任何人都可以帮助将此 .htaccess 规则更改为 nginx 吗?
我正在使用名为 JWT Authentication for WP REST API,它有一些用 .htaccess 编写的规则,但我使用的是 Nginx 服务器,并且想在 Nginx 配置中添加这些规则。
rewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
I am using a WordPress plugin named JWT Authentication for WP REST API, it has some rules written in .htaccess but I am using Nginx server and want to add these rule in the Nginx configuration.
rewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您不需要转换此 Apache 规则以在 Nginx 中工作。
此规则是针对当 PHP 作为 CGI(而不是 Apache 模块)安装时 Apache 强加的特定 Apache 安全功能(障碍)的解决方法。 AFAIK,同样的问题不适用于 Nginx。
(基本上,Apache 会阻止将授权 HTTP 请求标头发送到所有后端 CGI 脚本,以防止用户名/密码无意中发送到不受信任的脚本。不幸的是,当安装为(快速)CGI 时,这也包括 PHP。 )
You shouldn't need to convert this Apache rule to work in Nginx.
This rule is a workaround for a specific Apache security feature (hobble) that is imposed by Apache when PHP is installed as CGI, as opposed to an Apache module. AFAIK, the same issue does not apply to Nginx.
(Basically, Apache prevents the
AuthorizationHTTP request header being sent to all backend CGI scripts to prevent usernames/passwords being inadvertently sent to untrusted scripts. Unfortunately, this also includes PHP when installed as (Fast)CGI.)