How to use a RELATIVE path with AuthUserFile in htaccess?

后端 未结 9 1375
我在风中等你
我在风中等你 2021-01-31 12:51

I have a .htaccess that uses basic authentication. It seems the path to the .htpasswd file isn\'t relative to the htaccess file, but instead to the server config.

So eve

相关标签:
9条回答
  • 2021-01-31 13:40

    1) Note that it is considered insecure to have the .htpasswd file below the server root.

    2) The docs say this about relative paths, so it looks you're out of luck:

    File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

    3) While the answers recommending the use of environment variables work perfectly fine, I would prefer to put a placeholder in the .htaccess file, or have different versions in my codebase, and have the deployment process set it all up (i. e. replace placeholders or rename / move the appropriate file).

    On Java projects, I use Maven to do this type of work, on, say, PHP projects, I like to have a build.sh and / or install.sh shell script that tunes the deployed files to their environment. This decouples your codebase from the specifics of its target environment (i. e. its environment variables and configuration parameters). In general, the application should adapt to the environment, if you do it the other way around, you might run into problems once the environment also has to cater for different applications, or for completely unrelated, system-specific requirements.

    0 讨论(0)
  • 2021-01-31 13:41

    I know this is an old question, but I just searched for the same thing and probably there are many others searching for a quick, mobile solution. Here is what I finally come up with:

    # We set production environment by default
    SetEnv PROD_ENV 1
    
    <IfDefine DEV_ENV>
      # If 'DEV_ENV' has been defined, then unset the PROD_ENV
      UnsetEnv PROD_ENV
    
      AuthType Basic
      AuthName "Protected Area"
      AuthUserFile /var/www/foo.local/.htpasswd
      Require valid-user
    </IfDefine>
    
    <IfDefine PROD_ENV>
      AuthType Basic
      AuthName "Protected Area"
      AuthUserFile /home/foo/public_html/.htpasswd
      Require valid-user
    </IfDefine>
    
    0 讨论(0)
  • 2021-01-31 13:44

    you may put your Auth settings into a Environment. Like:

    SetEnvIf HTTP_HOST testsite.local APPLICATION_ENV=development
    <IfDefine !APPLICATION_ENV>
      Allow from all
      AuthType Basic
      AuthName "My Testseite - Login" 
      AuthUserFile /Users/tho/htdocs/wgh_staging/.htpasswd
      Require user username
    </IfDefine>
    

    The Auth is working, but I couldn't get my environment really running.

    0 讨论(0)
提交回复
热议问题