I have a site with links like this:
我有一个像这样的链接的网站:
http://www.example.com/index.php?id=1
http://www.example.com/index.php?id=1
http://www.example.com/index.php?id=3
http://www.example.com/index.php?id=3
etc.
等等
I would like to have htaccess password protection for a specific ID, say 200.
我想为特定ID提供htaccess密码保护,比如说200。
How can I do this?
我怎样才能做到这一点?
2 个解决方案
#1
3
This is not straight forward but here is a way it can be done in .htaccess itself:
这不是直截了当的,但这是一种可以在.htaccess本身完成的方法:
RewriteEngine On
# set URI to /index.php/200 if query string is id=200
RewriteCond %{QUERY_STRING} (?:^|&)id=(200|1)(?:&|$) [NC]
RewriteRule ^(index\.php)/?$ $1/%1 [NC]
# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "^/index\.php/(200|1)" SECURED
# enforce auth if SECURED=1
AuthType Basic
AuthName "Login Required"
AuthUserFile /full/path/to/passwords
Require valid-user
Order allow,deny
Allow from all
Deny from env=SECURED
Satisfy any
#2
3
You're not going to be able to use htaccess to do this. There's a way to require authorization based on an environment variable, but you can't match against the query string using a SetEnvIf and mod_rewrite's RewriteCond happens after the auth module so even if you match against it, the auth will already have been bypassed.
你无法使用htaccess来做到这一点。有一种方法需要基于环境变量的授权,但是你无法使用SetEnvIf匹配查询字符串,并且在auth模块之后发生了mod_rewrite的RewriteCond,所以即使你匹配它,auth也已经被绕过了。
You need to implement this specifically in your index.php. There's some build-ins in php that does some of this for you. So something like:
您需要在index.php中专门实现此功能。在PHP中有一些内置功能可以为你完成一些。所以类似于:
if($_GET['id'] == "200") {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
// check username/password here
}
}
#1
3
This is not straight forward but here is a way it can be done in .htaccess itself:
这不是直截了当的,但这是一种可以在.htaccess本身完成的方法:
RewriteEngine On
# set URI to /index.php/200 if query string is id=200
RewriteCond %{QUERY_STRING} (?:^|&)id=(200|1)(?:&|$) [NC]
RewriteRule ^(index\.php)/?$ $1/%1 [NC]
# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "^/index\.php/(200|1)" SECURED
# enforce auth if SECURED=1
AuthType Basic
AuthName "Login Required"
AuthUserFile /full/path/to/passwords
Require valid-user
Order allow,deny
Allow from all
Deny from env=SECURED
Satisfy any
#2
3
You're not going to be able to use htaccess to do this. There's a way to require authorization based on an environment variable, but you can't match against the query string using a SetEnvIf and mod_rewrite's RewriteCond happens after the auth module so even if you match against it, the auth will already have been bypassed.
你无法使用htaccess来做到这一点。有一种方法需要基于环境变量的授权,但是你无法使用SetEnvIf匹配查询字符串,并且在auth模块之后发生了mod_rewrite的RewriteCond,所以即使你匹配它,auth也已经被绕过了。
You need to implement this specifically in your index.php. There's some build-ins in php that does some of this for you. So something like:
您需要在index.php中专门实现此功能。在PHP中有一些内置功能可以为你完成一些。所以类似于:
if($_GET['id'] == "200") {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
// check username/password here
}
}