除本地主机外的Apache身份验证 [英] Apache authentication except localhost

问题描述

我仅在公共使用网站时需要应用HTTP身份验证，但是我不在我的本地主机上应用它.我认为这应该是.htaccess.但这是行不通的-它仍然要求我提供用户名/通行证.
我究竟做错了什么?

I need to apply HTTP auth just in public use of website, but I don't apply it on my localhost. This is the .htaccess that I think should work. But it doesn't work - it still asks me for user/pass.
What am I doing wrong?

SetEnvIf Remote_Addr ^127\.0\.0\.1$ develmode
<IfDefine !develmode>
    AuthType Basic
    AuthName "ADMIN"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
</IfDefine>

mod_setenvif当然是启用的.

推荐答案

您需要查看order和satisfy关键字.下面是我网站上的工作示例.首先，我们告诉我们接受IP或USER.然后，我们定义htpasswd文件路径，并接受该文件中的任何有效用户.最后，我们定义哪些客户端IP地址无需身份验证即可访问我们的网站(我们拒绝所有其他IP，因此它们必须通过htpasswd进行身份验证).

You need to look at the order and satisfy keywords. Working example from my website is below. First we tell that we accept either the IP or USER. Then we define htpasswd file path and that we accept any valid user from that file. Finally we define which client IP addresses can access our web without auth (we deny all other IPs, so that they must auth via htpasswd).

# permit by USER || IP
Satisfy any
# USER
AuthUserFile /var/www/munin/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic
require valid-user
# IP
order deny,allow
deny from all
allow from 11.22.33.

这篇关于除本地主机外的Apache身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！