dongtongjian3127 2014-07-02 19:56
浏览 19

如果查询字符串存在WORDPRESS,则htaccess允许访问(禁用授权)

I am trying to allow user to wordpress wp-admin index page if query string contains parameter. I am setting env variable to allow them access. This is how my htaccess file looks like

RewriteEngine on
RewriteCond %{QUERY_STRING} !^author=1
RewriteRule ^ - [E=NO_AUTH:1]

AuthName "Staff Authorization Required"
AuthType Basic
AuthUserFile /usr/bin/.htpasswd

<Files "index.php">
Order Deny,Allow
Deny from all
Require user newagenumber

Allow from env=NO_AUTH

</Files>

Options -Indexes

As of yet, authorization dialog box appears for everyone. Please help :|

  • 写回答

1条回答 默认 最新

  • douzhengyi5022 2014-07-02 20:18
    关注

    This is not working because Apache executed mod_auth module before mod_rewrite hence NO_AUTH is not set when basic authentication directives run.

    Unfortunately this behavior is not that simple to change.

    Here is a workaround solution that combines mod_rewrite, mod_setenvif and mod_auth:

    RewriteEngine On
RewriteBase /wp-admin/

RewriteCond %{QUERY_STRING} (?:^|&)(author=1)(?:&|$) [NC]
RewriteRule ^(index\.php)?$ index.php/%1 [NC]

# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "/index\.php/(author=1)" NO_AUTH

AuthType Basic
AuthName "Login Required"
AuthUserFile /full/path/to/passwords
Require user newagenumber

Order Deny,Allow
Deny from all
Allow from env=NO_AUTH
Satisfy any
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度