I'm trying to password protect a specific url using a .htaccess. Different urls point to the same files but have different workings. I now need to password protect only one url. I'm trying to do this using setenvif but it doesn't seem to work. I might not fully understand the purpose or use of the apache setenv module.
我正在尝试使用.htaccess密码保护特定网址。不同的URL指向相同的文件但具有不同的工作方式。我现在需要密码保护只有一个网址。我正在尝试使用setenvif这样做但它似乎不起作用。我可能不完全理解apache setenv模块的用途或用途。
This is my code what doesn't seem to work
这是我的代码似乎不起作用
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" protecturl
<IfDefine protecturl>
Require valid-user
AuthName "Please enter your name and password"
AuthType Basic
AuthUserFile .htpasswd
</IfDefine>
3 个解决方案
#1
3
I finally figured it out. I indeed had to use the mod_rewrite engine. I was determined to have a solution which didn't involve me having to make extra files or directories.
我终于弄明白了。我确实不得不使用mod_rewrite引擎。我决定有一个解决方案,不涉及我必须制作额外的文件或目录。
Same files, no extra directories, one .htaccess:
相同的文件,没有额外的目录,一个.htaccess:
# Case we are in the protected area!
RewriteCond %{REQUEST_FILENAME} index.php [OR]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{HTTP_HOST} ^(protected)\.mydomain\.com$
RewriteRule ^(.*)$ admin.php%{REQUEST_URI} [L]
#default rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
#only protect access to admin.php which is a symlink to index.php
<FilesMatch "admin.php">
AuthUserFile .htpasswd
AuthName EnterPassword
AuthType Basic
require valid-user
</FilesMatch>
#2
3
Well, this can actually be achieved without mod_rewrite and with SetEnvIf. I needed it for dev site to test how Facebook OpenGraph tags work.
嗯,这实际上可以在没有mod_rewrite和SetEnvIf的情况下实现。我需要它来开发网站来测试Facebook OpenGraph标签的工作方式。
# allow facebook external hit
SetEnvIf user-agent "facebookexternalhit/1.1" allowthis
# disallow some other stuff
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" !allowthis
AuthType Basic
AuthName "dev access"
AuthUserFile .htpasswd
Require valid-user
Allow from allowthis=1
Satisfy Any
The IfDefine works on defines which are not same as environment variables.
IfDefine适用于与环境变量不同的定义。
A quote from apache docs:
来自apache文档的引用:
The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.
parameter-name参数是在服务器启动时通过-Dparameter-在httpd命令行上给出的定义。
#3
0
Might not be directly possible directly but could you have another password protected directory which has the original directory linked into it? You could the use mod_rewrite to redirect the matching requests to password protected directory.
可能不是直接可以直接,但你可以有另一个密码保护目录,其原始目录链接到它?您可以使用mod_rewrite将匹配的请求重定向到受密码保护的目录。
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.myhost.tld$
RewriteRule ^/foo/(.*)$ /bar/linkeddir/$1
#1
3
I finally figured it out. I indeed had to use the mod_rewrite engine. I was determined to have a solution which didn't involve me having to make extra files or directories.
我终于弄明白了。我确实不得不使用mod_rewrite引擎。我决定有一个解决方案,不涉及我必须制作额外的文件或目录。
Same files, no extra directories, one .htaccess:
相同的文件,没有额外的目录,一个.htaccess:
# Case we are in the protected area!
RewriteCond %{REQUEST_FILENAME} index.php [OR]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{HTTP_HOST} ^(protected)\.mydomain\.com$
RewriteRule ^(.*)$ admin.php%{REQUEST_URI} [L]
#default rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
#only protect access to admin.php which is a symlink to index.php
<FilesMatch "admin.php">
AuthUserFile .htpasswd
AuthName EnterPassword
AuthType Basic
require valid-user
</FilesMatch>
#2
3
Well, this can actually be achieved without mod_rewrite and with SetEnvIf. I needed it for dev site to test how Facebook OpenGraph tags work.
嗯,这实际上可以在没有mod_rewrite和SetEnvIf的情况下实现。我需要它来开发网站来测试Facebook OpenGraph标签的工作方式。
# allow facebook external hit
SetEnvIf user-agent "facebookexternalhit/1.1" allowthis
# disallow some other stuff
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" !allowthis
AuthType Basic
AuthName "dev access"
AuthUserFile .htpasswd
Require valid-user
Allow from allowthis=1
Satisfy Any
The IfDefine works on defines which are not same as environment variables.
IfDefine适用于与环境变量不同的定义。
A quote from apache docs:
来自apache文档的引用:
The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.
parameter-name参数是在服务器启动时通过-Dparameter-在httpd命令行上给出的定义。
#3
0
Might not be directly possible directly but could you have another password protected directory which has the original directory linked into it? You could the use mod_rewrite to redirect the matching requests to password protected directory.
可能不是直接可以直接,但你可以有另一个密码保护目录,其原始目录链接到它?您可以使用mod_rewrite将匹配的请求重定向到受密码保护的目录。
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.myhost.tld$
RewriteRule ^/foo/(.*)$ /bar/linkeddir/$1