Authentication
刪除一條路徑的 Lighttpd 密碼驗證
我有一個 lighttpd 伺服器,我想從中提供一些文件。不幸的是,伺服器目前設置為需要密碼身份驗證,我希望這些文件可以公開使用。
如何使特定子目錄中的文件不需要密碼?
更複雜的是,配置文件中的大部分內容都是由其他管理員設置的,所以我要非常小心,不要破壞任何現有的安全設置。
# config stuff that I am hesitant to change ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/foo.pem" ssl.ca-file = "/etc/pki/tls/certs/foo.cert" auth.backend = "htdigest" auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd" auth.debug = 2 $HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico)" { auth.require = ( "/" =>( "method" => "digest", "realm" => "Authorized users only", "require" => "valid-user" ) ) } $HTTP["url"] =~ "^/portal" { auth.require = ( "/portal" => ( "method" => "digest", "realm" => "portal users", "require" => "valid-user" ) ) url.redirect = ( "" => "/portal/") } $HTTP["remoteip"] !~ "1.2.3.4|5.6.7.8" { url.access-deny = ( "" ) } # new directory that I want to make public $HTTP["url"] =~ "^/public($|/)" { dir-listing.activate = "enable" }
我嘗試
/public/*
為第一個$HTTP["url"] !~
塊添加正則表達式,但這沒有用。ssl.engine
我也嘗試在匹配的塊內禁用/public($|/)
,但這也不起作用。
如評論中所述,此設置對我來說非常有用:
server.modules += ( "mod_auth" ) auth.backend = "htdigest" auth.backend.htdigest.userfile = "/etc/lighttpd/passwd" $HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico|/public/.*)" { auth.require = ( "/" =>( "method" => "digest", "realm" => "Authorized users only", "require" => "valid-user" ) ) }
事實證明,您可以僅使用一個空列表選擇性地禁用它:
auth.require = ()
對於 OP 的例子:
# new directory that I want to make public $HTTP["url"] =~ "^/public($|/)" { dir-listing.activate = "enable" auth.require = () }
將此塊放在文件的最後可確保它覆蓋所有其他指令,這可能是您想要的,也可能不是您想要的,具體取決於您的設置。我有一個具有不同身份驗證方案的多個虛擬主機的案例,但我想繞過所有這些,
/.well-known/acme-challenge/
以便能夠certbot --webroot
獲得 Let’s Encrypt 證書。對於我的例子:##### Let's Encrypt $HTTP["url"] =~ "^/.well-known/acme-challenge/" { server.document-root = "/var/www/" auth.require = () }