Apache-2.2

轉發代理使用者身份驗證不起作用

  • August 14, 2014

我有一個簡單的轉發代理,需要進行使用者身份驗證和 IP 地址白名單。我在下面創建了虛擬主機:

ProxyRequests On
ProxyVia On

<Proxy xx.xxx.xx.xxx:8888>
  Order deny,allow
  Allow from xx.xxx.xx.xxx
  Allow from xx.xxx.xx.xxx
  Allow from xx.xxx.xx.xxx
  Allow from xx.xxx.xx.xxx

  AuthType Basic
  AuthName "Password Required for Proxy"
  AuthUserFile /etc/apache2/.proxyhtpasswd
  Require user
</Proxy>

代理本身工作正常,但使用者身份驗證和允許 IP 卻不行。我更改了 10 次配置,即使只有 Auth 塊,它仍然可以工作,而無需使用(有效)使用者/密碼或擁有正確的 IP 地址。

我還嘗試通過普通的 VirtualHost 配置來配置它,但仍然沒有成功:

<VirtualHost xx.xxx.xx.xxx:8888>
   ProxyRequests On
   ProxyVia On
   SSLProxyEngine On

   <Location />
       Order Deny,Allow
       Deny from all
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx

       AuthType Basic
       AuthBasicProvider file
       AuthName "Password Required for Proxy"
       AuthUserFile /etc/apache2/.proxyhtpasswd
       Require valid-user
   </Location>
</VirtualHost>

我通過在 VirtualHost 指令中組合 Proxy 指令解決了這個問題。

<VirtualHost xx.xxx.xx.xxx:8888>
   ProxyRequests On
   ProxyVia On
   SSLProxyEngine On

   <Proxy *>
       Order Deny,Allow
       Deny from all
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx
       Allow from xx.xxx.xx.xxx

       AuthType Basic
       AuthBasicProvider file
       AuthName "Password Required for Proxy"
       AuthUserFile /etc/apache2/.proxyhtpasswd
       Require valid-user
   </Proxy>

   LogLevel warn
   ErrorLog ${APACHE_LOG_DIR}/proxy-error.log
   CustomLog ${APACHE_LOG_DIR}/proxy-access.log combined
</VirtualHost>

我認為要麼

Require valid-user

或者

Require user [theusername]

但不是

Require user

請參閱:http ://httpd.apache.org/docs/current/mod/core.html#require

引用自:https://serverfault.com/questions/578660