Apache 2.4 如何仅对特定主机要求有效用户

Question

如果主机是 dev.example.com 或 test.example.com，我想告诉 Apache 2.4.9 要求有效用户。这不起作用:

AuthType Basic
AuthName "Speak, friend, and enter."
AuthBasicProvider file
AuthUserFile /sites/example/conf/.htpasswd
AuthGroupFile /dev/null
SetEnvIfNoCase Host ^dev\.example\.com$ env_is_protected
SetEnvIfNoCase Host ^test\.example\.com$ env_is_protected
Require valid-user
Require not env env_is_protected

它会导致服务器错误；显然 not env无效 contrary to the documentation .

在以下示例中，前五行始终与第一个示例中的相同。

这不起作用:

SetEnvIfNoCase Host ^dev\.example\.com$ env_is_protected
SetEnvIfNoCase Host ^test\.example\.com$ env_is_protected
<RequireAny>
    Require valid-user
    <RequireNone>
        Require env env_is_protected
    </RequireNone>
</RequireAny>

它会导致服务器错误。 documentation explains :

Because negated authorization directives are unable to return a successful result, they can not significantly influence the result of <RequireAny> directive. (At most they could cause the directive to fail in the case where they failed and all other directives returned a neutral value.) Therefore negated authorization directives are not permitted within a <RequireAny> directive.

这不起作用:

SetEnv env_is_unprotected 1
SetEnvIfNoCase Host ^dev\.example\.com$ !env_is_unprotected
SetEnvIfNoCase Host ^test\.example\.com$ !env_is_unprotected
Require valid-user
Require env env_is_unprotected

文档 explains about SetEnv :

The internal environment variables set by this directive are set after most early request processing directives are run, such as access control and URI-to-filename mapping. If the environment variable you're setting is meant as input into this early phase of processing such as the RewriteRule directive, you should instead set the environment variable with SetEnvIf.

这有效:

SetEnvIf Host . env_is_unprotected
SetEnvIfNoCase Host ^dev\.example\.com$ !env_is_unprotected
SetEnvIfNoCase Host ^test\.example\.com$ !env_is_unprotected
Require valid-user
Require env env_is_unprotected

这看起来像一个黑客，需要几个小时才能弄清楚。我是否未能找到实现我非常简单的目的的正确方法？有没有更好的办法？

Answer 1

我就是这样做的。
(使用 Cj Case 很好的引文作为注释来解释细节。:D)

SetEnvIfNoCase HOST ^dev\.example\.com$ env_is_protected
SetEnvIfNoCase HOST ^test\.example\.com$ env_is_protected
<RequireAny>
    <RequireAll>
        # when the Require directive is negated it can only fail or return a neutral result, 
        # and therefore may never independently authorize a request
        # (reason why we need an additional "all granted" here!)
        Require all granted
        Require not env env_is_protected
    </RequireAll>
    AuthType Basic
    AuthName "Speak, friend, and enter."
    AuthUserFile /sites/example/conf/.htpasswd
    Require valid-user
</RequireAny>