1. 首页
  2. 问答
  3. 麻烦与Apaches AuthFormLogoutLocation

麻烦与Apaches AuthFormLogoutLocation

2016-01-09 10 views
0

在我的VirtualHost配置,我有一个注销重定向,似乎并不工作。我总是得到连接复位在任Firefox或边缘(最新版本) 这里是我的Apache配置:麻烦与Apaches AuthFormLogoutLocation

Alias /logouttest /var/www/html/logouttest 
LogLevel trace8 
CustomLog /var/log/httpd/q-folder/access_log common 
ErrorLog /var/log/httpd/q-folder/error_log 
DocumentRoot /var/www/html/logouttest 

<Directory /var/www/html/logouttest> 
    AllowOverride all 
    Options -MultiViews 

    AuthType Basic 
    AuthName "please login" 
    AuthBasicProvider ldap 
    AuthLDAPURL ldap://xx.xxxxx.xx:389/OU=xxxxxx,OU=company,DC=xxxxx,DC=xx?sAMAccountName?sub?(objectclass=*) 
    AuthLDAPBindDN CN=LDAPQuery,OU=xxxxx,OU=xxxxxx,OU=xxxxxx,DC=xxxx,DC=xx 
    AuthLDAPBindPassword 'xxxxxxxx' 
    Require valid-user 

    RewriteEngine On 
    RewriteCond %{LA-U:REMOTE_USER} (.+) 
    RewriteRule . - [E=RU:%1,NS] 
    RequestHeader add X-Forwarded-User %{RU}e 

    Session On 
    SessionCookieName session path=/ 

</Directory> 


<Location "/logout"> 
    SetHandler form-logout-handler 
    AuthType Basic 
    AuthName "please login" 
    AuthFormLogoutLocation "/logout/logout.html" 
    Session On 
    SessionCookieName session path=/ 
</Location>

注意,LDAP登录完美的作品。现在我只想在用户注销时清除会话。

Apache的error_log中显示(只是当我点击退出按钮,其中有一个HREF到/logout/logout.html片):

[Sat Jan 09 23:23:07.229311 2016] [core:trace5] [pid 15959] protocol.c(618): [client 000.00.0.00:62284] Request received from client: GET /logout/ HTTP/1.1 
[Sat Jan 09 23:23:07.229431 2016] [http:trace4] [pid 15959] http_request.c(301): [client 000.00.0.00:62284] Headers received from client:, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229441 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Host: 000.00.0.000, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229445 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229453 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229458 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept-Language: de-CH,en-US;q=0.7,en;q=0.3, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229462 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept-Encoding: gzip, deflate, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229465 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] DNT: 1, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229468 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Referer: http://000.00.0.000/logouttest/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229472 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Authorization: Basic cGhpbGlwcGI6bGFzcG85MyRxcA==, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229475 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Connection: keep-alive, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229651 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229666 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229761 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229781 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.229995 2016] [ldap:debug] [pid 15959] util_ldap.c(372): AH01278: LDAP: Setting referrals to On. 
[Sat Jan 09 23:23:07.539806 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.539845 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.539850 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.539963 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] strip per-dir prefix: /var/www/html/logouttest/logout/ -> logout/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.539990 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] applying pattern '.' to uri 'logout/', referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540109 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540118 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540138 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540145 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540159 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540165 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540169 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540232 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb4a1770/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/var, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540313 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] lookahead: path=/var/www/html/logouttest/logout/ var=REMOTE_USER -> val=myuname, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540348 2016] [rewrite:trace4] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] RewriteCond: input='myuname' pattern='(.+)' => matched, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540356 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] setting env variable 'RU' to 'myuname', referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540363 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540441 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540450 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540469 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540476 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540489 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540495 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540499 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540548 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb493720/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.html, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540624 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540632 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540641 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540647 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540659 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540665 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540669 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/ 
[Sat Jan 09 23:23:07.540702 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb497740/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.php, referer: http://000.00.0.000/logouttest/

没有机会对我来说,到目前为止显示登出页面。 感谢您的帮助。

来源

2016-01-09 Phipsen

回答

0

这里是我的工作配置。

配置部分在httpd.conf

------8<----8<------ 
<Location /logout> 
    SetHandler form-logout-handler 
    AuthFormLogoutLocation "/login_logout/logout.html" 

