我的 .htaccess 文件中有一个 filesmatch 指令:
<filesMatch "admin">
AuthUserFile /var/www/html/.htpasswd
AuthType Basic
AuthName "Protected Area"
require valid-user
</filesMatch>
它匹配http://www.website.com/admin(以及子页面,例如 /admin/edit_page)
但不是http://www.website.com/index.php/admin
(我还有一个 mod_rewrite 规则来隐藏大多数网站的 index.php,不知道这是否会冲突)。
mod重写规则:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
答案1
FilesMatch 匹配物理文件系统对象.index.php/admin 不是其中之一。