Apache-2.2

如何在文件和子目錄的任何地方啟用 Apache DIGEST Authentivation

  • August 2, 2021

我正在按照許多教程和文件嘗試許多不同的配置,如果不創建數千個 .htaccess 文件,我將無法獲得身份驗證。

這是我的配置:

<VirtualHost *:443>
DocumentRoot /home/user/www
ServerName preprod.user.com
<Directory /home/user/www>
    Options Indexes SymLinksIfOwnerMatch
    AllowOverride All
    AllowOverride FileInfo AuthConfig Limit
    Require all granted
</Directory>

SSLEngine on
SSLCertificateFile      /etc/ssl/private/preprod.user.com.crt
SSLCertificateKeyFile /etc/ssl/private/preprod.user.com.key
</VirtualHost>

在根級別,我寫了這個 /home/user/www/.htaccess 文件:

AuthType DIGEST
AuthName "preproduction"
AuthDigestNonceLifetime 1
AuthDigestDomain "/home/user/www/" "https://preprod.user.com/"
AuthDigestProvider file
AuthUserFile "/web/auth/.digest_pw"
Require valid-user

結果是:

https://preprod.user.com/ asks for a password
https://preprod.user.com/v1/ asks for a password

但 :

https://preprod.user.com/v1/index.php <strong>doesn't ask for password</strong>

謝謝你們

我剛剛找到了一個解決方案:

問題來自文件:不告訴文件身份驗證適用,它只適用於目錄和文件保持服務!

<Files *>
        AuthType DIGEST
        AuthName "preproduction"
        AuthDigestNonceLifetime 1
        AuthDigestDomain "https://preprod.user.com/"
        AuthDigestProvider file
        AuthUserFile "/web/auth/.digest_pw"
        Require valid-user
</Files>

再見 !

引用自:https://serverfault.com/questions/733311