    Session On 
    # Session laeuft in einer Sekunde ab 
    SessionMaxAge 1 
    SessionCookieName form_auth_session path=/ 
    SessionCryptoPassphrase "<CryptoPassPhrase>" 

</Location> 

<Location /> 
     AuthFormProvider ldap file 
     AuthLDAPURL "ldap://<LDAP-DN-URI>" 
     AuthUserFile <save_pfad>/.htpasswd 

     AuthName "authenticationform" 
     AuthType form 
     ErrorDocument 401 /login_logout/do_login.php 
     AuthFormFakeBasicAuth on 

     Session On 
     # Anmeldung 3Monate = 31+30+31= 92 Tage * 24h * 3600 Sekunden = 7948800 Sekunden gültig 
     SessionMaxAge 7948800 
     SessionCookieName form_auth_session path=/ 
     SessionCryptoPassphrase "<CryptoPassPhrase>" 
</Location> 
------8<----8<------

您应该使用模块 “session_crypto_module”。 原因:您可以在会话cookie的看到LoginCredential明文=: -/

LoadModule session_crypto_module modules/mod_session_crypto.so

somewere在Apache的配置virtualhosts .htacces或其他地方

------8<----8<------ 
<Location /secure/> 
    Require valid-user 
</Location> 
------8<----8<------

PHP脚本do_login。 PHP 可以切换到安全的URL(创建与帮助stackoverflow.com ;-))的

<?php 
// Source: [http://stackoverflow.com/questions/6768793/get-the-full-url-in-php][1] 
function url_origin($s, $use_forwarded_host = false) 
{ 
    $ssl  = (! empty($s['HTTPS']) && $s['HTTPS'] == 'on'); 
    $sp  = strtolower($s['SERVER_PROTOCOL']); 
    $protocol = substr($sp, 0, strpos($sp, '/')) . (($ssl) ? 's' : ''); 
    $port  = $s['SERVER_PORT']; 
    $port  = ((! $ssl && $port=='80') || ($ssl && $port=='443')) ? '' : ':'.$port; 
    $host  = ($use_forwarded_host && isset($s['HTTP_X_FORWARDED_HOST'])) ? $s['HTTP_X_FORWARDED_HOST'] : (isset($s['HTTP_HOST']) ? $s['HTTP_HOST'] : null); 
    $host  = isset($host) ? $host : $s['SERVER_NAME'] . $port; 
    return $protocol . '://' . $host; 
} 

function full_url($s, $use_forwarded_host = false) 
{ 
    return url_origin($s, $use_forwarded_host) . $s['REQUEST_URI']; 
} 

$absolute_url = full_url($_SERVER); 

?> 
<html> 
    <head> 
    <title>Form-Auth: <?php echo $absolute_url?></title> 
    </head> 
    <body> 
    <center> 
     <table style="margin-top:2em;" border=1 cellspacing=0> 
     <tr><th nowrap bgcolor=skyblue><?php echo $absolute_url ?></th></tr> 
<?php 
if (preg_match("/^http:/", $absolute_url)) 
{ 
    $save_absolute_url=preg_replace("/^http:/", "https:", $absolute_url); 
?> 
     <tr> 
      <th nowrap align=middle style="padding:2em; background:#ff0000;color:yellow;"> 
       KEINE sichere Verbindung !!!<br> Passwort wird in Klartext &uuml;ber das Netz &uuml;bertragen !!! <br><br> 
       Weiterleitung: [<a href="<?php echo $save_absolute_url?>"><?php echo $save_absolute_url?></a>] 
      </th> 
     </tr> 
<?php 
} // end if (! preg_match("/^https:", $absolute_url)) 
?> 
     <tr><td nowrap align=middle style="border-bottom:0;">WIN2003-Anmeldung erforderlich ...</td></tr> 
     <tr> 
      <td nowrap align=middle style="border-top:0; padding-top:1em;padding-left:2em;padding-right:2em;padding-bottom:0;"> 
      <form method="POST" action=""> 
       User: <input type="text"  name="httpd_username" value="" placeholder="Benutzername" /> 
       Password: <input type="password" name="httpd_password" value="" placeholder="Password" /> 
       <input type="submit" name="login" value="Login" /> 
      </form> 
      </td> 
     </tr> 
     </table> 
    </center> 
    </body> 
</html>

这些配置非常reliabl e和舒适。 我希望能解决你的问题。

许多Greatings :-)

来源

2017-01-13 16:18:13

相关问题

 相关问题