如何从apache2配置文件访问环境变量? [英] How to access environment variables from apache2 configuration file?
问题描述
我正在尝试制作我的网站的一部分,它将在提示框中要求用户输入密码,然后在密码正确时允许访问隐藏的内容.我想将密码隐藏在apache2服务器中的某个位置;某个地方,这样我就不能直接转到URL栏中包含密码的javascript文件,例如 [mywebsite]/password.js .我尝试做
I am trying to make a part of my website where it will ask the user for a password in a prompt box, then allow access to the hidden content when the password is correct. I want to hide my password somewhere in my apache2 server; somewhere so that I can't just go to the javascript file containing the password in the URL bar, such as [mywebsite]/password.js. I tried doing
SetEnv PASSWORD password123
例如在我的网站配置文件中,然后在链接到我的HTML文件的javascript文件中,我编写了以下代码:
in my website configuration file for example, then in my javascript file linked to my HTML file I wrote the following code:
function check() {
var password = process.env.PASSWORD;
var str = prompt("Enter the correct password to continue: ");
if (str != password) {
check();
}
document.getElementById("visible").style.visibility = "visible";
}
但是,当我加载网站时,它会加载但内容仍然隐藏.如何在服务器中隐藏密码,以便可以直接在javascript文件中访问密码?有没有更好的方法可以做到这一点?我应该注意,在尝试隐藏密码之前,一切正常.
However, when I load the website it loads but with the content still hidden. How can I hide the password in my server so that I could access it in my javascript file directly? Is there maybe a better way to do this? I should note that everything worked properly before trying to hide the password.
推荐答案
首先,无法从浏览器上下文中访问process.env.process.env是一个nodejs变量.它只会存在于类似nodejs的环境中.浏览器中的javascript无法运行nodejs.
First off, process.env is not accessible from within a browser context. process.env is a nodejs variable. It will only exist in a nodejs-like environment. javascript in the browser does not run nodejs.
最简单的解决方案是阻止直接使用apache访问页面:
The simplest solution is to prevent access to the page using apache directly:
您需要生成一个.htpasswd文件.
You would need to generate an .htpasswd file.
在apache配置中,您将添加以下内容:
In your apache configuration, you would add something like this:
<Directory "/path/to/password/protected/folder">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /path/to/htpasswd
Require valid-user
</Directory>
这是有关如何在apache中设置受密码保护的文件夹的完整指南:
Here's a complete guide for how to setup a password protected folder in apache: