密码保护Web目录和文件密码保护、文件、目录、Web
一个用户进入我的网站,到达主页上,他/她要始终只在首页上。所有其他文件是由网页中运行的脚本,但用户不应该定位到它们。因此,这里是我的目录布局:
他们将到达Front.php并应总是留在前台。所以,我创建了一个htaccess文件,有这个code:
DirectoryIndex的Front.php的index.html
与AuthType基本
AuthName指令登陆
的AuthUserFile /disks/*/*/*/.htpasswd
需要有效的用户
目前,一切需要验证。但我想要的一切除了 Front.php需要身份验证。我怎样才能排除Front.php从认证?
此外,将这种验证prevent运行或者脚本时它只是prevent用户从导航的到的通过URL文件?
解决方案现在,一切都需要验证。但我想要的一切,除了Front.php需要身份验证。我怎样才能排除Front.php从认证?
尝试:
SetEnvIfNoCase REQUEST_URI ^ / Front.php norequire_auth =真
#验证的东西
与AuthType基本
AuthName指令登陆
的AuthUserFile /disks/*/*/*/.htpasswd
#设置一个拒绝/允许
订单拒绝,允许
#从每个人都拒绝
所有拒绝
#除非以下任一满意
满足任何
#1,有效的身份验证的用户
需要有效的用户
#或2的require_auth变量被设置
从ENV = norequire_auth允许
本使用手托指令,并将它设置的 任何 的,这意味着无论是需要有效的用户或允许是不够好。变量 norequire_auth 仅被设置在URI是 /Front.php 。您可以通过添加其他 SetEnvIfNoCase 指令添加,如果你想要更多的白名单中的URI。
此外,将这种验证prevent运行的脚本还是只是prevent用户从通过URL定位到该文件?
它不会prevent运行,如果你通过包括或要求。但是,如果你的直接从 Front.php 的HTML内容链接的他们,登录对话框会弹出一个Front.php。
A user enters my website and arrives at the home page, he/she should always and only be at home page. All other files are scripts that are run by the homepage but the user should never navigate to them. So here's my directory layout:
They will arrive at Front.php and should always stay at Front. So I created an htaccess file that has this code:
DirectoryIndex Front.php index.html
AuthType Basic
AuthName "Login"
AuthUserFile /disks/*/*/*/.htpasswd
Require valid-user
Right now, EVERYTHING requires authentication. But I want everything except Front.php to require authentication. How can I exclude Front.php from the authentication?
Also, will this authentication prevent the scripts from running or does it just prevent the user from navigating TO the file via url?
解决方案Right now, EVERYTHING requires authentication. But I want everything except Front.php to require authentication. How can I exclude Front.php from the authentication?
Try:
SetEnvIfNoCase Request_URI ^/Front.php norequire_auth=true
# Auth stuff
AuthType Basic
AuthName "Login"
AuthUserFile /disks/*/*/*/.htpasswd
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is set
Allow from env=norequire_auth
This uses the Satisfy directive and sets it to any, meaning either the Require valid-user or the Allow is good enough. The variable norequire_auth only gets set when the URI is /Front.php. You can add additional whitelisted URI's if you want by including additional SetEnvIfNoCase directives.
Also, will this authentication prevent the scripts from running or does it just prevent the user from navigating TO the file via url?
It won't prevent the scripts from running, if you include them via a include or require. But if you directly link to them from Front.php's HTML content, the login dialog will pop up for Front.php.
