Apache2 mod_auth_form 位置下的重定向太多
Apache2 mod_auth_form too many redirects under Location
我正在尝试使用 mod_auth_form
构建代理 HTTP 授权页面
我的目标是在 DocumentRoot 目录中有一个 Auth 页面,然后一旦用户连接,只需代理到 "real" 应用程序的所有路由,运行 在本地主机上与另一个端口。
我在根 Location 下使用 Auth 指令设置我的 vhost Location :
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location /login.html>
Order allow,deny
Allow from all
</Location>
<Location />
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
编辑
我所需要的只是颠倒 <Location></Location> 指令的顺序...并为表单处理程序添加一个特殊的 Location。
工作解决方案:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location />
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login_check.html>
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login.html>
Order allow,deny
Allow from all
</Location>
ProxyPreserveHost On
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
当我尝试访问 subdomain.example.com 时,我被重定向到 subdomain.example.com/login.html(很好!)
本/var/www/subdomain.example.com/web/login.html页面的内容:
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta name='viewport' content='width=device-width' />
<title>Authentication</title>
</head>
<body>
<form method='POST' action='/login_check.html'>
<div class='form-group'>
<label for='httpd_username'>Username</label>
<input id='http_username' class='form-control' type='text' name='httpd_username' value='' />
</div>
<div class='form-group'>
<label for='httpd_password'>Password</label>
<input id='httpd_password' class='form-control' type='password' name='httpd_password' value='' />
</div>
<div class='form-group'>
<input class='btn btn-success' type='submit' name='login' value='Login' />
</div>
</form>
</body>
</html>
但是,此 login.html 页面从未显示,我收到 TOO_MANY_REDIRECTS 错误:
The webpage at http://subdomain.example.com/login.html has resulted in too many redirects.
看来这个特殊路由必须要"down locked"通过Auth过程...但是我不知道如何启用它...
我尝试添加另一个 ErrorDocument 401 /login.html 指令,但它没有改变任何东西。
Apache 按照它看到的顺序解析配置指令,并将它们应用到指定位置及其下面的所有内容,因此 <Location /> 块中的 require valid-user 覆盖了 Allow from all您的 <Location /login.html> 块 — 您最终需要身份验证才能访问任何内容(包括 login.html),因此您在访问 login.html 时开始未经授权并被重定向到 login.html 以登录。有适合您的循环。
我在使用 Apache 2.4 时遇到了同样的问题,但原因不同。使用 Apache 2.4+,而不是使用:
<Location /login.html>
Order allow,deny
Allow from all
</Location>
使用:
<Location /login.html>
Require all granted
</Location>
我正在尝试使用 mod_auth_form
我的目标是在 DocumentRoot 目录中有一个 Auth 页面,然后一旦用户连接,只需代理到 "real" 应用程序的所有路由,运行 在本地主机上与另一个端口。
我在根 Location 下使用 Auth 指令设置我的 vhost Location :
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location /login.html>
Order allow,deny
Allow from all
</Location>
<Location />
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
编辑
我所需要的只是颠倒 <Location></Location> 指令的顺序...并为表单处理程序添加一个特殊的 Location。
工作解决方案:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location />
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login_check.html>
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login.html>
Order allow,deny
Allow from all
</Location>
ProxyPreserveHost On
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
当我尝试访问 subdomain.example.com 时,我被重定向到 subdomain.example.com/login.html(很好!)
本/var/www/subdomain.example.com/web/login.html页面的内容:
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta name='viewport' content='width=device-width' />
<title>Authentication</title>
</head>
<body>
<form method='POST' action='/login_check.html'>
<div class='form-group'>
<label for='httpd_username'>Username</label>
<input id='http_username' class='form-control' type='text' name='httpd_username' value='' />
</div>
<div class='form-group'>
<label for='httpd_password'>Password</label>
<input id='httpd_password' class='form-control' type='password' name='httpd_password' value='' />
</div>
<div class='form-group'>
<input class='btn btn-success' type='submit' name='login' value='Login' />
</div>
</form>
</body>
</html>
但是,此 login.html 页面从未显示,我收到 TOO_MANY_REDIRECTS 错误:
The webpage at http://subdomain.example.com/login.html has resulted in too many redirects.
看来这个特殊路由必须要"down locked"通过Auth过程...但是我不知道如何启用它...
我尝试添加另一个 ErrorDocument 401 /login.html 指令,但它没有改变任何东西。
Apache 按照它看到的顺序解析配置指令,并将它们应用到指定位置及其下面的所有内容,因此 <Location /> 块中的 require valid-user 覆盖了 Allow from all您的 <Location /login.html> 块 — 您最终需要身份验证才能访问任何内容(包括 login.html),因此您在访问 login.html 时开始未经授权并被重定向到 login.html 以登录。有适合您的循环。
我在使用 Apache 2.4 时遇到了同样的问题,但原因不同。使用 Apache 2.4+,而不是使用:
<Location /login.html>
Order allow,deny
Allow from all
</Location>
使用:
<Location /login.html>
Require all granted
</Location>