开发者

htaccess rewrite and auth conflict

问答 作者:

I have 2 directories each with a .htaccess file:

html/.htaccess - There is a rewrite in this file to send almost everything to url.php

RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$
RewriteRule (.*)$ /url.php [L]

and html/exported/.htaccess

AuthType Basic
AuthName "exported"
AuthUserFile "/home/siteuser/.htpasswd"
require valid-user

If I remove html/exported/.htaccess the rewritin开发者_StackOverflow中文版g works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine.

However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

As far as I understand, the '404' error occurs because Apache cannot find the '401 Authentication Needed' page. So I simply solved it by creating html/401.html, and adding

ErrorDocument 401 /401.html

to my html/.htaccess

Hint was taken from http://drupal.org/node/52465#comment-106353

I think you may have meant this for your regex:

RewriteCond %{REQUEST_URI} !(^exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico)$)
RewriteRule (.*)$ /url.php [L]

Does html/exported/exported/ work in your current setup by any chance?

If none of above works for your scenario, Basic Authentication can also be done using php script

<?php
session_start();
if (isset($_SESSION['newlogin'])) { 
unset($_SESSION['newlogin']);
unset($_SESSION['loggedout']);
};
$valid_passwords = array ("admin" => "mypass");
$valid_apasswords = array ("admin" => "mypass");
$valid_users = array_keys($valid_passwords);
$valid_admin = array_keys($valid_apasswords);

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

$avalidated = (in_array($user, $valid_admin)) && ($pass == $valid_apasswords[$user]);
$uvalidated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
$validated = (($uvalidated == true) || ($avalidated == true)) ;

if (!$validated || isset($_SESSION['loggedout'])) {
        $_SESSION['newlogin'] = true;
        header('WWW-Authenticate: Basic realm="Login Area"');
        header('HTTP/1.0 401 Unauthorized');
        ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div id="messagebox">Authorisation Required.</div>
</body>
</html>
        <?php
        exit;
};

?>

If you do not need any rewriting to occure in /html/exported/, why not to just turn off Rewriting engine in that folder: RewriteEngine Off

继续阅读:.htaccessmod-rewrite

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9