我的需求:
- 能够在 htpasswd 文件中对用户进行身份验证
- 能够成为匿名用户
- 如果不提供基本身份验证,则为匿名用户
我还需要知道后端的用户名是什么
通过以下配置我可以覆盖1.和2.:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName test.local
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
<Location "/">
AuthName "Use empty login (or "anonymous" login) and empty password to be anonymous"
AuthType Basic
AuthBasicProvider anon file
AuthUserFile "/etc/apache2/passwords"
Anonymous_NoUserID on
Anonymous_MustGiveEmail off
Anonymous anonymous
Require valid-user
</Location>
# To know what is username
RequestHeader set X-Remote-User expr=%{REMOTE_USER}
</VirtualHost>
示范:
# http -a 'bux:bux' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6
hello bux
# http -a ':' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6
hello
# http -a 'anonymous:' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6
hello anonymous
但是如果我不提供基本身份验证,apache2 会请求它:
# http test.local
HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
Content-Length: 457
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 12 Nov 2018 10:35:51 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.25 (Debian)
WWW-Authenticate: Basic realm="Use 'anonymous' & Email address for guest entry"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at test.local Port 80</address>
</body></html>
如果提供了基本身份验证,如何配置 apache 仅检查 htpasswd 用户?