删除一个路径的 Lighttpd 密码验证

删除一个路径的 Lighttpd 密码验证

我有一个 lighttpd 服务器,我想从中提供一些文件。不幸的是,该服务器当前设置为需要密码验证,我希望这些文件可以公开访问。

我怎样才能使特定子目录中的文件不需要密码?

更复杂的是,配置文件中的大部分内容都是由其他管理员设置的,因此我尽量小心,以免破坏任何现有的安全设置。

# config stuff that I am hesitant to change
ssl.engine = "enable" 
ssl.pemfile = "/etc/lighttpd/ssl/foo.pem"
ssl.ca-file = "/etc/pki/tls/certs/foo.cert"

auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2

$HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico)" {
  auth.require = (
    "/" =>(
      "method" => "digest",
      "realm" => "Authorized users only",
      "require" => "valid-user"
    )
  )
}

$HTTP["url"] =~ "^/portal" {
  auth.require = (
    "/portal" => (
      "method" => "digest",
      "realm" => "portal users",
      "require" => "valid-user"
    )
  )
  url.redirect = ( "" => "/portal/")
}

$HTTP["remoteip"] !~ "1.2.3.4|5.6.7.8" {
    url.access-deny = ( "" )
}

# new directory that I want to make public
$HTTP["url"] =~ "^/public($|/)" {
    dir-listing.activate = "enable"
}

我尝试将 添加/public/*到第一个$HTTP["url"] !~块的正则表达式中,但没有成功。我还尝试ssl.engine在匹配的块内禁用/public($|/),但也没有成功。

答案1

这种设置对我来说非常有用,正如评论中所说的那样:

server.modules += ( "mod_auth" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/passwd"

$HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico|/public/.*)" {
  auth.require = (
    "/" =>(
      "method" => "digest",
      "realm" => "Authorized users only",
      "require" => "valid-user"
    )
  )
}

答案2

原来你仅使用空列表有选择地禁用它:

auth.require = ()

对于OP的例子:

# new directory that I want to make public
$HTTP["url"] =~ "^/public($|/)" {
    dir-listing.activate = "enable"
    auth.require = ()
}

将此块放在文件最后可确保它覆盖所有其他指令,这些指令可能是您想要的,也可能不是,具体取决于您的设置。我有一个案例,其中有多个具有不同身份验证方案的虚拟主机,但我想绕过所有这些,以便/.well-known/acme-challenge/能够certbot --webroot获取 Let's Encrypt 证书。对于我的示例:

##### Let's Encrypt

$HTTP["url"] =~ "^/.well-known/acme-challenge/" {
  server.document-root = "/var/www/"
  auth.require = ()
}

相关内容