在 Centos7 (httpd 2.4) 中测试锁定目录或锁定整个网站时,我注意到以下奇怪的行为:
如果我锁定整个网站:
<VirtualHost *:80>
DocumentRoot /www/vhost100
ServerName vhost100.test.local
ErrorLog "/var/log/httpd/vhost100_error_log.log"
CustomLog "/var/log/httpd/vhost100_access_log.log" combined
<Directory "/www/vhost100">
Options Indexes
Require all granted
</Directory>
<Directory "/www/vhost100">
AuthType Basic
AuthName "Protected Area"
AuthUserfile /etc/httpd/authfile
Require valid-user
</Directory>
</VirtualHost>
并尝试:
elinks http://vhost100.test.local
根据 authfile 提交用户名/密码后,登录身份验证失败并出现以下消息:
"This server could not verify that you are authorized to access the
document requested.Either you supplied the wrong credentials (eg bad
password) or your browser doesnt understand how to suppy the credentials
required"
错误日志文件没有记录任何内容。
相反,如果我修改了虚拟主机并调整对子目录的锁定(受限):
<VirtualHost *:80>
DocumentRoot /www/vhost100
ServerName vhost100.test.local
ErrorLog "/var/log/httpd/vhost100_error_log.log"
CustomLog "/var/log/httpd/vhost100_access_log.log" combined
<Directory "/www/vhost100">
Options Indexes
Require all granted
</Directory>
<Directory "/www/vhost100/restricted">
AuthType Basic
AuthName "Protected Area"
AuthUserfile /etc/httpd/authfile
Require valid-user
</Directory>
</VirtualHost>
并尝试:
elinks http://vhost100.test.local/restricted
身份验证有效,您可以查看受保护的内容!任何想法或帮助将不胜感激。
答案1
避免两个相互竞争的<Directory "/www/vhost100">声明。
答案2
以下部分已在您的原始配置中设置了两次:<Directory "/www/vhost100">