【问题标题】:troubles with Apaches AuthFormLogoutLocationApaches AuthFormLogoutLocation 的问题
【发布时间】:2016-01-09 22:54:22
【问题描述】:

在我的 VirtualHost 配置中,我的注销重定向似乎不起作用。我总是在 Firefox 或 Edge(最新版本)上获得 连接重置 这是我的 apache 配置:

Alias /logouttest /var/www/html/logouttest
LogLevel trace8
CustomLog /var/log/httpd/q-folder/access_log common
ErrorLog  /var/log/httpd/q-folder/error_log
DocumentRoot /var/www/html/logouttest

<Directory /var/www/html/logouttest>
  AllowOverride all
  Options -MultiViews

  AuthType Basic
  AuthName "please login"
  AuthBasicProvider ldap
  AuthLDAPURL ldap://xx.xxxxx.xx:389/OU=xxxxxx,OU=company,DC=xxxxx,DC=xx?sAMAccountName?sub?(objectclass=*)
  AuthLDAPBindDN  CN=LDAPQuery,OU=xxxxx,OU=xxxxxx,OU=xxxxxx,DC=xxxx,DC=xx
  AuthLDAPBindPassword 'xxxxxxxx'
  Require valid-user

  RewriteEngine On
  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1,NS]
  RequestHeader add X-Forwarded-User %{RU}e

  Session On
  SessionCookieName session path=/

</Directory>


<Location "/logout">
  SetHandler form-logout-handler
  AuthType Basic
  AuthName "please login"
  AuthFormLogoutLocation "/logout/logout.html"
  Session On
  SessionCookieName session path=/
</Location>

请注意,LDAP 登录可以完美运行。现在我只想在用户注销时清除会话。

Apache error_log 显示(只是我单击注销按钮时显示的部分,它有一个指向 /logout/logout.html 的 href):

[Sat Jan 09 23:23:07.229311 2016] [core:trace5] [pid 15959] protocol.c(618): [client 000.00.0.00:62284] Request received from client: GET /logout/ HTTP/1.1
[Sat Jan 09 23:23:07.229431 2016] [http:trace4] [pid 15959] http_request.c(301): [client 000.00.0.00:62284] Headers received from client:, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229441 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Host: 000.00.0.000, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229445 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229453 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229458 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Accept-Language: de-CH,en-US;q=0.7,en;q=0.3, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229462 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Accept-Encoding: gzip, deflate, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229465 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   DNT: 1, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229468 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Referer: http://000.00.0.000/logouttest/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229472 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Authorization: Basic cGhpbGlwcGI6bGFzcG85MyRxcA==, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229475 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284]   Connection: keep-alive, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229651 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229666 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229761 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229781 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229995 2016] [ldap:debug] [pid 15959] util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Sat Jan 09 23:23:07.539806 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539845 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539850 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539963 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] strip per-dir prefix: /var/www/html/logouttest/logout/ -> logout/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539990 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] applying pattern '.' to uri 'logout/', referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540109 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540118 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540138 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540145 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540159 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540165 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540169 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540232 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb4a1770/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/var, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540313 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] lookahead: path=/var/www/html/logouttest/logout/ var=REMOTE_USER -> val=myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540348 2016] [rewrite:trace4] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] RewriteCond: input='myuname' pattern='(.+)' => matched, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540356 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] setting env variable 'RU' to 'myuname', referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540363 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540441 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540450 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540469 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540476 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540489 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540495 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540499 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540548 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb493720/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.html, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540624 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540632 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540641 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540647 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540659 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540665 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540669 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540702 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb497740/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.php, referer: http://000.00.0.000/logouttest/

到目前为止,我没有机会显示注销页面。 感谢您的帮助。

【问题讨论】:

    标签: apache session logout apache2.4


    【解决方案1】:

    这是我的工作配置。

    httpd.conf 中的配置部分

    ------8<----8<------
    <Location /logout>
      SetHandler form-logout-handler
      AuthFormLogoutLocation "/login_logout/logout.html"
    
      Session On
      # Session laeuft in einer Sekunde ab
      SessionMaxAge 1
      SessionCookieName form_auth_session path=/
      SessionCryptoPassphrase "<CryptoPassPhrase>"
    
    </Location>
    
    <Location />
            AuthFormProvider ldap file
            AuthLDAPURL "ldap://<LDAP-DN-URI>"
            AuthUserFile <save_pfad>/.htpasswd
    
