仅在访问特定域时才使用 HTTP 身份验证 [英] Use HTTP Auth only if accessing a specific domain

问题描述

我有几个站点:example.com、example1.com 和 example2.com.它们都指向我服务器的 /public_html 文件夹，这是我的 Apache 根文件夹.

I've got several sites: example.com, example1.com, and example2.com. All of them point to my server's /public_html folder, which is my Apache root folder.

仅当用户来自 example2.com 时，我需要向 .htaccess 文件添加什么才能使用 http 身份验证?example.com 和 example1.com 不应使用身份验证.

What do I need to add to my .htaccess file to use http authentication only if the user is coming from example2.com? example.com and example1.com should NOT use authentication.

我知道我需要类似的东西

I know I need something like

AuthType Basic
AuthName "Password Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user

但我只想在用户访问 example2.com 时要求输入密码.

But I only want to require a password if the user is visiting example2.com.

编辑

使用答案中建议的方法，我的 .htaccess 文件中有以下内容:

Using an approach suggested in an answer, I have the following in my .htaccess file:

SetEnvIfNoCase Host ^(.*)$ testauth
<IfDefine testauth>
RewriteRule ^(.*)$ index2.php?q=$1 [L,QSA]
</IfDefine>

我知道 mod_setenvif.c 模块已启用(我使用 <IfModule> 块进行了验证)，但似乎testauth"从未被定义，因为我的验证测试(重定向到 index2.php)没有执行(而它是在我的 <IfModule> 块中执行的).任何想法为什么?

I know that the mod_setenvif.c module is enabled (I verified with an <IfModule> block), but it would appear that "testauth" is never getting defined, because my test to verify (redirecting to index2.php) is not executing (whereas it was getting executed in my <IfModule> block). Any ideas why?

推荐答案

文档根目录下的 htaccess 文件中的类似内容如何:

How about something along the lines of this in the htaccess file in the document root:

# set the "require_auth" var if Host ends with "example2.com"
SetEnvIfNoCase Host example2\.com$ require_auth=true

# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic

# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth

这将使其不需要身份验证，除非主机以 example2.com 结尾(例如 www.example2.com、dev.example2.com 等).如果需要，可以调整表达式.任何其他主机都会导致 require_auth 变量未设置，因此不需要身份验证.如果需要反过来，最后一行可以更改为:Allow from env=require_auth，删除 !.

This will make it so authentication is not required unless the host ends with example2.com (e.g. www.example2.com, dev.example2.com, etc). The expression can be tweaked if needed. Any other host will cause the require_auth var not to get set so authentication is not required. If this needs to be the other way around, the last line could be changed to: Allow from env=require_auth, removing the !.

这篇关于仅在访问特定域时才使用 HTTP 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！