我有一个静态 HTML 网站,由 Apache 2.4 使用 SSI 提供服务。我一直使用基本身份验证来控制对文件子集的访问,但它已不再按预期运行。本质上,我想要做的就是要求网站某些部分提供用户名/密码。我已将我认为是相关的配置包含在内,并更改了一些名称以保护隐私。
/etc/apache2/sites-enabled/example.conf
<VirtualHost *:80>
ServerName site.example.com:80
ServerAdmin webmaster@localhost
DocumentRoot /var/www/site
<Directory /var/www/site/>
Options Includes Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.log
</VirtualHost>
/var/www/site/.htaccess
AuthType Basic
AuthName "Site Access Control"
AuthBasicProvider file
AuthUserFile /var/www/site/passwords
/var/www/site/dir1/dir2/protected-dir/.htaccess
require valid-user
据我了解,我已经为我的虚拟主机配置了站点目录。在顶级目录中,我已配置了基本身份验证。在那些我希望控制访问的目录中,我需要一个有效用户。.htaccess 文件应相应地组合。
当我浏览到:
site.example.com/dir1/dir2/protected-dir
我被授予了访问该页面的权限,并且可以看到其内容。这不是我所期望的。在 Apache2 错误日志中,我收到以下内容:
[Sat Jul 04 11:03:12.073970 2015] [deflate:debug] [pid 19576] mod_deflate.c(855): [client 192.168.50.242:63254] AH01384: Zlib: Compressed 3036 to 656 : URL /dir1/dir2/protected-dir/index.shtml, referer: http://site.example.com/dir1/dir2/
[Sat Jul 04 11:03:12.095014 2015] [authz_core:debug] [pid 19576] mod_authz_core.c(802): [client 192.168.50.242:63254] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://site.example.com/dir1/dir2/protected-dir/
[Sat Jul 04 11:03:12.095044 2015] [authz_core:debug] [pid 19576] mod_authz_core.c(802): [client 192.168.50.242:63254] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://site.example.com/dir1/dir2/protected-dir/
[Sat Jul 04 11:03:12.095721 2015] [authz_core:debug] [pid 19576] mod_authz_core.c(802): [client 192.168.50.242:63254] AH01626: authorization result of Require valid-user : granted, referer: http://site.example.com/dir1/dir2/protected-dir/
[Sat Jul 04 11:03:12.095741 2015] [authz_core:debug] [pid 19576] mod_authz_core.c(802): [client 192.168.50.242:63254] AH01626: authorization result of <RequireAny>: granted, referer: http://site.example.com/dir1/dir2/protected-dir/
[Sat Jul 04 11:03:12.095994 2015] [deflate:debug] [pid 19576] mod_deflate.c(855): [client 192.168.50.242:63254] AH01384: Zlib: Compressed 1397 to 481 : URL /dir1/dir2/protected-dir/style.css, referer: http://site.example.com/dir1/dir2/protected-dir/
您能确定我的配置有什么问题吗?
答案1
I am granted access to the page and its contents are visible. This is not what I expect.但是,配置包含Require all granted,因此预计授予对该页面及其内容的访问权限。
解释
The all provider mimics the functionality that was previously provided by the
'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments
which are 'granted' or 'denied'. The following examples will grant or deny access to all
requests.
Require all granted
Require all denied
如何解决这个问题
你可以使用mod_authn_core
Extended authentication providers can be created within the configuration file and assigned
an alias name. The alias providers can then be referenced through the directives
AuthBasicProvider or AuthDigestProvider in the same way as a base authentication provider.
Besides the ability to create and alias an extended provider, it also allows the same
extended authentication provider to be reference by multiple locations.
Examples
This example checks for passwords in two different text files.
Checking multiple text password files
# Check here first
<AuthnProviderAlias file file1>
AuthUserFile "/www/conf/passwords1"
</AuthnProviderAlias>
# Then check here
<AuthnProviderAlias file file2>
AuthUserFile "/www/conf/passwords2"
</AuthnProviderAlias>
<Directory "/var/web/pages/secure">
AuthBasicProvider file1 file2
AuthType Basic
AuthName "Protected Area"
Require valid-user
</Directory>
答案2
根据另一个答案,我发现将两个 .htaccess 文件合并为一个,并将其放在我希望保护的目录中就可以了。这是最终文件:
AuthType Basic
AuthName "Site Access Control"
AuthBasicProvider file
AuthUserFile /var/www/site/passwords
require valid-user