Related to my previous question: .htaccess check for cookie first, then valid-user
与我之前的问题相关:.htaccess首先检查cookie,然后检查有效用户
Hi guys, I really would appreciate some help from the experts here. My httpd.conf should require a user login using mod_auth_mysql OR a cookie - but now it's only checking for a user login. The code from the previous question is now located in my httpd.conf.
大家好,我真的很感谢来自这里的专家的一些帮助。我的httpd.conf应该要求用户使用mod_auth_mysql或cookie登录 - 但现在它只检查用户登录。上一个问题的代码现在位于我的httpd.conf中。
What's Working:
Currently, all /var/www/downloads and subdirectories for users (/var/www/downloads/~username~) require a username and password using mod_auth_mysql. This works.
目前,用户的所有/ var / www / downloads和子目录(/ var / www / downloads / ~username~)都需要使用mod_auth_mysql的用户名和密码。这很有效。
What's not working:
什么不起作用:
The problem is: I have settings which SHOULD require either a login using mod_auth_mysql (works), or a cookie (doesn't work). If the cookie is present, then it should automatically display the contents of the directory when a user goes to /var/www/downloads/. But it doesn't, it asks for a username/password still.
问题是:我的设置应该要求使用mod_auth_mysql(工作)登录,或者cookie(不起作用)。如果cookie存在,那么当用户转到/ var / www / downloads /时,它应该自动显示目录的内容。但它没有,它仍然要求用户名/密码。
I'm using SetEnvIf, but it might be being used incorrectly with "satisfy all". I might have conflicts between httpd.conf and /sites-enabled/000-default. I'm not experienced with most of the stuff here, so any help would be massively appreciated!
我正在使用SetEnvIf,但它可能被错误地用于“满足所有”。我可能在httpd.conf和/ sites-enabled / 000-default之间存在冲突。我对这里的大部分内容都没有经验,所以任何帮助都会受到大力赞赏!
HTTPD.conf:
RewriteEngine on
RewriteLogLevel 9
RewriteLog /var/www/logs/rewrite.log
#Block IPs
<Directory /var/www>
RewriteEngine On
#only use my server for apache
RewriteCond %{HTTP_HOST} !^2.2.2.2$ [NC]
RewriteRule ^(.*)$ http://www.google.co.uk/$1 [L,R=301]
RewriteCond %{REMOTE_ADDR} 0.0.0.0 [NC,OR]
RewriteCond %{REMOTE_ADDR} 1.1.1.1 [NC]
RewriteRule ^(.*)$ http://www.google.com [R]
</Directory>
# DOWNLOADS TOP DIRECTORY
<Directory /var/www/downloads>
#Options Indexes
#AllowOverride All
#Order deny,allow
#Deny from all
#Allow from All
AuthName "Please don't hack the server, thanks"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User user
Auth_MySQL_Password password
AuthMySQL_DB db
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user luke
</Directory>
# EXAMPLE USERS DIRECTORY
# MIKE
<Directory /var/www/downloads/mike>
SetEnvIf Cookie (.*)cookiename(.*) norequire_auth=yes
Order Deny,Allow
deny from all
Satisfy Any
#MYSQL AUTH
AuthName "Please login"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User user
Auth_MySQL_Password password
AuthMySQL_DB db
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user mike
#COOKIE AUTH
Allow from env=norequire_auth
</Directory>
In case it may help, sites-enabled/000-default: may be causing conflicts? http://jsfiddle.net/Xcece/
如果有帮助,启用站点/ 000-default:可能会导致冲突? http://jsfiddle.net/Xcece/
I'm not using .htaccess files. I have changed a load of directives around and have gotten quite lost.
我没有使用.htaccess文件。我已经改变了一大堆指令并且已经完全丢失了。
I can't for the life of me figure out why it's not working - I don't quite understand the conflicts that may exist, so a point in the right direction with explanation so I can avoid this in the future would be great. Thank you.
我不能为我的生活弄清楚为什么它不起作用 - 我不太明白可能存在的冲突,所以在正确的方向上有一点解释所以我可以在将来避免这种情况会很好。谢谢。
1 个解决方案
#1
1
Finally! After a week searching...
最后!经过一周的搜索......
The problem was with setting the cookie. Having the files in different directories meant that the cookie wasn't being read correctly by the httpd.conf - which is in fact correct.
问题在于设置cookie。将文件放在不同的目录中意味着httpd.conf没有正确读取cookie - 这实际上是正确的。
I had to set the fourth parameter for the cookie to '/downloads/mike' thereby allowing it to be read by the httpd.conf file correctly.
我必须将cookie的第四个参数设置为'/ downloads / mike',从而允许httpd.conf文件正确读取它。
session_start();
setcookie("cookiename","cookiename",time() + 3600, '/downloads/mike');
Just remember when destroying the cookie using time()-x to destroy it using the fourth parameter /downloads/mike.
只记得在使用time() - x销毁cookie时使用第四个参数/ downloads / mike销毁它。
#1
1
Finally! After a week searching...
最后!经过一周的搜索......
The problem was with setting the cookie. Having the files in different directories meant that the cookie wasn't being read correctly by the httpd.conf - which is in fact correct.
问题在于设置cookie。将文件放在不同的目录中意味着httpd.conf没有正确读取cookie - 这实际上是正确的。
I had to set the fourth parameter for the cookie to '/downloads/mike' thereby allowing it to be read by the httpd.conf file correctly.
我必须将cookie的第四个参数设置为'/ downloads / mike',从而允许httpd.conf文件正确读取它。
session_start();
setcookie("cookiename","cookiename",time() + 3600, '/downloads/mike');
Just remember when destroying the cookie using time()-x to destroy it using the fourth parameter /downloads/mike.
只记得在使用time() - x销毁cookie时使用第四个参数/ downloads / mike销毁它。