问题
I have an admin controller which has some methods that I want to protect.
http://blabla.com/admin/
http://blabla.com/admin/edit_coupon/
http://blabla.com/admin/edit_photo/
I don't need a full blown authentication system for this site, so I'd prefer to just utilize htaccess and AuthType for any /admin/ URLs.
My current .htaccess is a basic CI one.
RewriteEngine on
RewriteRule ^$ /index.php [L]
RewriteCond $1 !^(index\.php|uploads|images|css|js|videos|code|robots\.txt|favic
on\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]
How do I do this?
[Added] I know how to use htaccess and htpasswd. My question is how to protect a CI controller which is not really a directory (/admin). I tried using the Location directive with no success. Here is that htaccess:
<Location /admin>
AuthUserFile /var/www/vhosts/blabla.com/httpdocs/.htpasswd
AuthType Basic
AuthName "Admin"
Require valid-user
</Location>
RewriteEngine on
RewriteRule ^$ /index.php [L]
RewriteCond $1 !^(index\.php|uploads|images|css|js|videos|code|robots\.txt|favicon\.ico)
RewriteRule ^(.*)$ /index.php/$1 [L]
That throws a 500 Server Error.
I believe the Location directive can't be in an htaccess file, so I also tried it inside this server's httpd.conf for this VirtualHost. Doesn't throw an error that way, but doesn't work either.
回答1:
I got this to work by following the advice in this post:
http://ellislab.com/forums/viewthread/141775/
回答2:
http://httpd.apache.org/docs/2.0/howto/auth.html
You will need to create the .htpasswd file with the name-passwords and set up rule in your .htaccess file that requires a valid user for the to-be-protected location.
来源:https://stackoverflow.com/questions/3366519/codeigniter-and-htaccess-protect-a-specific-controller-and-its-methods-via-aut