Apache Basic Auth无法在.htaccess或目录块中工作;在Location块中正常工作

时间:2015-04-21 12:28:14

标签: .htaccess authentication basic-authentication http-basic-authentication apache2.4

好的,在新安装的Ubuntu 14.04上运行Apache 2.4.7。

如果我将以下内容添加到/etc/apache2/sites-available中的.conf文件中,那么基本身份验证工作正常:

<Location /test>
  AuthType Basic
  AuthName ".htaccess Basic Auth Test"
  AuthUserFile "/var/www/passwords/test"
  Require valid-user
</Location>

但是,如果我在相关目录的.htaccess文件中只有以下内容:

AuthType Basic
AuthName ".htaccess Basic Auth Test"
AuthUserFile "/var/www/passwords/test"
Require valid-user

认证似乎被忽略了;没有提示,页面就像他们不在那里一样。目录块也是如此:

<Directory /var/www/default/test>
  AuthType Basic
  AuthName ".htaccess Basic Auth Test"
  AuthUserFile "/var/www/passwords/test"
  Require valid-user
</Directory>

所以,我检查了.htaccess文件是否实际被读取,它们是;加入

Options -Indexes

.htaccess文件会删除目录上的索引列表。

我开启了调试,但这并不是特别有用:

[Tue Apr 21 13:04:14.082275 2015] [authz_core:debug] [pid 8914] mod_authz_core.c(721): [client 144.32.48.10:64109] AH01625: authorization result of <RequireAny>: granted (directive limited to other methods)
[Tue Apr 21 13:04:14.082538 2015] [authz_core:debug] [pid 8914] mod_authz_core.c(721): [client 144.32.48.10:64109] AH01625: authorization result of <RequireAny>: granted (directive limited to other methods)

/etc/apache2中的Grep显示没有任何限制这一点的内容;没有其他Auth语句,AllowOverride All位于正确的位置(如选项测试所示;他们说All,而不是其他可能限制覆盖的内容。)

我觉得我必须遗漏一些明显的东西。这是加载的模块:

root@linode:/etc/apache2# apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php5_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 status_module (shared)
 substitute_module (shared)
 xml2enc_module (shared)

2 个答案:

答案 0 :(得分:0)

我知道我做了一些有趣的事情。我的服务器正在测试代理,因此网站建议我将其添加到apache2.conf: 

<Location />
   <Limit CONNECT>
     Require all denied
   </Limit>
</Location>

删除了(突发事件 - 看起来不会改变它),基本的auth再次运作!

为了保护网站,我将块移动到默认(仅限IP地址)虚拟主机,以便其他人可以正常运行。

答案 1 :(得分:-2)

另一种解决方案是安装WP htaccess Control plugin 并在自定义htaccess 中添加此行:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Screenshot of settings

相关问题
最新问题