从HTTP基本身份验证中排除特定的Cakephp控制器 [英] Exclude specific cakephp controller from http basic auth

问题描述

我正在尝试从基本的HTTP身份验证中阻止路径(URI). 路径为/rest( http://example.com/rest )，它代表cakephp 3的控制器.应用.它不是真实的文件，而是由重写条件重写并由webroot目录中的index.php处理的路径.

I'm trying to exclude a path (URI) from being blocked by basic http auth. The path is /rest (http://example.com/rest) and represents a controller of a cakephp 3 application. It is NOT a real file, but rather a path rewritten by a rewite-condition and handeled by index.php in the webroot dir.

这是重写规则:

/var/www/.htaccess:

<IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteRule    ^$    webroot/    [L]
     RewriteRule    (.*) webroot/$1    [L]
</IfModule>

/var/www/webroot/.htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^ index.php [L]
</IfModule>

我正在运行apache 2.4并尝试了不同的配置:

I'm running apache 2.4 and tried different configurations:

<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/webroot
<Directory /var/www>
   Options FollowSymLinks
   AllowOverride All
</Directory>
<Location "/">
           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Require valid-user
           Require expr %{REQUEST_URI} =~ m#/rest/.*#
           Require expr %{REQUEST_URI} =~ m#/index.php/rest/.*#
</Location>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

...改编自 https://stackoverflow.com/a/33655232/1285585

<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/webroot
<Directory /var/www>
   Options FollowSymLinks
   AllowOverride All
</Directory>
<Location "/">
           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Require valid-user
</Location>
<Location "/rest">
   Allow from all
   Satisfy any
</Location>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

...来自 https://serverfault.com/a/475845/229877

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/webroot
<Directory /var/www>
  Options FollowSymLinks
  AllowOverride All
 </Directory>
 <Location "/">
   AuthType Basic
   AuthName "Keawe Development"
   AuthUserFile /host/.htpasswd
   Require valid-user
 </Location>
 <Location "/rest">
   Require all granted
 </Location>
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
 </Virtualhost>

...来自 https://www.apachelounge.com/viewtopic.php ?p = 30200

...
 <Location "/">
           SetEnvIf Request_URI ^/rest noauth=1
           SetEnvIf Request_URI /rest noauth=1
           SetEnvIf Request_URI ^/index.php/rest noauth=1
           SetEnvIf Request_URI /index.php/rest noauth=1

           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Order Deny,Allow
           Satisfy any
           Deny from all
           Require valid-user
           Allow from env=noauth
 </Location>

...来自 https://stackoverflow.com/a/8979889/1285585

 <Location "/">
   AuthType Basic
   AuthName "Keawe Development"
   AuthUserFile /host/.htpasswd
   Require valid-user
 </Location>
 <Location ~ "/(rest|index.php/rest)">
   Satisfy Any
   Allow from all
   AuthType None
   Require all granted
 </Location>

...来自 https://stackoverflow.com/a/13296294/1285585

<Location "/">
  AuthType Basic
  AuthName "Keawe Development"
  AuthUserFile /host/.htpasswd
  Require valid-user
</Location> 
<Files "index.php/rest">
   Satisfy Any
   Allow from all
</Files>
<Files "rest">
   Satisfy Any
   Allow from all
</Files>

...来自 HTTP基本身份验证排除单个文件

但是，它们似乎都不起作用.我总是使用wget或来自浏览器的身份验证请求收到错误401.

However, none of them seem to work. I always get error 401 using wget or an auth request from a browser.

问题似乎是，路径/rest通过了条件，但随后被重写为index.php，该文件在基本auth的控制下(必须是).

The problem seems to be, that the path /rest passes the condition but then is rewritten to index.php, which is under control of basic auth (and has to be).

有任何线索吗?

推荐答案

当我对这个答案不满意时，终于想通了( https: //stackoverflow.com/a/14010456/1285585 )中的一个相关问题.

Finally figured it out when I stumbelled upon this answer ( https://stackoverflow.com/a/14010456/1285585 ) to a related question.

这是我的解决方案:

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/webroot
  <Directory /var/www>
    Options FollowSymLinks
    AllowOverride All
 </Directory>

 <Location "/">
    # Default to Basic Auth protection for any stie
    AuthType Basic
    AuthName "Keawe Development"
    AuthUserFile /host/.htpasswd
    Require valid-user

    # If the request goes to a rest page: bypass basic auth
    SetEnvIf Request_URI ^/rest/ noauth=1
    Allow from env=REDIRECT_noauth
    Allow from env=noauth

    Order Deny,Allow
    Satisfy any
    Deny from all
  </Location>

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

这篇关于从HTTP基本身份验证中排除特定的Cakephp控制器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！