问题描述

我们有一个drupal网站a.com，该网站受密码保护.我希望不是所有的a.com/api/... URI.所以我读了关于SetEnvIf:

We have a drupal website a.com that is password protected. I want all a.com/api/... URIs not to be, though. So I've read about SetEnvIf:

AuthName "Stage"
AuthType Basic
AuthUserFile ~/.htpasswd
SetEnvIf Request_URI ".*data_sheets.*\.pdf" noauth
SetEnvIf Request_URI "/api/.+" noauth
SetEnvIfNoCase Request_Method OPTIONS noauth
Order Deny,Allow
Deny from all
Require valid-user
Allow from env=noauth
Satisfy Any

尽管/api/foobar URI仍然要求输入密码.由于这是一个Drupal网站，因此在anubhava的帮助下，我们认为它与index.php如何处理请求有关.

The /api/foobar URIs are still asking for a password though. Since it's a Drupal website, with the help of anubhava we figured it has to do with how the request is handled by index.php.

如何处理?

编辑

添加

RewriteCond %{REQUEST_URI} ^/api/ [NC]
RewriteRule ^ - [E=noauth]

紧接着

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]

同伴帮助

推荐答案

我已经迟了两年，但我已经制定了关于发生的事情以及如何解决它的详尽解释.简短版本:

I’m two years late but I’ve worked out a thorough explanation of what’s going on and how you can work around it. The short version:

RewriteRule由子请求完成. SetEnvIf模块在子请求中不会继承REQUEST_URI变量.在这些子请求中，您的noauth变量最终未定义.

RewriteRule is fulfilled by a subrequest. The SetEnvIf module doesn’t inherit the REQUEST_URI variable in subrequests. Your noauth variable ends up as undefined in these subrequests.

将<Location>和<LocationMatch>块与mod_core的SetEnv一起使用，而不是依赖于mod_setenvif.

Use <Location> and <LocationMatch> blocks together with mod_core’s SetEnv instead of relying on mod_setenvif.

这篇关于将SetEnvIf重写为index.php时，如何在Request_URI中使用SetEnvIf?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！