如何通过htaccess保护商店?
How to protect the shop via htaccess?
我想使用 htaccess 身份验证保护来保护 Shopware 6 安装。但是当我在 /public 文件夹的 .htaccess 文件中设置它时,我总是在后端(登录后)得到一个“htaccess 循环”,我不能再使用它了。
我试图排除 /api 和 /admin 但我对此并不满意。
我该如何解决这个问题?
/public/.htaccess
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/my-project/.htpasswd
Require valid-user
SetEnvIf REQUEST_URI "(/admin)" ALLOW
SetEnvIf REQUEST_URI "(/api)" ALLOW
<RequireAny>
Require env ALLOW
Require valid-user
</RequireAny>
将此放在 public/.htaccess 文件的开头:
AuthType Basic
AuthName "Please login."
AuthUserFile /home/my-project/.htpasswd
<RequireAny>
Require expr %{THE_REQUEST} =~ m#.*?\s+\/api.*?#
Require valid-user
</RequireAny>
// Rest goes here -->
https://issues.shopware.com/issues/NEXT-4243(德语)
非德语用户的基本翻译:
Ticket: NEXT-4243 | auth_basic entry blocks backend access
This ticket is not intended for implementation. Therefore it was closed. Reasons that lead to such a decision can include the complexity or the scope of the ticket, as well as possible sources of error caused by the changes.
[...]
The short-term solution here is not to create the authentication through the hosting configuration, but to create it via htaccess / htpasswd and then not subject requests to the URL "/ api" to the authentication in the htaccess
我想使用 htaccess 身份验证保护来保护 Shopware 6 安装。但是当我在 /public 文件夹的 .htaccess 文件中设置它时,我总是在后端(登录后)得到一个“htaccess 循环”,我不能再使用它了。
我试图排除 /api 和 /admin 但我对此并不满意。
我该如何解决这个问题?
/public/.htaccess
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/my-project/.htpasswd
Require valid-user
SetEnvIf REQUEST_URI "(/admin)" ALLOW
SetEnvIf REQUEST_URI "(/api)" ALLOW
<RequireAny>
Require env ALLOW
Require valid-user
</RequireAny>
将此放在 public/.htaccess 文件的开头:
AuthType Basic
AuthName "Please login."
AuthUserFile /home/my-project/.htpasswd
<RequireAny>
Require expr %{THE_REQUEST} =~ m#.*?\s+\/api.*?#
Require valid-user
</RequireAny>
// Rest goes here -->
https://issues.shopware.com/issues/NEXT-4243(德语)
非德语用户的基本翻译:
Ticket: NEXT-4243 | auth_basic entry blocks backend access
This ticket is not intended for implementation. Therefore it was closed. Reasons that lead to such a decision can include the complexity or the scope of the ticket, as well as possible sources of error caused by the changes. [...] The short-term solution here is not to create the authentication through the hosting configuration, but to create it via htaccess / htpasswd and then not subject requests to the URL "/ api" to the authentication in the htaccess