apache 中是否有任何方法可以根据您获得的 http 代码响应设置重写条件?将(302)重定向到我的身份验证提供程序的 oauth 代理(apache)前面的服务器;但是我不希望它代理 websocket 目录中的任何内容——我宁愿它 403 代替。这一切都是为了防止它不断地尝试重新验证它没有被授权并为 OpenIDC 建立大量的状态 cookie。
感谢您的考虑。
像这样的东西:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^my\.server\.co$
RewriteCond %{HTTP_RESPONSE} 302
RewriteCond %{REQUEST_URI} ^/websocket
RewriteRule (.*) $1 [F,L,NC]
您应该能够使用:
<Location /websocket>
OIDCUnAuthAction 401
</Location>
如配置原语中所述:
# (Optional)
# Defines the action to be taken when an unauthenticated request is made.
# "auth" means that the user is redirected to the OpenID Connect Provider or Discovery page.
# "401" means that HTTP 401 Unauthorized is returned.
# "pass" means that an unauthenticated request will pass but claims will still be passed when a user happens to be authenticated already
# Useful in Location/Directory/Proxy path contexts that serve AJAX/Javascript calls and for "anonymous access"
# When not defined the default "auth" is used.
#OIDCUnAuthAction [auth|pass|401]
(它会返回 401 状态码而不是 403)
其他解决方案
RewriteEngine on
ErrorDocument 403 /%{REQUEST_URI}/403.shtml
ErrorDocument 404 /%{REQUEST_URI}/404.shtml
RewriteCond %{REQUEST_URI} /([0-9]{3}+).shtml$ [NC]
RewriteRule (.*) $1 [R=%1,L]