我在一个 Wordpress 网站上工作,我的页面正在使用一个永久链接结构,该结构 mod_rewrites 它们看起来像目录。对于一些页面,我想使用基本身份验证来密码保护一些页面。我将如何在我的 .htaccess 文件中写这个?我是在保护文件还是重写地址?
问问题
4205 次
3 回答
8
您不需要 mod_rewrite 为此,希望这应该可以解决问题:
SetEnvIfNoCase Request_URI ^/some/path/to/protect require_auth=true
SetEnvIfNoCase Request_URI ^/another/protected/path require_auth=true
# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
mod_auth 和 mod_env 模块应该优先于 mod_rewrite,所以你的假目录结构应该保持不变。您只需要SetEnvIfNoCase Request_URI ^/some/path/to/protect require_auth=true为每个人填写一个,然后填写其余的身份验证内容以满足您的需要。
于 2012-08-30T21:15:40.130 回答
1
我对此解决方案的唯一问题是单击取消按钮将显示受保护的页面。我试图通过使用来解决这个问题:
RewriteCond %{REMOTE_USER} !user
RewriteRule ^/protected-page /unauthenticated-page [R=401]
但这没有用。我不确定为什么。
为了快速而肮脏地解决问题,我添加了
ErrorDocument 401 "You don't have access."
要创建重定向,我使用了这个
ErrorDocument 401 '<html><head><meta http-equiv="refresh" content="0; url=/unauthenticated-page" /></head><body></body></html>'
于 2015-03-31T08:46:17.613 回答
1
For those who came here with same problem as me, with .htaccess like this
AuthType Basic
AuthName "some_name"
AuthUserFile "/path/to/password/passwd"
require valid-user
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
rules above are not working as I expected (authorize, then rewrite)
because of directive merging order ("If" is merged last)
thanks to comment from Alek to point that out
so when I removed IfModule brackets, the rules have begun to work for me.
于 2016-02-03T17:39:50.323 回答