密码保护Web目录和文件

本文介绍了密码保护Web目录和文件的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

一个用户进入我的网站，到达主页上，他/她要始终只在首页上。所有其他文件是由网页中运行的脚本，但用户不应该定位到它们。因此，这里是我的目录布局：

他们将到达Front.php并应总是留在前台。所以，我创建了一个htaccess文件，有这个code：

DirectoryIndex的Front.php的index.html 与AuthType基本 AuthName指令登陆 的AuthUserFile /disks/*/*/*/.htpasswd 需要有效的用户

目前，一切需要验证。但我想要的一切除了 Front.php需要身份验证。我怎样才能排除Front.php从认证？

此外，将这种验证prevent运行或者脚本时它只是prevent用户从导航的到的通过URL文件？

解决方案   

现在，一切都需要验证。但我想要的一切，除了Front.php需要身份验证。我怎样才能排除Front.php从认证？

尝试：

SetEnvIfNoCase REQUEST_URI ^ / Front.php norequire_auth =真 ＃验证的东西 与AuthType基本 AuthName指令登陆 的AuthUserFile /disks/*/*/*/.htpasswd ＃设置一个拒绝/允许 订单拒绝，允许 ＃从每个人都拒绝 所有拒绝 ＃除非以下任一满意 满足任何 ＃1，有效的身份验证的用户 需要有效的用户 ＃或2的require_auth变量被设置 从ENV = norequire_auth允许

本使用手托指令，并将它设置的 任何 的，这意味着无论是需要有效的用户或允许是不够好。变量 norequire_auth 仅被设置在URI是 /Front.php 。您可以通过添加其他 SetEnvIfNoCase 指令添加，如果你想要更多的白名单中的URI。

  

此外，将这种验证prevent运行的脚本还是只是prevent用户从通过URL定位到该文件？

它不会prevent运行，如果你通过包括或要求。但是，如果你的直接从 Front.php 的HTML内容链接的他们，登录对话框会弹出一个Front.php。

A user enters my website and arrives at the home page, he/she should always and only be at home page. All other files are scripts that are run by the homepage but the user should never navigate to them. So here's my directory layout:

They will arrive at Front.php and should always stay at Front. So I created an htaccess file that has this code:

DirectoryIndex Front.php index.html AuthType Basic AuthName "Login" AuthUserFile /disks/*/*/*/.htpasswd Require valid-user

Right now, EVERYTHING requires authentication. But I want everything except Front.php to require authentication. How can I exclude Front.php from the authentication?

Also, will this authentication prevent the scripts from running or does it just prevent the user from navigating TO the file via url?

解决方案

Right now, EVERYTHING requires authentication. But I want everything except Front.php to require authentication. How can I exclude Front.php from the authentication?

Try:

SetEnvIfNoCase Request_URI ^/Front.php norequire_auth=true # Auth stuff AuthType Basic AuthName "Login" AuthUserFile /disks/*/*/*/.htpasswd # Setup a deny/allow Order Deny,Allow # Deny from everyone Deny from all # except if either of these are satisfied Satisfy any # 1. a valid authenticated user Require valid-user # or 2. the "require_auth" var is set Allow from env=norequire_auth

This uses the Satisfy directive and sets it to any, meaning either the Require valid-user or the Allow is good enough. The variable norequire_auth only gets set when the URI is /Front.php. You can add additional whitelisted URI's if you want by including additional SetEnvIfNoCase directives.

Also, will this authentication prevent the scripts from running or does it just prevent the user from navigating TO the file via url?

It won't prevent the scripts from running, if you include them via a include or require. But if you directly link to them from Front.php's HTML content, the login dialog will pop up for Front.php.