質問
I'm trying to lock down a tree of directories (but allow through image files) using the following .htaccess rule
https://stackoverflow.com/questions/21384565
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAuthType Basic
AuthName "Test Sites. *Please Contact xxxxxxx for access.*"
AuthUserFile /home/www/testsites/.htpasswd
Require valid-user
<FilesMatch "\.(gif|jpe?g|png)$">
Satisfy Any
Allow from all
</FilesMatch>
However, when I try it, I'm still being asked to authenticate against images if the image is not directly within the httpdocs directory.
In other words
http://www.testsites.com/test.jpg would be allowed through, but http://www.testsites.com/sitename/images/test.jpg is asking for authentication.
Any idea why this might be happening?
解決
Try this alternative approach based on mod_setenvif:
SetEnvIfNoCase Request_URI "\.(gif|jpe?g|png)$" ALLOWED
AuthType Basic
AuthName "Test Sites. *Please Contact xxxxxxx for access.*"
AuthUserFile /home/www/testsites/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=ALLOWED
他のヒント
Not exactly sure why this is happening, as the <Files> and <FilesMatch> is supposed to get applied to all the subdirectories. You could try using SetEnvIf instead to match against the entire URI instead of relying on the apache core to first map the URL to a file:
SetEnvIf Request_URI \.(gif|jpe?g|png)$ no_auth=true
AuthType Basic
AuthName "Test Sites. *Please Contact xxxxxxx for access.*"
AuthUserFile /home/www/testsites/.htpasswd
Require valid-user
Satisfy Any
Deny from All
Allow from env=no_auth
