“UbuntuHelp:EnablingUseOfApacheHtaccessFiles”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
第2行: | 第2行: | ||
{{Languages|UbuntuHelp:EnablingUseOfApacheHtaccessFiles}} | {{Languages|UbuntuHelp:EnablingUseOfApacheHtaccessFiles}} | ||
This page was written based on Ubuntu 6.10 (Edgy), although the same may apply to other releases. | This page was written based on Ubuntu 6.10 (Edgy), although the same may apply to other releases. | ||
− | By default, Ubuntu's Apache will ignore the directives in your < | + | By default, Ubuntu's Apache will ignore the directives in your <code><nowiki>.htaccess</nowiki></code> files. |
− | === When (not) to | + | === When (not) to use .htaccess files === |
According to [http://httpd.apache.org/docs/2.0/howto/htaccess.html#when Apache.org's Apache Tutorial], | According to [http://httpd.apache.org/docs/2.0/howto/htaccess.html#when Apache.org's Apache Tutorial], | ||
− | ''"In general, you should never | + | ''"In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things."'' |
− | + | ''".htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves."'' | |
− | On Ed/X/Ubuntu 6.06 and Ubuntu Edgy Eft, the ''"main server configuration file"'' is < | + | On Ed/X/Ubuntu 6.06 and Ubuntu Edgy Eft, the ''"main server configuration file"'' is <code><nowiki> /etc/apache2/apache2.conf </nowiki></code>. |
=== OK, I know it is not recommended -- how do I do it anyway? === | === OK, I know it is not recommended -- how do I do it anyway? === | ||
− | To make < | + | To make <code><nowiki>.htaccess</nowiki></code> files work as expected, you need to edit <code><nowiki>/etc/apache2/sites-available/default</nowiki></code>. Look for a section that looks like this: |
<pre><nowiki> <Directory /var/www/> | <pre><nowiki> <Directory /var/www/> | ||
Options Indexes FollowSymLinks MultiViews | Options Indexes FollowSymLinks MultiViews | ||
第20行: | 第20行: | ||
</Directory> | </Directory> | ||
</nowiki></pre> | </nowiki></pre> | ||
− | You need to modify the line containing < | + | You need to modify the line containing <code><nowiki>AllowOverride None</nowiki></code> to read <code><nowiki>AllowOverride All</nowiki></code>. This tells Apache that it's okay to allow <code><nowiki>.htaccess</nowiki></code> files to over-ride previous directives. You must ''reload'' Apache before this change will have an effect: |
<pre><nowiki>sudo /etc/init.d/apache2 reload | <pre><nowiki>sudo /etc/init.d/apache2 reload | ||
</nowiki></pre> | </nowiki></pre> | ||
− | See http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride for more info on < | + | See http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride for more info on <code><nowiki>AllowOverride</nowiki></code>. |
=== Password-Protect a Directory With .htaccess === | === Password-Protect a Directory With .htaccess === | ||
'''Warning: On at least some versions of Ubuntu, <code><nowiki>.htaccess</nowiki></code> files will not work by default. See [[UbuntuHelp:EnablingUseOfApacheHtaccessFiles|EnablingUseOfApacheHtaccessFiles]] for help on enabling them.''' | '''Warning: On at least some versions of Ubuntu, <code><nowiki>.htaccess</nowiki></code> files will not work by default. See [[UbuntuHelp:EnablingUseOfApacheHtaccessFiles|EnablingUseOfApacheHtaccessFiles]] for help on enabling them.''' | ||
第33行: | 第33行: | ||
require valid-user | require valid-user | ||
</nowiki></pre> | </nowiki></pre> | ||
− | instead of < | + | instead of <code><nowiki>valid-user</nowiki></code>, you can also add the users you want directly |
If you want to password protect just a single file in a folder add the following lines to the <code><nowiki>.htaccess</nowiki></code> file: | If you want to password protect just a single file in a folder add the following lines to the <code><nowiki>.htaccess</nowiki></code> file: | ||
<pre><nowiki> | <pre><nowiki> | ||
第40行: | 第40行: | ||
</Files> | </Files> | ||
</nowiki></pre> | </nowiki></pre> | ||
− | Then create the file < | + | Then create the file <code><nowiki>/your/path/.htpasswd</nowiki></code> which contains the users that are allowed to login and their passwords. We do that with the <code><nowiki>htpasswd</nowiki></code> command: |
<pre><nowiki> | <pre><nowiki> | ||
htpasswd -c /path/to/your/.htpasswd user1 | htpasswd -c /path/to/your/.htpasswd user1 | ||
</nowiki></pre> | </nowiki></pre> | ||
− | The < | + | The <code><nowiki>-c</nowiki></code> flag is used only when you are creating a new file. After the first time, you will omit the <code><nowiki>-c</nowiki></code> flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!! |
Nevertheless, you should store the file in as secure a location as possible, with whatever minimum permissions on the file so that the web server itself can read the file. | Nevertheless, you should store the file in as secure a location as possible, with whatever minimum permissions on the file so that the web server itself can read the file. | ||
− | Finally we need to add the following lines to < | + | Finally we need to add the following lines to <code><nowiki>/etc/apache2/apache2.conf</nowiki></code>: |
<pre><nowiki> | <pre><nowiki> | ||
<Directory /your/path> | <Directory /your/path> | ||
第52行: | 第52行: | ||
</Directory> | </Directory> | ||
</nowiki></pre> | </nowiki></pre> | ||
− | You have to adjust < | + | You have to adjust <code><nowiki>/your/path/.htpasswd</nowiki></code> |
Restart your webserver: | Restart your webserver: | ||
<pre><nowiki> | <pre><nowiki> | ||
