我嘗試限制對所有路徑(包括 test.tonnerklaps.local)的某個虛擬主機的訪問。唯一可公開訪問的路徑應該是“/webhook/bitbucket”。
這是我的主機配置:
<VirtualHost *:443>
ServerName test.tonnerklaps.local
DocumentRoot /srv/satisfy/public
SSLCertificateFile /etc/ssl/certs/test.tonnerklaps.local.pem
SSLCertificateKeyFile /etc/ssl/private/test.tonnerklaps.local-key.pem
<Location "/">
LogMessage "L root %{REQUEST_URI}"
<RequireAll>
AuthType Basic
AuthName "Resticted Access"
AuthBasicProvider file
AuthUserFile "/var/www/passwd/passwords"
Require user packagist
</RequireAll>
</Location>
<Location "/webhook/bitbucket">
LogMessage "L webhook %{REQUEST_URI}"
Require all granted
</Location>
</VirtualHost>
問題是我也被要求在“/webhook/bitbucket”上進行身份驗證。有趣的是,它似乎與“/”有關。
因為這是按預期作業的:
<Location "/admin">
LogMessage "L admin %{REQUEST_URI}"
<RequireAll>
AuthType Basic
AuthName "Resticted Access"
AuthBasicProvider file
AuthUserFile "/var/www/passwd/passwords"
Require user packagist
</RequireAll>
</Location>
<Location "/admin/configuration">
LogMessage "L admin.configuration %{REQUEST_URI}"
Require all granted
</Location>
但真正讓我感到驚訝的是,以下內容也不起作用。盡管 else 路徑永遠不會被記錄,但我在“/webhook/bitbucket”上得到了身份驗證提示。
<If "%{REQUEST_URI} == '/webhook/bitbucket'">
LogMessage "If %{REQUEST_URI}"
Require all granted
</If>
<Else>
LogMessage "Else %{REQUEST_URI}"
<RequireAll>
AuthType Basic
AuthName "Resticted Access"
AuthBasicProvider file
AuthUserFile "/var/www/passwd/passwords"
Require user packagist
</RequireAll>
</Else>
對此有什么想法嗎?
我嘗試composer create-project playbloom/satisfy在 Apache/2.4.54 (Ubuntu) 上運行滿足 ()。我對另一個 php 應用程式(concreteCMS)也有同樣的行為。
更新
我在<Location>沒有應用程式的情況下進行了測驗(剛剛創建了檔案夾結構和 index.php 檔案)。這是有效的。無論如何,仍然不知道為什么它不能在應用程式中作業以及為什么<If>不能作業。
更新 2
這是我正在使用的最新配置。
<Location "/webhook/bitbucket">
AuthMerging Off
LogMessage "L webhook %{REQUEST_URI}"
AuthType None
Require all granted
</Location>
<Location "/">
LogMessage "L root %{REQUEST_URI}"
AuthMerging Off
AuthType Basic
AuthName "Resticted Access"
AuthBasicProvider file
AuthUserFile "/var/www/passwd/passwords"
Require user packagist
</Location>
更新 3
滿足/公共檔案夾中有這個 .htaccess-File。它一定與此有關,但我還不能解決這個問題。
<IfModule mod_rewrite.c>
Options -MultiViews Indexes
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
RewriteCond %{REQUEST_URI}::$1 ^(/. )/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Set the HTTP_AUTHORIZATION header removed by apache as environment variable.
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content.
# We only do this redirect on the initial rewrite to prevent endless redirect loops.
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]
# If the requested filename exists or should exist, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_URI} =/favicon.ico [OR]
RewriteCond %{REQUEST_URI} =/robots.txt
RewriteRule .? - [L]
# Rewrite all other queries to the front controller.
RewriteRule .? %{ENV:BASE}/index.php [QSA,L]
</IfModule>
#Compress JSON files
<IfModule mod_headers.c>
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE application/json
</IfModule>
</IfModule>
</IfModule>
uj5u.com熱心網友回復:
我的問題似乎沒有解決方案,因為在每次重寫之前和之后都會檢查請求(這很有意義)。所以路徑“/webhook/bitbucket”被重寫為 index.php 并且在重寫之后看起來不可能檢查原始請求是什么($REQUEST_URI 不再是“/webhook/bitbucket”)。至少在 apache 級別上是這樣。該應用程式似乎以某種方式獲得了相同的請求 uri。仍然不完全確定這部分是如何作業的。如果有人可以提供有關此的更多資訊,我很樂意聽到。
我最終禁用了 .htaccess 并將其與我的 vh 配置合并。所以我可以防止 webhook 路徑被重寫,并且可以只允許無限制地訪問這個路徑。然后我稱它為index.php/webhook/bitbucket. 只要.htaccess 沒有相關更改,這也是更新保存。
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName packagist.lemonbrain.ch
DocumentRoot /var/www/html/satisfy/public
SSLEngine on
<Directory "/var/www/html/satisfy/public">
AuthType Basic
AuthName "Resticted Access"
AuthBasicProvider file
AuthUserFile "/var/www/passwd/passwords"
<RequireAny>
# only allow unauthenticated access to the bitbucket webhook
Require expr "%{REQUEST_URI} == '/index.php/webhook/bitbucket'"
Require user packagist
</RequireAny>
# disable .htaccess in satisfy/public
AllowOverride None
RewriteEngine On
# do not rewrite the bitbucket webhook (leave index.php) for the require above to work
RewriteCond %{REQUEST_URI} "=/index.php/webhook/bitbucket"
RewriteRule .* - [END]
#################################################################################
# this is the content of the .htaccess in satify/public #
# so if there is something not working after updating satisfy check and compare #
#################################################################################
Options -MultiViews Indexes
# RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
RewriteCond %{REQUEST_URI}::$1 ^(/. )/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Set the HTTP_AUTHORIZATION header removed by apache as environment variable.
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content.
# We only do this redirect on the initial rewrite to prevent endless redirect loops.
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]
# If the requested filename exists or should exist, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_URI} =/favicon.ico [OR]
RewriteCond %{REQUEST_URI} =/robots.txt
RewriteRule .? - [L]
# Rewrite all other queries to the front controller.
RewriteRule .? %{ENV:BASE}/index.php [QSA,L]
#Compress JSON files
<IfModule mod_headers.c>
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE application/json
</IfModule>
</IfModule>
</IfModule>
###########################
# end of copied .htaccess #
###########################
</Directory>
</VirtualHost>
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/510607.html
標籤:阿帕奇基本认证