当 apache2 中没有基本身份验证时,优先使用匿名用户而不是经过身份验证的用户

当 apache2 中没有基本身份验证时,优先使用匿名用户而不是经过身份验证的用户

我的需求:

  1. 能够在 htpasswd 文件中对用户进行身份验证
  2. 能够成为匿名用户
  3. 如果不提供基本身份验证,则为匿名用户

我还需要知道后端的用户名是什么

通过以下配置我可以覆盖1.和2.:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName test.local
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
    <Location "/">
        AuthName "Use empty login (or "anonymous" login) and empty password to be anonymous"
        AuthType Basic
        AuthBasicProvider anon file
        AuthUserFile "/etc/apache2/passwords"

        Anonymous_NoUserID on
        Anonymous_MustGiveEmail off
        Anonymous anonymous

        Require valid-user
    </Location>

    # To know what is username
    RequestHeader set X-Remote-User expr=%{REMOTE_USER}
</VirtualHost>

示范:

# http -a 'bux:bux' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6

hello bux

# http -a ':' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6

hello

# http -a 'anonymous:' test.local
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Nov 2018 10:29:26 GMT
Keep-Alive: timeout=5, max=100
Server: WSGIServer/0.2 CPython/3.6.6

hello anonymous

但是如果我不提供基本身份验证,apache2 会请求它:

# http test.local
HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
Content-Length: 457
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 12 Nov 2018 10:35:51 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.25 (Debian)
WWW-Authenticate: Basic realm="Use 'anonymous' & Email address for guest entry"

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at test.local Port 80</address>
</body></html>

如果提供了基本身份验证,如何配置 apache 仅检查 htpasswd 用户?

相关内容