用于身份验证的 Apache2 文件指令
Apache2 Files Directives for Authentication
有一个以 /var/www/docs 作为根文档的网络服务器。 /var/www 有 userInfo.php 文件只能通过身份验证才能访问,但无需身份验证即可访问。
有问题的文件是 userInfo.php
目录 /var/www 受身份验证保护,但无需密码即可访问特定文件。文件指令是否正确?
操作系统:Ubuntu 14.04; Apache 是网络服务器
这是 000-default.conf 位于 /etc/apache2/sites-available/
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <servername>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^\/share\/
RewriteRule (.*) http(s)://%{HTTP_HOST}:443%{REQUEST_URI}
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ http://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName <servername>
SSLEngine on
SSLCertificateFile /etc/docs/ssl/cert.pem
SSLCertificateKeyFile /etc/docs/ssl/key.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ https://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
ports.conf:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
#NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
有什么建议吗?
干杯。
Files 指令仅匹配路径的最后部分,即文件名,因此您不能使用已有的路径。
经过大量调整后,身份验证被添加到 /var/www/ 指令而不是文件系统 '/'
有一个以 /var/www/docs 作为根文档的网络服务器。 /var/www 有 userInfo.php 文件只能通过身份验证才能访问,但无需身份验证即可访问。 有问题的文件是 userInfo.php 目录 /var/www 受身份验证保护,但无需密码即可访问特定文件。文件指令是否正确? 操作系统:Ubuntu 14.04; Apache 是网络服务器
这是 000-default.conf 位于 /etc/apache2/sites-available/
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <servername>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^\/share\/
RewriteRule (.*) http(s)://%{HTTP_HOST}:443%{REQUEST_URI}
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ http://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName <servername>
SSLEngine on
SSLCertificateFile /etc/docs/ssl/cert.pem
SSLCertificateKeyFile /etc/docs/ssl/key.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ https://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
ports.conf:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
#NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
有什么建议吗? 干杯。
Files 指令仅匹配路径的最后部分,即文件名,因此您不能使用已有的路径。
经过大量调整后,身份验证被添加到 /var/www/ 指令而不是文件系统 '/'