当前位置: 动力学知识库 > 问答 > 编程问答 >

php - htaccess: RewriteEngine On and AuthUserFile conflict

问题描述:

Let's consider the folder www.mydomain.com/exemple protected with the following .htaccess:

.htaccess

AuthUserFile /root/FTPname/www/.htpasswd

AuthGroupFile /dev/null

AuthName "Restricted Access"

AuthType Basic

require valid-user

I want to allow the access to the exemple folder only if a user has a specific cookie, or I raise an error (with the following [F] flag). Then I implemented the following code:

.htaccess

RewriteEngine On

RewriteCond %{HTTP_COOKIE} !CookieName=CookieValue

RewriteRule .* - [F,L]

AuthUserFile /root/FTPname/www/.htpasswd

AuthGroupFile /dev/null

AuthName "Restricted Access"

AuthType Basic

require valid-user

The problem is that when i load the exemple folder without the cookie, it goes through the authentification process first...I would like to do raise the error first. Anyone knows?

网友答案:

Try "Satisfy any" with a new environment variable. Two techniques are shown here: .htaccess basic auth by virtual host? One uses SetEnvIf, the other uses a RewriteRule to set the variable. Since SetEnvIf cannot detect cookies, you will need RewriteRule. But I found on my shared hosting platform that RewriteRule could not play with "Satisfy any." If it works for you, it will look something like:

RewriteEngine On
RewriteCond %{HTTP_COOKIE} !CookieName=CookieValue
RewriteRule .* - [L,E=DENY:1]

AuthUserFile /root/FTPname/www/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Access"
AuthType Basic

Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!DENY

See also: htaccess exclude one url from Basic Auth

Watch out that the page you are protecting does not include images, stylesheets, etc., that trigger an authentication request when the page itself does not.

分享给朋友:
您可能感兴趣的文章:
随机阅读: