我正在尝试使用mod_auth_form
我的目标是在DocumentRoot目录中有一个Auth页面,然后一旦用户连接,只需代理所有到“真实”应用程序的路由,在localhost上运行另一个端口。
我使用根Location下的Auth指令设置我的vhost:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location /login.html>
Order allow,deny
Allow from all
</Location>
<Location />
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
修改
我需要的一切就是颠倒<Location></Location>指令的顺序......并为表单处理程序添加一个特殊的位置。
工作解决方案:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location />
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login_check.html>
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login.html>
Order allow,deny
Allow from all
</Location>
ProxyPreserveHost On
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
当我尝试访问subdomain.example.com时,我被重定向到subdomain.example.com/login.html(这很好!)
此/var/www/subdomain.example.com/web/login.html页面的内容:
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta name='viewport' content='width=device-width' />
<title>Authentication</title>
</head>
<body>
<form method='POST' action='/login_check.html'>
<div class='form-group'>
<label for='httpd_username'>Username</label>
<input id='http_username' class='form-control' type='text' name='httpd_username' value='' />
</div>
<div class='form-group'>
<label for='httpd_password'>Password</label>
<input id='httpd_password' class='form-control' type='password' name='httpd_password' value='' />
</div>
<div class='form-group'>
<input class='btn btn-success' type='submit' name='login' value='Login' />
</div>
</form>
</body>
</html>
但是,此login.html页面永远不会显示,我收到TOO_MANY_REDIRECTS错误:
http://subdomain.example.com/login.html的网页导致重定向过多。
似乎这条特殊路线必须由Auth流程“锁定”......但我不知道如何启用...
我尝试添加另一个ErrorDocument 401 /login.html指令,但它没有改变任何内容。
答案 0 :(得分:2)
Apache按照它看到的顺序解析配置指令并将它们应用到指定的位置及其下面的所有内容,因此require valid-user块中的<Location />会覆盖Allow from all中的<Location /login.html> {1}}阻止 - 您最终要求身份验证才能访问任何内容(包括login.html),因此您在访问login.html时会启动未经授权的操作,并被重定向到login.html以登录。在那里&# 39;是你的循环。
答案 1 :(得分:0)
我使用Apache 2.4遇到了同样的问题,但原因不同。使用Apache 2.4+,而不是使用:
editor.getDocumentProvider().getDocument(editor.getEditorInput())使用:
<Location /login.html>
Order allow,deny
Allow from all
</Location>