从http basic auth中排除特定的cakephp控制器

时间:2016-12-10 16:49:12

标签: apache .htaccess mod-rewrite cakephp-3.0 basic-authentication

我正在尝试排除路径(URI)被基本的http auth阻止。 路径是/ rest(http://example.com/rest)并且表示cakephp 3应用程序的控制器。它不是一个真正的文件,而是一个由重写条件重写的路径,并由webroot目录中的index.php处理。

这是重写规则:

<IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^$ webroot/ [L] RewriteRule (.*) webroot/$1 [L] </IfModule>

/var/www/webroot/.htaccess

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule>

<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/webroot
<Directory /var/www>
   Options FollowSymLinks
   AllowOverride All
</Directory>
<Location "/">
           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Require valid-user
           Require expr %{REQUEST_URI} =~ m#/rest/.*#
           Require expr %{REQUEST_URI} =~ m#/index.php/rest/.*#
</Location>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

我正在运行apache 2.4并尝试了不同的配置:

<VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/webroot
<Directory /var/www>
   Options FollowSymLinks
   AllowOverride All
</Directory>
<Location "/">
           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Require valid-user
</Location>
<Location "/rest">
   Allow from all
   Satisfy any
</Location>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

...改编自https://stackoverflow.com/a/33655232/1285585

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/webroot
<Directory /var/www>
  Options FollowSymLinks
  AllowOverride All
 </Directory>
 <Location "/">
   AuthType Basic
   AuthName "Keawe Development"
   AuthUserFile /host/.htpasswd
   Require valid-user
 </Location>
 <Location "/rest">
   Require all granted
 </Location>
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
 </Virtualhost>

...来自https://serverfault.com/a/475845/229877

...
 <Location "/">
           SetEnvIf Request_URI ^/rest noauth=1
           SetEnvIf Request_URI /rest noauth=1
           SetEnvIf Request_URI ^/index.php/rest noauth=1
           SetEnvIf Request_URI /index.php/rest noauth=1

           AuthType Basic
           AuthName "Keawe Development"
           AuthUserFile /host/.htpasswd
           Order Deny,Allow
           Satisfy any
           Deny from all
           Require valid-user
           Allow from env=noauth
 </Location>

...来自https://www.apachelounge.com/viewtopic.php?p=30200

 <Location "/">
   AuthType Basic
   AuthName "Keawe Development"
   AuthUserFile /host/.htpasswd
   Require valid-user
 </Location>
 <Location ~ "/(rest|index.php/rest)">
   Satisfy Any
   Allow from all
   AuthType None
   Require all granted
 </Location>

...来自https://stackoverflow.com/a/8979889/1285585

<Location "/">
  AuthType Basic
  AuthName "Keawe Development"
  AuthUserFile /host/.htpasswd
  Require valid-user
</Location> 
<Files "index.php/rest">
   Satisfy Any
   Allow from all
</Files>
<Files "rest">
   Satisfy Any
   Allow from all
</Files>

...来自https://stackoverflow.com/a/13296294/1285585

Public Function _FIll(ByVal sQuery As String) As DataTable
        _FIll = New DataTable

        Using _cmd As New SqlCommand
            With _cmd
                .Connection = dbMain
                .CommandText = sQuery
                '.CommandTimeout = 0
                Using _da As New SqlDataAdapter(_cmd)

                    Using _dt As New DataTable
                        Try
                            _da.Fill(_dt)
                            Return _dt
                        Catch ex As Exception
                            '  Return Nothing
                        End Try
                    End Using
                End Using
            End With

        End Using

    End Function

...来自HTTP Basic Auth Exclude Single File

然而,它们似乎都不起作用。我总是使用wget或来自浏览器的auth请求获得错误401。

问题似乎是,路径/休息传递了条件但后来被重写为index.php,它受基本身份验证的控制(并且必须是)。

任何线索?

1 个答案:

答案 0 :(得分:9)

当我把这个答案(https://stackoverflow.com/a/14010456/1285585)弄到相关问题上时,终于明白了。

这是我的解决方案:

thanks in advance