第58行: | 第58行: | ||
</nowiki></pre> | </nowiki></pre> | ||
==== Troubleshooting ==== | ==== Troubleshooting ==== | ||
− | If you can't access your stuff and the dialog keeps popping up, check that you entered the username and password correctly. If it still doesn't work, check the path to your < | + | If you can't access your stuff and the dialog keeps popping up, check that you entered the username and password correctly. If it still doesn't work, check the path to your <code><nowiki>.htpasswd</nowiki></code> and make sure the path specified in the <code><nowiki>AuthUserFile directive</nowiki></code> is correct. Also make sure that both the <code><nowiki>.htpasswd</nowiki></code> and <code><nowiki>.htaccess</nowiki></code> files are readable by the web server user |
− | < | + | <code><nowiki>chmod 644</nowiki></code> should do the trick! |
==== Example ==== | ==== Example ==== | ||
Here is an example on how to prevent users from access the directory, password-protect a specific file and allow userse to view a specific file: | Here is an example on how to prevent users from access the directory, password-protect a specific file and allow userse to view a specific file: | ||
第76行: | 第76行: | ||
</Files> | </Files> | ||
</nowiki></pre> | </nowiki></pre> | ||
− | == Redirect requests using .htaccess | + | === Redirect requests using .htaccess and mod_rewrite === |
Make sure Apache .htaccess is enabled and the Apache module <code><nowiki>mod_rewrite</nowiki></code> is enabled and then you can redirect requests using RewriteRules | Make sure Apache .htaccess is enabled and the Apache module <code><nowiki>mod_rewrite</nowiki></code> is enabled and then you can redirect requests using RewriteRules | ||
<pre><nowiki> | <pre><nowiki> |
2007年12月6日 (四) 10:29的版本
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
This page was written based on Ubuntu 6.10 (Edgy), although the same may apply to other releases.
By default, Ubuntu's Apache will ignore the directives in your .htaccess
files.
目录
When (not) to use .htaccess files
According to Apache.org's Apache Tutorial,
"In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things."
".htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves."
On Ed/X/Ubuntu 6.06 and Ubuntu Edgy Eft, the "main server configuration file" is /etc/apache2/apache2.conf
.
OK, I know it is not recommended -- how do I do it anyway?
To make .htaccess
files work as expected, you need to edit /etc/apache2/sites-available/default
. Look for a section that looks like this:
<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # Uncomment this directive is you want to see apache2's # default start page (in /apache2-default) when you go to / #RedirectMatch ^/$ /apache2-default/ </Directory>
You need to modify the line containing AllowOverride None
to read AllowOverride All
. This tells Apache that it's okay to allow .htaccess
files to over-ride previous directives. You must reload Apache before this change will have an effect:
sudo /etc/init.d/apache2 reload
See http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride for more info on AllowOverride
.
Password-Protect a Directory With .htaccess
Warning: On at least some versions of Ubuntu, .htaccess
files will not work by default. See EnablingUseOfApacheHtaccessFiles for help on enabling them.
Create a file called .htaccess
in the directory you want to password-protect with the follwing content:
AuthUserFile /your/path/.htpasswd AuthName "Authorization Required" AuthType Basic require valid-user
instead of valid-user
, you can also add the users you want directly
If you want to password protect just a single file in a folder add the following lines to the .htaccess
file:
<Files "mypage.html"> Require valid-user </Files>
Then create the file /your/path/.htpasswd
which contains the users that are allowed to login and their passwords. We do that with the htpasswd
command:
htpasswd -c /path/to/your/.htpasswd user1
The -c
flag is used only when you are creating a new file. After the first time, you will omit the -c
flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!!
Nevertheless, you should store the file in as secure a location as possible, with whatever minimum permissions on the file so that the web server itself can read the file.
Finally we need to add the following lines to /etc/apache2/apache2.conf
:
<Directory /your/path> AllowOverride All </Directory>
You have to adjust /your/path/.htpasswd
Restart your webserver:
sudo /etc/init.d/apache2 restart
Troubleshooting
If you can't access your stuff and the dialog keeps popping up, check that you entered the username and password correctly. If it still doesn't work, check the path to your .htpasswd
and make sure the path specified in the AuthUserFile directive
is correct. Also make sure that both the .htpasswd
and .htaccess
files are readable by the web server user
chmod 644
should do the trick!
Example
Here is an example on how to prevent users from access the directory, password-protect a specific file and allow userse to view a specific file:
AuthUserFile /your/path/.htpasswd AuthName "Authorization Required" AuthType Basic Order Allow,Deny <Files myfile1.html> Order Allow,Deny require valid-user </Files> <Files myfile2.html> Order Deny,Allow </Files>
Redirect requests using .htaccess and mod_rewrite
Make sure Apache .htaccess is enabled and the Apache module mod_rewrite
is enabled and then you can redirect requests using RewriteRules
RewriteRule ^x.x$ y.y