微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

不允许已登录的用户使用apache httpd导航到登录页面并重定向到反向代理站点

如何解决不允许已登录的用户使用apache httpd导航到登录页面并重定向到反向代理站点

使用Apache和Session&Auth模块,我们有3种类型的页面

我对第三种类型的不安全页面存有疑问:

即使用户登录...当我导航到/login.html页面时,Apache也不会重定向我。

我有这个位置:

  <Location /login.html>
      Require all granted
  </Location>

我尝试添加require valid-user的反义词require not valid-user

  <Location /login.html>
      Require all granted
      require not valid-user
  </Location>

不幸的是它抛出错误

   negative Require directive has no effect in <RequireAny> directive 

我尝试了很多组合,例如在/login.html位置添加AuthformLoginSuccessLocation。 但是没办法。

这是我的完整虚拟主机配置:

Listen 80
<VirtualHost *:80>

  AddRadiusAuth radius-server:1812 bigsecret 60:2
  AddRadiusCookieValid 60

  ProxyPass /login.html !
  ProxyPassReverse /login.html !
  ProxyPass /authcheck !
  ProxyPassReverse /authcheck !
  ProxyPass / http://sample-secure-app/
  ProxyPassReverse / http://sample-secure-app/
  ProxyPreserveHost On
  ProxyRequests On
  <Location />
      AuthType Form
      AuthName "Radius Authentication"
      AuthFormProvider radius
      # AuthformLoginrequiredLocation "/login.html"
      AuthformLoginrequiredLocation /login.html?req=%{REQUEST_URI}
      AuthformLoginSuccessLocation "/"
      AuthBasicAuthoritative Off
      AuthRadiusAuthoritative on
      AuthRadiusCookieValid 3
      AuthRadiusActive On
      require valid-user

      Session On
      SessionMaxAge 120
      # SessionCookieMaxAge Off
      SessionCookieName session path=/
      SessionCryptoPassphrase any-secret-passphrase
  </Location>
  <Location /authcheck>
      SetEnvIf Referer ^.*req=(.*)&?$ req=$1
      SetHandler form-login-handler
      AuthType Form
      AuthName "Radius Authentication"
      AuthFormProvider radius
      AuthformLoginrequiredLocation "/login.html"
      AuthformLoginSuccessLocation  %{ENV:req}
      AuthBasicAuthoritative Off
      AuthRadiusAuthoritative on
      AuthRadiusCookieValid 3
      AuthRadiusActive On
      require valid-user

      Session On
      SessionMaxAge 120
      SessionCookieName session path=/
      SessionCryptoPassphrase any-secret-passphrase
  </Location>
  <Location /login.html>
      Require all granted
      require not valid-user
  </Location>

</VirtualHost>

任何想法如何强制已登录用户不进入包含登录表单的登录页面

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。