我正在尝试保护包含特定字符串的 url:
RewriteCond %{QUERY_STRING} foo
RewriteRule - [E=NEED_AUTH:1]
Options -Indexes
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
allow from all
satisfy any
deny from env=NEED_AUTH
Require valid-user
我想这应该在加载时弹出身份验证对话框
index.php?format=foo
但它不起作用。我尝试了其他几个 RewriteConds 例如
RewriteCond %{QUERY_STRING} format=foo
RewriteCond %{QUERY_STRING} ^format=foo$
没有运气。使用
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 3
不记录任何东西。
有什么建议么?:)
为了补充乔恩的答案,我遇到了与 OP 类似的问题。但我发现这allow from env=!NEED_AUTH不起作用,所以我不得不在 Rewrite Condition 中反转它,RewriteCond %{QUERY_STRING} !format=foo 然后反转 allow allow from env=NEED_AUTH。因此,这是有效的代码段:
RewriteCond %{QUERY_STRING} !foo=bar
RewriteRule ^ - [E=NO_AUTH:1]
Order deny,allow
Deny from all
AuthType basic
AuthName "Auth Needed"
AuthUserFile "/etc/httpd/conf.d/.htpasswd"
Require valid-user
Allow from env=NO_AUTH
Satisfy Any
Make sure you've turned on the rewrite engine using RewriteEngine On. Also, there's an error in your RewriteRule:
RewriteRule - [E=NEED_AUTH:1]
Needs to have 2 parameters before the flags:
RewriteRule ^ - [E=NEED_AUTH:1]
Aside from that, it doesn't look like you've setup authentication correctly. You'll need a AuthName to define the realm, apache won't do authentication without it. And I don't think you can force authentication with a allow from all, you might need to do this the other way around, by denying all and allow from env=!NEED_AUTH
如此处所述(基于查询字符串的 Apache 权限),我无法在 Apache 2.4.6 中获得“RewriteRule”和“Allow from env”的组合。