我正在尝试使用 mod_auth_form 构建代理 HTTP 授权页面
我的目标是在 DocumentRoot 中拥有一个身份验证页面目录,然后一旦用户连接,只需将所有路由代理到“真实”应用程序,在本地主机上使用另一个端口运行。
我在根目录 Location 下使用 Auth 指令设置了我的虚拟主机:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location /login.html>
Order allow,deny
Allow from all
</Location>
<Location />
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
编辑
我所需要的只是颠倒 <Location></Location> 的顺序指令...并为表单处理程序添加一个特殊位置。
工作解决方案:
<VirtualHost *:80>
ServerName subdomain.example.com
DocumentRoot /var/www/subdomain.example.com/web/
<Location />
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login_check.html>
SetHandler form-login-handler
AuthType Form
AuthName realm
AuthFormProvider file
AuthUserFile /var/www/subdomain.example.com/.htpasswd
AuthFormLoginRequiredLocation "http://subdomain.example.com/login.html"
AuthFormLoginSuccessLocation "http://subdomain.example.com/"
require valid-user
Session On
SessionCookieName session path=/
SessionCryptoPassphrase any-secret-passphrase
</Location>
<Location /login.html>
Order allow,deny
Allow from all
</Location>
ProxyPreserveHost On
ProxyPass /login.html !
ProxyPassReverse /login.html !
ProxyPass / http://localhost:8888
ProxyPassReverse / http://localhost:8888
ErrorLog ${APACHE_LOG_DIR}/subdomain.example.com/error.log
CustomLog ${APACHE_LOG_DIR}/subdomain.example.com/access.log combined
</VirtualHost>
当我尝试访问 subdomain.example.com 时,我被重定向到 subdomain.example.com/login.html (这很好!)
此/var/www/subdomain.example.com/web/login.html 页面的内容:
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta name='viewport' content='width=device-width' />
<title>Authentication</title>
</head>
<body>
<form method='POST' action='/login_check.html'>
<div class='form-group'>
<label for='httpd_username'>Username</label>
<input id='http_username' class='form-control' type='text' name='httpd_username' value='' />
</div>
<div class='form-group'>
<label for='httpd_password'>Password</label>
<input id='httpd_password' class='form-control' type='password' name='httpd_password' value='' />
</div>
<div class='form-group'>
<input class='btn btn-success' type='submit' name='login' value='Login' />
</div>
</form>
</body>
</html>
但是,这个login.html页面永远不会显示,我收到TOO_MANY_REDIRECTS错误:
The webpage at http://subdomain.example.com/login.html has resulted in too many redirects.
似乎这条特殊的路线必须由身份验证过程“锁定”...但我不知道如何启用它...
我尝试添加另一个 ErrorDocument 401 /login.html指令,但它没有改变任何东西。
最佳答案
Apache 按照看到的顺序解析配置指令,并将它们应用到指定位置及其下面的所有内容,因此 require valid-user来自您的<Location /> block 覆盖 Allow from all来自您的<Location /login.html>阻止 - 您最终需要身份验证才能访问任何内容(包括 login.html ),因此您在访问 login.html 时开始未经授权并被重定向到login.html登录。这是适合您的循环。
关于Apache2 mod_auth_form 位置下重定向过多,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30708824/