开发者

How to configure in Apache an exception to password protection for a CakePhp App?

I have a CakePHP Application which I want to protect with a password. The tricky thing is, that all files/locations should be only accessible with a password EXCEPT one specific Address (a function withing a CakePHP-controller)

The Address is like that:

http://example.com/MyApp/MyController/MyFunction?MyParam=开发者_如何转开发MyValue

All other locations should be only accessible with a password

http://example.com/MyApp/MyController/MyOtherFunction

http://example.com/MyApp/MyController/MyOtherFunction

http://example.com/MyApp/MyOtherController/MyOtherFunction

Well, I tried it first in the root .htaccess-File, but the whole rewrite-thing of CakePHP makes it very difficult and in .htaccess-Files are no <LocationMatch> directive allowed. So I tried it with <FilesMatch>, but the real File is always the same: index.php. mod_rewrite rewrites all Addresses to

http://example.com/MyApp/app/webroot/index.php?url=$1

In the next step I tried it in the apache-configuration and put there this section

<LocationMatch ^/MyApp/MyController/MyFunction.*>
  AuthType Basic
  AuthName "Secure Area"
  AuthUserFile /path/to/.htpasswd
  Require user MyUser
</LocationMatch>

Well the regex matched, but it was the wrong way. It protects MyFunction but not the rest.


Are you using .htpasswd? You might be better using Cake Auth, then you can do this in the appropriate controller:

function beforeFilter() {
    $this->Auth->allow('MyFunction');
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