我们在我们的某个子域上有“HTTP 基本身份验证”,但希望允许所有内容访问该子域上的特定 URL,而无需进行身份验证(对于第 3 方访问我们的 webhook URL)。
所以我尝试使用 SetEnvIf Request_URI ^/webhook/ allow 来允许 Allow from env=allow(完整文件如下)但似乎因为我们有一些 mod_rewrite 规则来将所有这些 URL 重写到 PHP 入口点,一旦达到这一点,Request_URI 就永远不会实际上是 /webhook(猜测但不知道如何 100% 确认这一点。
不管 URL 是什么,它仍然要求基本的身份验证用户/通行证。
请注意,.htaccess 文件在我们所有的域/子域上都是相同的,而 VirtualHost 只能为此子域配置。
带有“HTTP Basic Auth”配置部分的完整 VirtualHost 配置:
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
DocumentRoot /var/www/sub.ourdomain.co.uk/blah/www
ServerAdmin x@ourdomain.co.uk
ServerName sub.ourdomain.co.uk
ServerAlias www.sub.ourdomain.co.uk
ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 /403.html
ErrorDocument 404 /error.php
ErrorDocument 405 /error.php
ErrorDocument 408 /error.php
ErrorDocument 410 /error.php
ErrorDocument 411 /error.php
ErrorDocument 412 /error.php
ErrorDocument 413 /error.php
ErrorDocument 414 /error.php
ErrorDocument 415 /error.php
ErrorDocument 500 /error.php
ErrorDocument 501 /error.php
ErrorDocument 502 /error.php
ErrorDocument 503 /error.php
ErrorDocument 506 /error.php
ErrorLog /var/log/httpd/sub.ourdomain.co.uk.apache.log
CustomLog /var/log/httpd/sub.ourdomain.co.uk.access.log combined
<Directory "/var/www/sub.ourdomain.co.uk/blah/www">
SetEnvIf Request_URI ^/webhook/ allow
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/passwords/sub.ourdomain.co.uk
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "allow" var is set
Allow from env=allow
</Directory>
</VirtualHost>
.htaccess mod_rewrite 规则:
RewriteCond %{REQUEST_METHOD} !(^GET|^POST|^HEAD)
RewriteRule .* - [R=405,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(/img|/js|/css|/fonts)
RewriteRule ^(.*)$ /boot.php
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ /boot.php
Edit 1 - 根据我也尝试过的评论:SetEnv allow true 和 SetEnv allow 1 消除了是否是 URL 的疑问,并且它仍然要求提供基本的身份验证密码,所以它可能与 URL 无关。
编辑 2 - 添加整个 .htaccess 以确保我没有遗漏其他内容:
php_value max_input_vars 4000
RewriteEngine on
# Disallow other HTTP verbs such as PUT and DELETE
RewriteCond %{REQUEST_METHOD} !(^GET|^POST|^HEAD)
RewriteRule .* - [R=405,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(/img|/js|/css|/fonts|/twig|/pdf|/vendors|/server-status)
RewriteRule ^(.*)$ /boot.php
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ /boot.php
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
AddType font/woff .woff
<IfModule mod_deflate.c>
AddOutputFilterByType DEflaTE text/css text/javascript application/x-javascript application/javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json font/woff font/otf font/eot font/ttf
</IfModule>
<ifModule mod_expires.c>
Expiresactive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType font/ttf "access plus 604800 seconds"
ExpiresByType font/eot "access plus 604800 seconds"
ExpiresByType font/otf "access plus 604800 seconds"
ExpiresByType font/woff "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 604800 seconds"
ExpiresByType application/x-javascript "access plus 604800 seconds"
</ifModule>
<ifModule mod_headers.c>
<filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=2592000,public,proxy-revalidate"
</filesMatch>
<filesMatch "\\.(js|css|ttf|eot|otf|woff)$">
Header set Cache-Control "max-age=604800,proxy-revalidate"
</filesMatch>
<filesMatch "\\.(xml|txt)$">
Header set Cache-Control "max-age=216000,must-revalidate"
</filesMatch>
</ifModule>
编辑 3 - 抱歉,应该提到我们现在停留在 Apache 2.2 上。