            AuthName "authenticationform"
            AuthType form
            ErrorDocument 401 /login_logout/do_login.php
            AuthFormFakeBasicAuth on
    
            Session On
            # Anmeldung 3Monate = 31+30+31= 92 Tage * 24h * 3600 Sekunden = 7948800 Sekunden gültig
            SessionMaxAge 7948800
            SessionCookieName form_auth_session path=/
            SessionCryptoPassphrase "<CryptoPassPhrase>"
    </Location>
    ------8<----8<------
    

    您应该使用模块“session_crypto_module”。 原因:您可以在 session-cookie 中以明文形式看到 LoginCredential =:-/

    LoadModule session_crypto_module modules/mod_session_crypto.so
    

    有些在 apache-configuration virtualhosts .htacces 或其他地方

    ------8<----8<------
    <Location /secure/>
      Require valid-user
    </Location>
    ------8<----8<------
    

    PHP 脚本 do_login.php 可以切换到安全 URL(在 stackoverflow.com 的帮助下创建 ;-))

    <?php
    // Source: [http://stackoverflow.com/questions/6768793/get-the-full-url-in-php][1]
    function url_origin( $s, $use_forwarded_host = false )
    {
        $ssl      = ( ! empty( $s['HTTPS'] ) && $s['HTTPS'] == 'on' );
        $sp       = strtolower( $s['SERVER_PROTOCOL'] );
        $protocol = substr( $sp, 0, strpos( $sp, '/' ) ) . ( ( $ssl ) ? 's' : '' );
        $port     = $s['SERVER_PORT'];
        $port     = ( ( ! $ssl && $port=='80' ) || ( $ssl && $port=='443' ) ) ? '' : ':'.$port;
        $host     = ( $use_forwarded_host && isset( $s['HTTP_X_FORWARDED_HOST'] ) ) ? $s['HTTP_X_FORWARDED_HOST'] : ( isset( $s['HTTP_HOST'] ) ? $s['HTTP_HOST'] : null );
        $host     = isset( $host ) ? $host : $s['SERVER_NAME'] . $port;
        return $protocol . '://' . $host;
    }
    
    function full_url( $s, $use_forwarded_host = false )
    {
        return url_origin( $s, $use_forwarded_host ) . $s['REQUEST_URI'];
    }
    
    $absolute_url = full_url( $_SERVER );
    
    ?>
    <html>
      <head>
        <title>Form-Auth: <?php echo $absolute_url?></title>
      </head>
      <body>
        <center>
          <table style="margin-top:2em;" border=1 cellspacing=0>
            <tr><th nowrap bgcolor=skyblue><?php echo $absolute_url ?></th></tr>
    <?php
    if (preg_match("/^http:/", $absolute_url))
    {
      $save_absolute_url=preg_replace("/^http:/", "https:", $absolute_url);
    ?>
            <tr>
              <th nowrap align=middle style="padding:2em; background:#ff0000;color:yellow;">
                  KEINE sichere Verbindung !!!<br> Passwort wird in Klartext &uuml;ber das Netz &uuml;bertragen !!! <br><br>
                  Weiterleitung: [<a href="<?php echo $save_absolute_url?>"><?php echo $save_absolute_url?></a>]
              </th>
            </tr>
    <?php
    }  // end if (! preg_match("/^https:", $absolute_url))
    ?>
            <tr><td nowrap align=middle style="border-bottom:0;">WIN2003-Anmeldung erforderlich ...</td></tr>
            <tr>
              <td nowrap align=middle style="border-top:0; padding-top:1em;padding-left:2em;padding-right:2em;padding-bottom:0;">
                <form method="POST" action="">
                  User: <input type="text"     name="httpd_username" value="" placeholder="Benutzername" />
                  Password: <input type="password" name="httpd_password" value="" placeholder="Password" />
                  <input type="submit" name="login" value="Login" />
                </form>
              </td>
            </tr>
          </table>
        </center>
      </body>
    </html>
    

    这些配置非常可靠和舒适。 我希望这能解决您的问题。

    许多伟大的:-)

    【讨论】:

      猜你喜欢
      • 2012-06-07
      • 1970-01-01
      • 2016-11-01
      • 1970-01-01
      • 1970-01-01
      • 2020-02-29
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多