从HTTP基本身份验证中排除特定的Cakephp控制器 [英] Exclude specific cakephp controller from http basic auth
问题描述
我正在尝试从基本的HTTP身份验证中阻止路径(URI). 路径为/rest( http://example.com/rest ),它代表cakephp 3的控制器.应用.它不是真实的文件,而是由重写条件重写并由webroot目录中的index.php处理的路径.
I'm trying to exclude a path (URI) from being blocked by basic http auth. The path is /rest (http://example.com/rest) and represents a controller of a cakephp 3 application. It is NOT a real file, but rather a path rewritten by a rewite-condition and handeled by index.php in the webroot dir.
这是重写规则:
/var/www/.htaccess
:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
/var/www/webroot/.htaccess
:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
我正在运行apache 2.4并尝试了不同的配置:
I'm running apache 2.4 and tried different configurations:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
Require expr %{REQUEST_URI} =~ m#/rest/.*#
Require expr %{REQUEST_URI} =~ m#/index.php/rest/.*#
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
...改编自 https://stackoverflow.com/a/33655232/1285585
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Allow from all
Satisfy any
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
...来自 https://serverfault.com/a/475845/229877
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</Virtualhost>
...来自 https://www.apachelounge.com/viewtopic.php ?p = 30200
...
<Location "/">
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI /rest noauth=1
SetEnvIf Request_URI ^/index.php/rest noauth=1
SetEnvIf Request_URI /index.php/rest noauth=1
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
</Location>
...来自 https://stackoverflow.com/a/8979889/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location ~ "/(rest|index.php/rest)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
...来自 https://stackoverflow.com/a/13296294/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Files "index.php/rest">
Satisfy Any
Allow from all
</Files>
<Files "rest">
Satisfy Any
Allow from all
</Files>
...来自 HTTP基本身份验证排除单个文件
但是,它们似乎都不起作用.我总是使用wget或来自浏览器的身份验证请求收到错误401.
However, none of them seem to work. I always get error 401 using wget or an auth request from a browser.
问题似乎是,路径/rest通过了条件,但随后被重写为index.php,该文件在基本auth的控制下(必须是).
The problem seems to be, that the path /rest passes the condition but then is rewritten to index.php, which is under control of basic auth (and has to be).
有任何线索吗?
推荐答案
当我对这个答案不满意时,终于想通了( https: //stackoverflow.com/a/14010456/1285585 )中的一个相关问题.
Finally figured it out when I stumbelled upon this answer ( https://stackoverflow.com/a/14010456/1285585 ) to a related question.
这是我的解决方案:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/rest/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order Deny,Allow
Satisfy any
Deny from all
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
这篇关于从HTTP基本身份验证中排除特定的Cakephp控制器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!