使用/ var / www / docs作为根文档的Web服务器 . / var / www使userInfo.php文件只能通过身份验证才能生成,但无需authenticate即可访问 . 有问题的文件是userInfo.php目录/ var / www通过身份验证进行保护,但可以在没有密码的情况下访问特定文件 . Files指令是否正确?操作系统:Ubuntu 14.04; Apache是Web服务器
这是位于/ etc / apache2 / sites-available /中的000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <servername>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^\/share\/
RewriteRule (.*) http(s)://%{HTTP_HOST}:443%{REQUEST_URI}
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ http://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName <servername>
SSLEngine on
SSLCertificateFile /etc/docs/ssl/cert.pem
SSLCertificateKeyFile /etc/docs/ssl/key.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
AuthType Digest
AuthName "documentroot"
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require user <username>
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Files /var/www/userInfo.php>
AuthType Digest
AuthName "User Info"
AuthDigestDomain /var/www/userInfo.php https://<servername>/userInfo.php
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/userInfo.php"
</Files>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/docs>
AuthType Digest
AuthName "docs"
AuthDigestDomain /var/www/docs/ https://<servername>/docs
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/docs"
</Directory>
</VirtualHost>
ports.conf:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
#NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
有什么建议 ?干杯 .
2 回答
Files指令仅匹配路径的最后一部分,即文件名,因此您不能使用路径 .
经过大量的调整后,身份验证将被添加到/ var / www / directive而不是文件系统'/'