发表新帖
发表新帖

.htaccess basic auth by virtual host?

后端 未结
关注
3 493
野的像风
野的像风 2021-01-02 04:31

I was wondering if it was possible to setup a conditional http basic auth requirement based on the virtual host URL in an .htaccess file.

For example what I want t

相关标签:
3条回答
  • 深忆病人
    2021-01-02 04:47

    You can sort of kludge this by using mod_setenvif along with the mod_auth modules. Use the SetEnvIfNoCase directive to set which host is password protected. You'll need a couple of extra directives to satisfy access:

    # Check for the hostname here
SetEnvIfNoCase HOST ^test\.mysite\.com\.?(:80)?$ PROTECTED_HOST

    Then inside the Directory block (or just out in the open) you have your auth stuff setup, something like this:

    AuthUserFile /var/www/test.mysite.com/htpasswd
AuthType Basic
AuthName "Password Protected"

    Now for the require/satisfy stuff:

    Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!PROTECTED_HOST

    This will make it so any host that doesn't match ^test\.mysite\.com\.?(:80)?$ will have access without need for auth (Allow from env=!PROTECTED_HOST) but otherwise, we need a valid user (Require valid-user). The Satisfy any ensures that we just need one of the 2, either the Allow or Require.

    0 讨论(0)
  • 忘掉有多难
    2021-01-02 04:50

    Here's a solution similar to what Jon Lin proposed, but using RewriteCond to check the host name:

    RewriteEngine On
RewriteCond %{HTTP_HOST} =protected.hostname.com
RewriteRule ^.*$ - [E=DENY:1]

AuthUserFile /path/to/htpasswd
AuthName "Password please"
AuthType Basic

Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!DENY
    0 讨论(0)
  • 傲寒
    2021-01-02 04:54

    I had problems implementing Jon's solution: Although I am quite familiar with Apache conf and regular expressions, the authentication always fired. From a quick analyzes it looked like the Allow from env=!PROTECTED_HOST line did not kick in.

    But I found another solution that actually looks safer to me:

    I created two virtual hosts for the two domains pointing to the same document root (which is fully allowed by the way). In one of the vhosts I added the directives for basic auth (directly into the vhost directive block).

    Works like a charm. And I have a better feeling that this is really safe - no risk to overlook any details in the regex pattern that would open up the gates for intruders.

    <VirtualHost *:80>
    ServerName www.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    <Directory "/path/to/common/doc/root">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName protected.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    <Directory "/path/to/common/doc/root">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all

        AuthUserFile /path/to/htpasswd
        AuthName "Password please"
        AuthType Basic
        Require valid-user
    </Directory>
</VirtualHost>
    0 讨论(0)
 看不清?
提交回复
热议问题