic
AuthName "GH Auth"
<Files "*">
require valid-user
</Files>
<Files "api.php">
Allow from all
Satisfy any
</Files>
<Files "apc.php">
require user admin
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
# uncomment the following line, if you are having trouble
# getting no_script_name to work
RewriteBase /
RewriteCond %{HTTP_HOST} ^api\.domain\.org$
RewriteRule ^(.*)$ api.php [QSA,L]
# we skip all files with .something
RewriteCond %{REQUEST_URI} \.(css|js|png|gif|jpg)$
RewriteRule .* - [L]
# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
正确访问 domain.org/api.php/method 允许您无需身份验证即可继续。
但是,访问 api.domain.org/method 似乎看不到该标志,并且它仍然要求身份验证。
有什么想法吗?也许是时候创建两个独立的虚拟主机了?
I'm rewriting a domain for a Symfony 1.4 project.
My .htaccess
AuthUserFile /var/www/.htpasswd
AuthType Basic
AuthName "GH Auth"
<Files "*">
require valid-user
</Files>
<Files "api.php">
Allow from all
Satisfy any
</Files>
<Files "apc.php">
require user admin
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
# uncomment the following line, if you are having trouble
# getting no_script_name to work
RewriteBase /
RewriteCond %{HTTP_HOST} ^api\.domain\.org$
RewriteRule ^(.*)$ api.php [QSA,L]
# we skip all files with .something
RewriteCond %{REQUEST_URI} \.(css|js|png|gif|jpg)$
RewriteRule .* - [L]
# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Going to domain.org/api.php/method correctly allows you to proceed without authentication.
However, going to api.domain.org/method seems to not see the flag, and it still asks for authentication.
Any ideas? Maybe it's time to create two separate vhosts?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试转到
apps/api/[your_module],您应该看到 actions 文件夹和 template 文件夹,然后在其中添加一个名为config的文件夹(如果没有)您的模块文件夹(与 actions 和 template 文件夹并行),然后在 config 文件夹中添加一个名为security.yml的文件。请记住,在 security.yml 中添加以下代码
,因为您只想删除模块的身份验证过程,因此您编辑的配置文件夹中的 security.yml 文件应位于模块文件夹内,而不是应用程序文件夹中。因为应用程序文件夹内还有 config 文件夹。
Try to go to
apps/api/[your_module], you should see actions folder and template folders, then add a folder namedconfig(if there isn't one) inside your module folder (parallel with actions & template folder), then add a file namedsecurity.ymlinside config folder.Add this following code in security.yml
remember, because you just want to remove authentication process for a module, the security.yml file you've edited config folder should be inside module folder, not in application folder. Because there is also config folder inside application folder.