我在 Apache2 (2.4.52) 中有一个虚拟主机,我想在站点配置 (/etc/apache2/sites-enabled) 中有类似这样的内容:

<Location />
    # Only allow whitelisted IPs
    Include /etc/apache2/whitelist.conf

    # Ask for password if ip is whitelisted
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Satisfy all
</Location>

其想法是首先使用 whitelist.conf 过滤 IP,然后在 /etc/apache2/.htpasswd 中要求输入密码。

whitelist.conf 如下所示:

Require ip 127.0.0.1

这错了吗?


最佳答案
1

解决这个问题的方法是使用嵌套需求:

<Location />
    <RequireAll>
        <RequireAny>
            Include /etc/apache2/whitelist.conf
        </RequireAny>
    
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
    
        Require valid-user
    </RequireAll>
</Location>