apache中是否有任何方法可以根据您获得的http代码响应来设置重写条件?服务器在oauth代理(apache)前面,重定向(302)到我的auth提供者;但是我不希望它在websocket目录中代理任何东西 - 而不是代替403。这一切都是为了防止它不断尝试未经授权的reauth并为OpenIDC构建大量的状态cookie。
感谢您的考虑。
这样的事情:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^my\.server\.co$
RewriteCond %{HTTP_RESPONSE} 302
RewriteCond %{REQUEST_URI} ^/websocket
RewriteRule (.*) $1 [F,L,NC]
答案 0 :(得分:3)
你应该可以使用:
<Location /websocket>
OIDCUnAuthAction 401
</Location>
在配置原语中记录here:
# (Optional)
# Defines the action to be taken when an unauthenticated request is made.
# "auth" means that the user is redirected to the OpenID Connect Provider or Discovery page.
# "401" means that HTTP 401 Unauthorized is returned.
# "pass" means that an unauthenticated request will pass but claims will still be passed when a user happens to be authenticated already
# Useful in Location/Directory/Proxy path contexts that serve AJAX/Javascript calls and for "anonymous access"
# When not defined the default "auth" is used.
#OIDCUnAuthAction [auth|pass|401]
(好吧它会返回401状态代码而不是403)
答案 1 :(得分:0)
其他解决方案
RewriteEngine on
ErrorDocument 403 /%{REQUEST_URI}/403.shtml
ErrorDocument 404 /%{REQUEST_URI}/404.shtml
RewriteCond %{REQUEST_URI} /([0-9]{3}+).shtml$ [NC]
RewriteRule (.*) $1 [R=%1,L]