Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
984 views
in Technique[技术] by (71.8m points)

apache - How to make Basic Auth exclude a rewritten URL

I have a Basic Authentication setup on a development server. It is setup inside my httpd.conf file for the VirtualHost of the website. I've had to set up it to exclude certain directories, which has caused no problems and all works fine.

The issue has been with excluding a URL that has been through my mod_rewrite rules in the .htaccess file. My set up is that I have all URLs going through my index.php file and from there the relevant code is found and ran. I tried adding the URL that I wanted to exclude (/businesses/upload_logo) like I did the others but it still requires authentication. This is what I currently have:

...
<Location />
    SetEnvIf Request_URI "/businesses/upload_logo" noauth=1
    SetEnvIf Request_URI "/api/.*" noauth=1

    AuthType Basic
    AuthName "Private"
    AuthUserFile ****
    Require valid-user

    Order deny,allow
    Satisfy any
    Deny from all
    Allow from env=noauth
</Location>
....

I have found questions that are similar to mine here & here but the answers only give me what I'm already trying.

I have thought of possible other solutions as well, but these will be last resort things. I want to see if it's possible the way I'm currently doing it:

  • Set up the basic auth inside my php code instead
    • Too much hassle at the moment
  • Put the authentication in my .htaccess file instead
    • Didn't want to do this just yet as I only want the authentication to happen on one of 3 servers. I'm aware that I could use some more SetEnvIf HOST ... but I'm looking to see if it can be fixed this way or not first.

The mod_rewrite rule:

...

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [L,QSA]
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Try adding

Allow from env=REDIRECT_noauth

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...