Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MBodunov2020-05-29 08:45:22
htaccess
MBodunov, 2020-05-29 08:45:22

Authorization via .htaccess?

On the site I made authorization using the Apache module auth_form_module through .htaccess
It is written in .htaccess

Session On
SessionCookieName session path=/
SessionMaxAge 86400
#SessionCryptoPassphrase secret
AuthFormProvider file
AuthName "authenticationform"
AuthType form
AuthUserFile www/path_to_domains/login/passwords
AuthFormFakeBasicAuth On
ErrorDocument 401 "/log/aulogin.html" 
Require valid-user
<Files "/log/aulogin.html">
Allow from all
</Files>
ErrorDocument 404 /errdoc.php
#RequestHeader set X-Remote-User expr=%{REMOTE_USER}
#   Кеширование #
<IfModule mod_expires.c>
    ExpiresActive on

    ExpiresDefault "access plus 1 month"

    # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
    ExpiresByType text/cache-manifest "access plus 0 seconds"

    # html
    ExpiresByType text/html "access plus 0 seconds"

    # XML
    ExpiresByType text/xml "access plus 0 seconds"
    ExpiresByType application/xml "access plus 0 seconds"

    # RSS
    ExpiresByType application/rss+xml "access plus 1 hour"

    # Favicon
    ExpiresByType image/x-icon "access plus 1 week"

    # Картинки
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"

    # HTC файлы  (например css3pie)
    ExpiresByType text/x-component "access plus 1 month"

    # Нестандартные шрифты сайта
    ExpiresByType application/x-font-ttf "access plus 1 month"
    ExpiresByType font/opentype "access plus 1 month"
    ExpiresByType application/x-font-woff "access plus 1 month"
    ExpiresByType image/svg+xml "access plus 1 month"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

    # CSS и javascript
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType application/javascript "access plus 1 year"

</IfModule>

# Cache-Control браузера
<ifModule mod_headers.c>
    # 30 дней
    <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
    </filesMatch>
    # 30 дней
    <filesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=2592000, public"
    </filesMatch>
    # 2 дня
    <filesMatch "\.(xml|txt)$">
    Header set Cache-Control "max-age=172800, public, must-revalidate"
    </filesMatch>
    # 1 день
    <filesMatch "\.(html|htm|php)$">
    Header set Cache-Control "max-age=172800, private, must-revalidate"
    </filesMatch>
</ifModule>


<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

    ############################################################################
    #### Убираем повторяющиеся слеши (/) в URL                              ####
    ############################################################################
    RewriteCond %{REQUEST_URI} ^(.*)/{2,}(.*)$
                #Проверяем, повторяется ли слеш (//) более двух раз.
    RewriteRule . %1/%2 [R=301,L]
                #Исключаем все лишние слеши.



  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-s
  RewriteCond %{REQUEST_FILENAME} !-l
  RewriteRule ^(.+)$ /index.php?%{QUERY_STRING} [L]
  # RewriteRule ^(.+)$ /errdoc.php?%{QUERY_STRING} [L]
</IfModule>

php_flag register_globals off
php_flag magic_quotes_gpc off

php_value display_errors 1
php_value error_reporting 2047

When developing, I used a local OpenServer server on which everything worked fine.
The mechanism is as follows: a form is opened from the subdirectory in the \log\ subdirectory, after which the router.php file launches the \login\index.php file, which prescribes different cookies.
When transferring to an external hosting, authorization does not pass. I get the error
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (eg, bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
dodo512, 2020-05-29
@dodo512

We just tried it: it turns out that if you enable php in module mode, then authorization passes, but if it’s like CGI, it doesn’t work

For CGI mode, you can add httpd.apache.org/docs/2.4/mod/core.html#cgipassauth to .htaccess
CGIPassAuth on

Report
V
Viktor Taran, 2020-06-03
@shambler81

www/path_to_domains/login/passwords - you need a full path from the root

Similar questions
R
rejis62020-03-15 17:30:33
How to store initial data in Unity under Andriod? 2Reply
O
Optimus2017-08-10 16:06:40
How to redirect all requests to another folder? 0Reply
A
AndreyTT2015-09-06 15:51:33
How to close LIGHTSQUID page in Apache2 webserver using .htaccess? 2Reply
A
Artem2017-08-11 10:02:59
How to create a rule in .htaccess for a redirect? 1Reply
D
DanielOlivo2015-09-07 21:07:56
How to block public proxies? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question