apache 仅在访问特定域时才使用 HTTP 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1359472/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Use HTTP Auth only if accessing a specific domain
提问by Dave DeLong
I've got several sites: example.com, example1.com, and example2.com. All of them point to my server's /public_htmlfolder, which is my Apache root folder.
我有几个网站: example.com,example1.com,和example2.com。它们都指向我服务器的/public_html文件夹,也就是我的 Apache 根文件夹。
What do I need to add to my .htaccessfile to use http authentication only if the user is coming from example2.com? example.comand example1.comshould NOT use authentication.
我需要在我的.htaccess文件中添加什么才能仅在用户来自example2.com. example.com并且example1.com不应使用身份验证。
I know I need something like
我知道我需要类似的东西
AuthType Basic
AuthName "Password Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user
But I only want to require a password if the user is visiting example2.com.
但我只想在用户访问example2.com.
Edit
编辑
Using an approach suggested in an answer, I have the following in my .htaccess file:
使用答案中建议的方法,我的 .htaccess 文件中有以下内容:
SetEnvIfNoCase Host ^(.*)$ testauth
<IfDefine testauth>
RewriteRule ^(.*)$ index2.php?q= [L,QSA]
</IfDefine>
I know that the mod_setenvif.c module is enabled (I verified with an <IfModule> block), but it would appear that "testauth" is never getting defined, because my test to verify (redirecting to index2.php) is not executing (whereas it was getting executed in my <IfModule> block). Any ideas why?
我知道 mod_setenvif.c 模块已启用(我使用 <IfModule> 块进行了验证),但似乎“testauth”从未被定义,因为我的验证测试(重定向到 index2.php)没有执行(而它是在我的 <IfModule> 块中执行的)。任何想法为什么?
回答by Jon Lin
How about something along the lines of this in the htaccess file in the document root:
文档根目录中的 htaccess 文件中的类似内容如何:
# set the "require_auth" var if Host ends with "example2.com"
SetEnvIfNoCase Host example2\.com$ require_auth=true
# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
This will make it so authentication is not required unless the host ends with example2.com(e.g. www.example2.com, dev.example2.com, etc). The expression can be tweaked if needed. Any other host will cause the require_authvar not to get set so authentication is notrequired. If this needs to be the other way around, the last line could be changed to: Allow from env=require_auth, removing the !.
这将使它所以不需要,除非与主机端的认证example2.com(如www.example2.com,dev.example2.com等)。如果需要,可以调整表达式。任何其他主机将导致require_authVAR不要让这样设置在验证不必需的。如果这需要反过来,最后一行可以更改为:Allow from env=require_auth,删除! .
回答by rebroken
回答by William Greenly
Here is one recommendation:
这是一项建议:
Create a file called common.confand save in an accessible location
创建一个名为的文件common.conf并保存在可访问的位置
In this file place the Apache configuration common to all sites (hosts).
在此文件中放置所有站点(主机)通用的 Apache 配置。
The remove the current single VirtualHost entry an replace with VirtualHost entries as follows:
删除当前的单个 VirtualHost 条目并替换为 VirtualHost 条目,如下所示:
# These are the password protected hosts
<VirtualHost *:80>
ServerName example.com
ServerAlias example1.com
Include /path-to-common-configuration/common.conf
AuthType Basic
AuthName "Password Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user
</VirtualHost>
# These are hosts not requiring authentication
<VirtualHost *:80>
ServerName example2.com
ServerAlias example3.com
Include /path-to-common-configuration/common.conf
</VirtualHost>
回答by Colin 't Hart
I wonder if DanH would be helped by an approach that allows access per IP address?
我想知道允许每个 IP 地址访问的方法是否会对 DanH 有所帮助?
Something like
就像是
SetEnvIf Remote_Addr 1\.2\.3\.4 AllowMeIn
SetEnvIfNoCase Host this\.host\.is\.ok\.com AllowMeIn
SetEnvIfNoCase Host this\.host\.is\.also\.ok\.com AllowMeIn
and then in your Drupal "container"
然后在你的 Drupal“容器”中
Order Allow,Deny
Allow from env=AllowMeIn
should do the trick.
应该做的伎俩。
Any host that is "live" should be configured to "AllowMeIn", or else you have to come from a known IP address (ie you and other developers).
任何“活动”的主机都应配置为“AllowMeIn”,否则您必须来自已知的 IP 地址(即您和其他开发人员)。
回答by Martin v. L?wis
You shouldn't be putting per-vhost configuration into .htaccess. Instead, put the config block in the VirtualHost block in the proper config file in /etc/apache/sites-enabled/*.
您不应该将每个虚拟主机的配置放入 .htaccess 中。相反,将配置块放在 VirtualHost 块中的正确配置文件中/etc/apache/sites-enabled/*。
