我按照许多教程和文档尝试了许多不同的配置,如果不创建数千个 .htaccess 文件,我就无法获得身份验证。
这是我的配置:
<VirtualHost *:443>
DocumentRoot /home/user/www
ServerName preprod.user.com
<Directory /home/user/www>
Options Indexes SymLinksIfOwnerMatch
AllowOverride All
AllowOverride FileInfo AuthConfig Limit
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/private/preprod.user.com.crt
SSLCertificateKeyFile /etc/ssl/private/preprod.user.com.key
</VirtualHost>
在根级别,我编写了这个 /home/user/www/.htaccess 文件:
AuthType DIGEST
AuthName "preproduction"
AuthDigestNonceLifetime 1
AuthDigestDomain "/home/user/www/" "https://preprod.user.com/"
AuthDigestProvider file
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
结果是:
https://preprod.user.com/ asks for a password
https://preprod.user.com/v1/ asks for a password
但 :
https://preprod.user.com/v1/index.php <strong>doesn't ask for password</strong>
谢谢你们
答案1
我刚刚找到了一个解决方案:
问题出在文件上:没有告诉文件身份验证适用,它仅适用于目录和文件保持服务!
<Files *>
AuthType DIGEST
AuthName "preproduction"
AuthDigestNonceLifetime 1
AuthDigestDomain "https://preprod.user.com/"
AuthDigestProvider file
AuthUserFile "/web/auth/.digest_pw"
Require valid-user
</Files>
再见 !