I want to redirect the user to the authentication page only if the request is 'https'.
我希望仅在请求为“https”时将用户重定向到验证页面。
Currently I have written the following in my .htaccess file to do the same, but it doesn't work.
目前,我已经在.htaccess文件中编写了以下内容,以完成相同的操作,但它不能工作。
SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS
AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=IS_HTTPS
Is the regex for determining HTTPS correct? Earlier I had the SetEnvIf statement as follows. This too didn't work.
用于确定HTTPS的regex是否正确?之前我有SetEnvIf声明如下。这也没有工作。
SetEnvIf %{SERVER_PORT} ^80$ IS_NON_SSL
AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=!IS_NON_SSL
But as per the documentation for SetEnvIf directive (http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html), the SERVER_PORT variable is not available.
但是根据SetEnvIf指令的文档(http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html), SERVER_PORT变量不可用。
2 个解决方案
#1
3
I don’t think that the value Request_Protocol can be used to determine this – according to the docs page you linked, that contains something like (e.g., "HTTP/0.9", "HTTP/1.1", etc.) – so the protocol itself will always be HTTP; and that makes sense, as HTTPS is not a real “protocol”, but only the common name for HTTP with TLS “wrapped around it”, on the OSI level below it (6).
我不认为可以使用值Request_Protocol来确定这一点——根据您链接的docs页面,它包含类似于(例如“HTTP/0.9”、“HTTP/1.1”等)的内容——因此协议本身将始终是HTTP;这是有意义的,因为HTTPS并不是一个真正的“协议”,只是HTTP的通用名称“包裹在它周围”,在它下面的OSI级别(6)。
I’m not sure about the actual order of request processing (and don’t know where to find it right now off the top of my head) – but maybe you could combine this with mod_rewrite to achieve what you want? A RewriteCond is able to check whether HTTPS is used by checking the variable HTTPS for the value on – and a RewriteRule following that condition could set an environment variable for you using the [E] flag – something like this:
我不确定请求处理的实际顺序(也不知道现在在我的脑海中从哪里找到它)——但是也许您可以将它与mod_rewrite结合以实现您想要的?RewriteCond可以通过检查变量HTTPS是否被使用来检查其值是否为on -然后根据该条件的RewriteRule可以使用[E]标志为您设置一个环境变量—类似如下:
RewriteCond %{HTTPS} ^on$
RewriteRule . - [E=IS_HTTPS]
This will set the environment variable IS_HTTPS with an empty value, but that should be enough to check it with Allow from env=IS_HTTPS.
这将为环境变量IS_HTTPS设置一个空值,但这应该足以检查它与Allow from env=IS_HTTPS。
Mind giving this a try? As I said, I’m not sure if this will work because of processing order – but tryin’ cost nuffin, right?
介意试试这个吗?就像我说的,我不确定这是否会因为加工顺序而起作用——但是尝试一下“成本松饼”,对吧?
#2
0
You can try:
你可以尝试:
SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS
AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Satisfy any
Order deny,allow
Deny from all
Allow from env=IS_HTTPS
#1
3
I don’t think that the value Request_Protocol can be used to determine this – according to the docs page you linked, that contains something like (e.g., "HTTP/0.9", "HTTP/1.1", etc.) – so the protocol itself will always be HTTP; and that makes sense, as HTTPS is not a real “protocol”, but only the common name for HTTP with TLS “wrapped around it”, on the OSI level below it (6).
我不认为可以使用值Request_Protocol来确定这一点——根据您链接的docs页面,它包含类似于(例如“HTTP/0.9”、“HTTP/1.1”等)的内容——因此协议本身将始终是HTTP;这是有意义的,因为HTTPS并不是一个真正的“协议”,只是HTTP的通用名称“包裹在它周围”,在它下面的OSI级别(6)。
I’m not sure about the actual order of request processing (and don’t know where to find it right now off the top of my head) – but maybe you could combine this with mod_rewrite to achieve what you want? A RewriteCond is able to check whether HTTPS is used by checking the variable HTTPS for the value on – and a RewriteRule following that condition could set an environment variable for you using the [E] flag – something like this:
我不确定请求处理的实际顺序(也不知道现在在我的脑海中从哪里找到它)——但是也许您可以将它与mod_rewrite结合以实现您想要的?RewriteCond可以通过检查变量HTTPS是否被使用来检查其值是否为on -然后根据该条件的RewriteRule可以使用[E]标志为您设置一个环境变量—类似如下:
RewriteCond %{HTTPS} ^on$
RewriteRule . - [E=IS_HTTPS]
This will set the environment variable IS_HTTPS with an empty value, but that should be enough to check it with Allow from env=IS_HTTPS.
这将为环境变量IS_HTTPS设置一个空值,但这应该足以检查它与Allow from env=IS_HTTPS。
Mind giving this a try? As I said, I’m not sure if this will work because of processing order – but tryin’ cost nuffin, right?
介意试试这个吗?就像我说的,我不确定这是否会因为加工顺序而起作用——但是尝试一下“成本松饼”,对吧?
#2
0
You can try:
你可以尝试:
SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS
AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Satisfy any
Order deny,allow
Deny from all
Allow from env=IS_HTTPS