问题描述
我们有一个drupal网站a.com
,该网站受密码保护.我希望不是所有的a.com/api/...
URI.所以我读了关于SetEnvIf
:
We have a drupal website a.com
that is password protected. I want all a.com/api/...
URIs not to be, though. So I've read about SetEnvIf
:
AuthName "Stage"
AuthType Basic
AuthUserFile ~/.htpasswd
SetEnvIf Request_URI ".*data_sheets.*\.pdf" noauth
SetEnvIf Request_URI "/api/.+" noauth
SetEnvIfNoCase Request_Method OPTIONS noauth
Order Deny,Allow
Deny from all
Require valid-user
Allow from env=noauth
Satisfy Any
尽管/api/foobar
URI仍然要求输入密码.由于这是一个Drupal网站,因此在anubhava的帮助下,我们认为它与index.php如何处理请求有关.
The /api/foobar
URIs are still asking for a password though. Since it's a Drupal website, with the help of anubhava we figured it has to do with how the request is handled by index.php.
如何处理?
编辑
添加
RewriteCond %{REQUEST_URI} ^/api/ [NC]
RewriteRule ^ - [E=noauth]
紧接着
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
同伴帮助
推荐答案
我已经迟了两年,但我已经制定了关于发生的事情以及如何解决它的详尽解释.简短版本:
I’m two years late but I’ve worked out a thorough explanation of what’s going on and how you can work around it. The short version:
RewriteRule由子请求完成. SetEnvIf模块在子请求中不会继承REQUEST_URI变量.在这些子请求中,您的noauth变量最终未定义.
RewriteRule is fulfilled by a subrequest. The SetEnvIf module doesn’t inherit the REQUEST_URI variable in subrequests. Your noauth variable ends up as undefined in these subrequests.
将<Location>
和<LocationMatch>
块与mod_core的SetEnv
一起使用,而不是依赖于mod_setenvif.
Use <Location>
and <LocationMatch>
blocks together with mod_core’s SetEnv
instead of relying on mod_setenvif.
这篇关于将SetEnvIf重写为index.php时,如何在Request_URI中使用SetEnvIf?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!