基于这个问题,我为
建立了保护当URI包含参数值时,我想通过AuthType绕过授权用户和密码。如果参数未设置或错误,则需要通常的用户/ pw输入
例如:
www.domain.com?id=200 - >无需密码
www.domain.com - >需要密码
我发现了这个问题。它工作正常。但我无法改变行为:
Protect a url with HTTP authentication based on query string parameter
以下代码无效:
RewriteEngine On
# set URI to /index.php/200 if query string is id=200
RewriteCond %{QUERY_STRING} (?:^|&)id=(200|1)(?:&|$) [NC]
RewriteRule ^(index\.php)/?$ $1/%1 [NC]
# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "^/index\.php/(200|1)" SECURED
# enforce auth if SECURED=1
AuthType Basic
AuthName "Login Required"
AuthUserFile /path/to/.htpasswd
Require valid-user
Order allow,deny
Deny from all
Allow from env=SECURED
Satisfy any
答案 0 :(得分:1)
SetEnvIf Request_URI /register noauth=1
AuthType Basic
AuthName "Auth"
AuthUserFile /path/to/.htpasswd
<RequireAny>
Require env noauth
Require valid-user
</RequireAny>
http://httpd.apache.org/docs/current/mod/mod_authz_core.html