我的域名设置为htaccess,但我希望一个特定的网址没有htpasswd保护。该URL是重写的URL,并且没有与之关联的实际目录。
有没有办法使用root htaccess来htpasswd保护整个网站,除了那个特定的URL?
编辑(我的代码,包括Jon Lin的建议,这对我不起作用):
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
SetEnvIf Request_URI "^/messenger/parse" NOPASSWD=true
AuthUserFile /xxx/xxx/xxx/xxxxxx/subdomain.example.com/.htpasswd
AuthName "Staging Server"
AuthType Basic
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=NOPASSWD
答案 0 :(得分:3)
您可以设置类似SetEnvIf的内容来为给定的Request URI设置环境变量。然后在auth定义中,您可以使用Satisfy Any和Allow from env指令告诉apache可以通过身份验证或环境变量存在(仅为特定URI设置)来授予访问权限。例如:
# set the NOPASSWD variable if the request is for a specific URI
SetEnvIf Request_URI "^/specific/uri/nopasswd/$" NOPASSWD=true
# Auth directives
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
# Any requirment satisfies
Satisfy any
# Deny all requests
Deny from all
# except if user is authenticated
Require valid-user
# or if NOPASSWD is set
Allow from env=NOPASSWD