问题描述

在我的 Apache 2 配置中，我有一个 VirtualHost 看起来像这样:

In my Apache 2 config I have a VirtualHost which looks something like this:

<VirtualHost *:80>
  ServerName sub.domain.com

  # username:password sent on to endpoint
  RequestHeader set Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ=="

  ProxyPass        /xyz http://192.168.1.253:8080/endpoint
  ProxyPassReverse /xyz http://192.168.1.253:8080/endpoint

  <Location /xyz>
    # This needs to let users through under the following circumstances
    #   * They are in 192.168.1.0/24
    #   * They have a valid user in a htpasswd file

    # So what goes here?
  </Location>
</VirtualHost>

我使用虚拟主机作为网络上另一台服务器(我将称之为端点)的反向代理.

I am using the virtual host as reverse proxy to another server (which I will call the endpoint) on the network.

我试图找出一种配置，允许网络内的用户浏览到 sub.domain.com 以自动为端点提供服务.但是，应提示网络外的用户输入凭据

I am trying to figure out a configuration that would allow users inside the network browsing to sub.domain.com to automatically be served the endpoint. However, users outside the network should be prompted for credentials

端点需要一个密码，我使用 RequestHeader(我想要)隐藏了该密码.应该提示外部用户的密码是不同的，并且需要是 BasicAuth，从 htpasswd 文件中获取它的用户列表.

The endpoint requires a password which I have hidden by using RequestHeader (which I want). The password external users should be prompted by is DIFFERENT and will need to be BasicAuth, getting it's user list from a htpasswd file.

推荐答案

<Location /xyz>
  # This needs to let users through under the following circumstances
  #   * They are in 192.168.1.0/24
  #   * They have a valid user in a htpasswd file

直接来自 http://httpd.apache.org/docs/2.2/mod/core.html#satisfy:

  Require valid-user
  Order allow,deny
  Allow from 192.168.1
  Satisfy any

当然，您还需要包含您的 AuthUserFile 或任何指令

Of course, you also need to include your AuthUserFile or whatever directives

  AuthType basic
  AuthName "yadayadayada"
  AuthUserFile /foo/bar/blah/.htpasswd
</Location>

这篇关于Apache2 - 使用 BasicAuth 针对某个位置授权用户，但仅适用于本地子网之外的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！