问题
I am trying to control access to testing sites/hosts but not the production site using .htaccess and Apache 2.2. I am using mod_rewrite to detect the host name and set some environment variables used to control various aspects of the site but can not leverage this for controlling access. I can only control access with mod_setenvif.
I can detect the host and set environment variables. (Simplified.)
RewriteCond %{HTTP_HOST} test\..*
RewriteRule ^ - [ENV=requireAuth:1,ENV=...]
I then later try to use it for controlling access.
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /file/location/.htpasswd
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!requireAuth
This does not work. Removing the not (!) forces every site to have a password which is not acceptable.
I tried a couple of variations using mod_setenvif and only requireAuth2 works.
SetEnvIf HOST "test.+" requireAuth2
SetEnvIf requireAuth ".+" requireAuth3
SetEnvIf %{ENV:requireAuth} ".+" requireAuth4
I dump the request using phpinfo() and only see requestAuth and requestAuth2.
I rather not have to redo my host checking logic because I have many different host names and many different environment variables. I also like the idea of defaulting to access and having a single env=! test. Rather error on granting access than denying access.
Any suggestions?
Thank, Wes.
回答1:
Use mod_setenv:
SetEnvIfNoCase Host ^test\. requireAuth
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /file/location/.htpasswd
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!requireAuth
来源:https://stackoverflow.com/questions/23087021/allow-from-env-with-mod-rewrite-not-mod-setenvif-in-htaccess