How to accomplish “AuthType None” in Apache 2.2

2019-01-21 08:14发布

问题:

http://httpd.apache.org/docs/trunk/mod/mod_authn_core.html#authtype talks about "AuthType None", and has an awesome example of exactly what I need to do - unfortunately, it appears to be new to 2.3/2.4. Is there any equivalent feature in 2.2?

The authentication type None disables authentication. When authentication is enabled, it is normally inherited by each subsequent configuration section, unless a different authentication type is specified. If no authentication is desired for a subsection of an authenticated section, the authentication type None may be used; in the following example, clients may access the /www/docs/public directory without authenticating:

<Directory /www/docs> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>

<Directory /www/docs/public>
AuthType None
Require all granted
</Directory>

回答1:

Something like below works for me with apache 2.2. I took it from http://httpd.apache.org/docs/2.2/mod/core.html#require

<Directory /www/docs>
    AuthType Basic
    AuthName Documents
    AuthBasicProvider file
    AuthUserFile /usr/local/apache/passwd/passwords
    Require valid-user 
</Directory>
<Directory /www/docs/public>
    # All access controls and authentication are disabled
    # in this directory
    Satisfy Any
    Allow from all
</Directory>


回答2:

You just need to set Allow from all and Satisfy Any

This worked for me:

Alias /example "/opt/example.com"

<Directory "/opt/example.com">
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
  Satisfy Any
</Directory>


回答3:

<Directory /www/docs/public>
AuthType None
Require all granted
Satisfy Any
</Directory>

This will work



回答4:

Just wanted to add this bit of info:

On Apache 2.2.22 you need to have the order correct for it to work:

This did not work for me for location "/foo/sub":

Satisfy Any
Allow from all

I.e the authentication from the location "/foo" defined prior to "/foo/sub" still was applied.

This does work for location "/foo/sub":

Allow from all
Satisfy Any

I.e. the authentication from the location "/foo" defined prior to "/foo/sub" was annulled.



回答5:

I think you are right: it is not supported in apache 2.2.

I would try the ugly workaround at https://issues.apache.org/bugzilla/show_bug.cgi?id=10932

Something like:

<DirectoryMatch "^/www/docs/(?!public)"> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>

or

<DirectoryMatch "^/www/docs/[^p][^u][^b][^l][^i][^c]"> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>


回答6:

This worked for me on apache2.2:

    <Location /trac>
       #....
       AuthType Basic
       AuthName "BLA domain"
       AuthUserFile /etc/.passwd
       Require valid-user
       Allow from all
       Satisfy Any
    </Location>