问题
I for example I've got webserver's root directory /var/www/. And user's home directory: /var/www/testuser/. I also have basic authorization setted up, so there is a user with username testuser which successfully authorized. How can I check if the testuser is browsing their home directory by the means of webserver alone? This is how far I've got:
# Getting "testuser" out of "/testuser/echo.php"
SetEnvIf Request_URI ^/(.*)/ URI_HOME=$1
# Getting base64 encoded part out of Authorization header
SetEnvIf Authorization "^Basic (.*)$" X_HTTP_AUTHORIZATION=$1
# Converting base64 part to plain text, extracting username and comparing it with home directory
SetEnvIfExpr "tolower(unbase64(%{ENV:X_HTTP_AUTHORIZATION})) == %{ENV:URI_HOME}" USER_IS_IN_HOME_DIR
The major problem is that Apache doesn't have REMOTE_USER setted up on the stage when SetEnvIf is working. So I absolutely have to parse Authorization header from request. I almost done it, but I have to cut out part after column to make comparison proper.
How can I do it?
回答1:
The following seems to be working:
SetEnvIf Request_URI ^/(.*)/ URI_HOME=$1
SetEnvIf Authorization "^Basic (.*)$" X_HTTP_AUTHORIZATION=$1
SetEnvIfExpr "unbase64(%{ENV:X_HTTP_AUTHORIZATION}) -strcmatch '%{ENV:URI_HOME}:*'" USER_IS_IN_HOME_DIR
Any ideas how to improve it?
来源:https://stackoverflow.com/questions/58126249/apache-check-if-user-is-browsing-their-home-directory