锁定网站 - 奇怪的行为

锁定网站 - 奇怪的行为

在 Centos7 (httpd 2.4) 中测试锁定目录或锁定整个网站时,我注意到以下奇怪的行为:

如果我锁定整个网站:

 <VirtualHost *:80>
 DocumentRoot /www/vhost100
 ServerName vhost100.test.local
 ErrorLog "/var/log/httpd/vhost100_error_log.log"
 CustomLog "/var/log/httpd/vhost100_access_log.log" combined
 <Directory "/www/vhost100">
 Options Indexes
 Require all granted
 </Directory>
    <Directory "/www/vhost100">
        AuthType Basic
        AuthName "Protected Area"
        AuthUserfile /etc/httpd/authfile
       Require valid-user
    </Directory>
  </VirtualHost>

并尝试:

 elinks http://vhost100.test.local 

根据 authfile 提交用户名/密码后,登录身份验证失败并出现以下消息:

 "This server could not verify that you are authorized to access the 
  document requested.Either you supplied the wrong credentials (eg bad 
  password) or your browser doesnt understand how to suppy the credentials 
  required"

错误日志文件没有记录任何内容。

相反,如果我修改了虚拟主机并调整对子目录的锁定(受限):

<VirtualHost *:80>
 DocumentRoot /www/vhost100
 ServerName vhost100.test.local
 ErrorLog "/var/log/httpd/vhost100_error_log.log"
 CustomLog "/var/log/httpd/vhost100_access_log.log" combined
 <Directory "/www/vhost100">
 Options Indexes
 Require all granted
 </Directory>
 <Directory "/www/vhost100/restricted">
      AuthType Basic
      AuthName "Protected Area"
      AuthUserfile /etc/httpd/authfile
      Require valid-user
 </Directory>
 </VirtualHost>

并尝试:

elinks http://vhost100.test.local/restricted 

身份验证有效,您可以查看受保护的内容!任何想法或帮助将不胜感激。

答案1

避免两个相互竞争的<Directory "/www/vhost100">声明。

答案2

以下部分已在您的原始配置中设置了两次:<Directory "/www/vhost100">

相关内容