允许查询字符串通过 .htaccess 密码保护
我有一个临时站点,我使用 .htaccess 密码对其进行保护。
但是,由于它是一个电子商务网站,我需要 paypal 的 IPN 才能与我的网站进行通信。
我正在使用以下 .htaccess 但它不起作用。密码保护仍然有效。
Deny from all
Order deny,allow
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/path/to/htpasswd"
require valid-user
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^paypalListener=paypal_standard_IPN$
RewriteRule .* - [E=test_uri]
</IfModule>
#Allow valid-user
Allow from env=test_uri
Satisfy any
谁能指导我这里出了什么问题?
I have a staging site where I have secured it using .htaccess password.
However, as it's an eCommerce site, I need paypal's IPN to be able the communicate with my site.
I'm using the following .htaccess but it's not working. The password protect is still in effect.
Deny from all
Order deny,allow
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/path/to/htpasswd"
require valid-user
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^paypalListener=paypal_standard_IPN$
RewriteRule .* - [E=test_uri]
</IfModule>
#Allow valid-user
Allow from env=test_uri
Satisfy any
Can anyone guide me on what is wrong here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好的,据我所知,
[E=test_uri]只是将“test_uri”设置为空字符串,因此不执行任何操作。此外,Allow from需要 IP 或域(例如 PayPal 的服务器向您的网站发出请求)。因此,如果您将环境变量正确设置为发出请求的远程地址,它可能会起作用,如下所示:
不过,我现在无法测试这一点。
还要确保服务器的 .conf 文件中没有其他身份验证规则,并且 .htaccess 文件中的身份验证指令已解析 (
Options AuthConfig)。Ok, from what I can see,
[E=test_uri]just sets "test_uri" to an empty string, so doesn't do anything. Also,Allow fromexpects an IP or domain (ex. PayPal's servers making the request to your site).So it might work if you properly set the environment variable to the remote address making the request, like this:
I can't test this right now though.
Also make sure that there aren't other authentication rules in the server's .conf file and that authentication directives in .htaccess files are parsed (
Options AuthConfig).