django - 使用基本身份验证保护一些Web路径 [英] django - protect some web paths with basic authentication

问题描述

我对django很新，只是尝试了一些简单的实验来让我的脚变湿。我正在运行django 1.0，apache2 prefork和mod_wsgi。
我试图用以下url结构来构建一个网站

  / 
 / members 
 / admin 
  

根本基本上是一个公共区域。

成员路径应该使用基本认证（可能通过apache认证）进行保护

应该使用内置的django身份验证来保护管理路径。

文档中的示例基本上可以通过基本身份验证保护整个站点，但这不是我想要的。

除了虚拟主机配置：

  WSGIScriptAlias / / django / rc / apache / django.wsgi 
< Directory / django / rc / apache> 
 AuthType Basic 
 AuthName需要验证
 AuthUserFile/django/_HTPASSWD/.htpasswd
要求有效用户
 
＃订单允许，拒绝
＃允许从所有
< / Directory> 
  

任何人都可以帮助我指出正确的方向（或平面告诉我= P）这样做可能吗？

谢谢

---

编辑：
在玩了一点后，发现我可以做一些像：

  WSGIScriptAlias / / django / rc / apache / django。 wsgi 
< Directory / django / rc / apache> 
订单允许，拒绝
允许从所有
< / Directory> 
 
 WSGIScriptAlias / members /django/rc/apache_httpauth/django.wsgi 
< Directory / django / rc / apache_httpauth> 
 AuthType Basic 
 AuthName需要验证
 AuthUserFile/django/_HTPASSWD/.htpasswd
要求有效用户
 
< / Directory> 
  

django.wsgi文件基本上是复制到另一个目录中的文件，以便WSGIScriptAlias不同。这是黑客，但它的工作。

有更好的方式来做我想要的吗？

有什么缺点做这样做？

谢谢

解决方案

更改：

 < Directory / django / rc / apache_httpauth> 
 AuthType Basic 
 AuthName需要验证
 AuthUserFile/django/_HTPASSWD/.htpasswd
要求有效用户
< / Directory> 
  

to：

 code><位置/成员> 
 AuthType Basic 
 AuthName需要验证
 AuthUserFile/django/_HTPASSWD/.htpasswd
要求有效用户
< / Location> 
  

我不相信你应该需要：

  WSGIScriptAlias / members /django/rc/apache_httpauth/django.wsgi 
  

i'm fairly new to django and just trying a couple simple experiments to get my feet wet. i'm running django 1.0, apache2 prefork and mod_wsgi. I'm trying to build a site with the following url structure

/
/members
/admin

the root is basically a public area.
the members path should be protected using basic-authentication (probably authenticated by apache)
the admin path should be protected using the built in django authentication.

following the examples in documentation i can basically protect the entire site with basic authentication, but that's not what i want.

except from virtual host config:

WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user

# Order allow,deny
# Allow from all
</Directory>

Can anyone help point me in the right direction (or flat out tell me =P) on how to make this possible?

thanks

---

edit: after playing around a little i discovered i can do something like:

WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
Order allow,deny
Allow from all
</Directory>

WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi
<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user

</Directory>

The django.wsgi file is basically the same file copied into another directory so that the WSGIScriptAlias is different. It's hack-ish but it works..

Is there a better way to do what i'd like?
Are there any downsides to doing it like this?

thanks

解决方案

Change:

<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Directory>

to:

<Location /members>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Location>

I don't believe you should need:

WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi

这篇关于django - 使用基本身份验证保护一些Web路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！