nginx auth_basic时间限制 [英] nginx auth_basic time limitation

问题描述

我正在使用nginx和auth_basic模块保护我的开发服务器，但似乎找不到找到指定验证"时间间隔的方法.

I'm protecting my dev server using nginx and the auth_basic module, but I can't seem to find a way to specify the interval at which the 'authentication' expires.

我希望能够强制Nginx每隔6小时要求输入一次密码.有没有办法做到这一点?如果没有，什么是可以接受的解决方法?

I would like to be able to force nginx to ask for the password say every 6 hours. Is there a way to do that? If not, what is an acceptable workaround?

推荐答案

可能是不可能的.在 nginx HttpAuthBasicModule页面上似乎没有任何文档可以建议您超时基本" HTTP身份验证.

It's probably not possible. There doesn't seem to be any documentation on the nginx HttpAuthBasicModule page to suggest that you can timeout Basic HTTP authentication.

Authorization标头的 HTTP规范也未指定超时机制.我不希望您需要超时也不会依赖基本身份验证，除非您同时还需要处理Web应用程序.

The HTTP specification for Authorization headers also does not specify a timeout mechanism. I don't expect you'll be able to rely on basic authentication if you need timeouts, unless you're also fronting a web application.

如果要使用Web应用程序，则可以在cookie中维护会话，并在一段时间不活动后使该会话超时.会话超时结束后，请使用您的Web应用程序发送以下标头:

If you're fronting a web application, you could maintain a session in a cookie and time out the session after a period of inactivity. When the session timeout finishes, use your web application to send the following headers:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic Realm="MyApp"

这将提示浏览器再次要求提供凭据.如果您需要访问Web应用程序中的用户身份，则应该在REMOTE_USER CGI环境变量中找到它.

That will prompt the browser to ask for credentials again. If you need access to the user's identity in your web application, you should find it in the REMOTE_USER CGI environment variable.

要使用此技术有效地服务静态资产，XSendfile 可能有用.

To serve static assets efficiently using this technique, XSendfile might be useful.

这篇关于nginx auth_basic时间限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！