我在 apache 伺服器前面運行 HAProxy,我想為某些網域實現基本驗證。
手冊指出這應該可以解決問題:
userlist admins
user myusername insecure-password mypassword
frontend restricted_cluster
acl auth_tintoretto http_auth(admins)
http-request auth realm ShareaholicRestricted
但是,我還有一些其他 ACL,並且在一個前端下有多個網域:
frontend http-in
# Define hosts
acl stag_static hdr(host) -i staging.static.domain.com
acl prod_static hdr(host) -i prod2.static.domain.com
## figure out which one to use
use_backend apache-node1 if stag_static
use_backend nginx-cluster if prod_static
如何組合這些命令以僅限制對 stag_static 的存取?
答案1
我還沒有測試過,但嘗試將http-request auth realm blah線路放入您的後端配置中。它應該有效。
答案2
http-request auth在與您要驗證的網站相符的 ACL 上謂詞:
frontend http-in
acl stag_static hdr(host) -i staging.static.example.com
acl prod_static hdr(host) -i prod2.static.examplecom
http-request auth realm "The No Homers Club" if stag_static
use_backend apache-node1 if stag_static
use_backend nginx-cluster if prod_static