仅在访问特定域时才使用 HTTP 身份验证 [英] Use HTTP Auth only if accessing a specific domain
问题描述
我有几个站点:example.com
、example1.com
和 example2.com
.它们都指向我服务器的 /public_html
文件夹,这是我的 Apache 根文件夹.
I've got several sites: example.com
, example1.com
, and example2.com
. All of them point to my server's /public_html
folder, which is my Apache root folder.
仅当用户来自 example2.com
时,我需要向 .htaccess
文件添加什么才能使用 http 身份验证?example.com
和 example1.com
不应使用身份验证.
What do I need to add to my .htaccess
file to use http authentication only if the user is coming from example2.com
? example.com
and example1.com
should NOT use authentication.
我知道我需要类似的东西
I know I need something like
AuthType Basic
AuthName "Password Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user
但我只想在用户访问 example2.com
时要求输入密码.
But I only want to require a password if the user is visiting example2.com
.
编辑
使用答案中建议的方法,我的 .htaccess 文件中有以下内容:
Using an approach suggested in an answer, I have the following in my .htaccess file:
SetEnvIfNoCase Host ^(.*)$ testauth
<IfDefine testauth>
RewriteRule ^(.*)$ index2.php?q=$1 [L,QSA]
</IfDefine>
我知道 mod_setenvif.c 模块已启用(我使用 <IfModule> 块进行了验证),但似乎testauth"从未被定义,因为我的验证测试(重定向到 index2.php)没有执行(而它是在我的 <IfModule> 块中执行的).任何想法为什么?
I know that the mod_setenvif.c module is enabled (I verified with an <IfModule> block), but it would appear that "testauth" is never getting defined, because my test to verify (redirecting to index2.php) is not executing (whereas it was getting executed in my <IfModule> block). Any ideas why?
推荐答案
文档根目录下的 htaccess 文件中的类似内容如何:
How about something along the lines of this in the htaccess file in the document root:
# set the "require_auth" var if Host ends with "example2.com"
SetEnvIfNoCase Host example2\.com$ require_auth=true
# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
这将使其不需要身份验证,除非主机以 example2.com
结尾(例如 www.example2.com
、dev.example2.com
等).如果需要,可以调整表达式.任何其他主机都会导致 require_auth
变量未设置,因此不需要身份验证.如果需要反过来,最后一行可以更改为:Allow from env=require_auth
,删除 !.
This will make it so authentication is not required unless the host ends with example2.com
(e.g. www.example2.com
, dev.example2.com
, etc). The expression can be tweaked if needed. Any other host will cause the require_auth
var not to get set so authentication is not required. If this needs to be the other way around, the last line could be changed to: Allow from env=require_auth
, removing the !.
这篇关于仅在访问特定域时才使用 HTTP 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!