在我的VirtualHost配置中,我有一个注销重定向,但似乎无法正常工作。我总是在Firefox或Edge上获得连接重置(最新版本) 这是我的apache配置:
Alias /logouttest /var/www/html/logouttest
LogLevel trace8
CustomLog /var/log/httpd/q-folder/access_log common
ErrorLog /var/log/httpd/q-folder/error_log
DocumentRoot /var/www/html/logouttest
<Directory /var/www/html/logouttest>
AllowOverride all
Options -MultiViews
AuthType Basic
AuthName "please login"
AuthBasicProvider ldap
AuthLDAPURL ldap://xx.xxxxx.xx:389/OU=xxxxxx,OU=company,DC=xxxxx,DC=xx?sAMAccountName?sub?(objectclass=*)
AuthLDAPBindDN CN=LDAPQuery,OU=xxxxx,OU=xxxxxx,OU=xxxxxx,DC=xxxx,DC=xx
AuthLDAPBindPassword 'xxxxxxxx'
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1,NS]
RequestHeader add X-Forwarded-User %{RU}e
Session On
SessionCookieName session path=/
</Directory>
<Location "/logout">
SetHandler form-logout-handler
AuthType Basic
AuthName "please login"
AuthFormLogoutLocation "/logout/logout.html"
Session On
SessionCookieName session path=/
</Location>
请注意,LDAP登录完美无缺。现在我只想在用户注销时清除会话。
Apache error_log显示(当我点击退出按钮时,它只有一个href为/logout/logout.html):
[Sat Jan 09 23:23:07.229311 2016] [core:trace5] [pid 15959] protocol.c(618): [client 000.00.0.00:62284] Request received from client: GET /logout/ HTTP/1.1
[Sat Jan 09 23:23:07.229431 2016] [http:trace4] [pid 15959] http_request.c(301): [client 000.00.0.00:62284] Headers received from client:, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229441 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Host: 000.00.0.000, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229445 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229453 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229458 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept-Language: de-CH,en-US;q=0.7,en;q=0.3, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229462 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Accept-Encoding: gzip, deflate, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229465 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] DNT: 1, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229468 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Referer: http://000.00.0.000/logouttest/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229472 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Authorization: Basic cGhpbGlwcGI6bGFzcG85MyRxcA==, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229475 2016] [http:trace4] [pid 15959] http_request.c(305): [client 000.00.0.00:62284] Connection: keep-alive, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229651 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229666 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229761 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229781 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.229995 2016] [ldap:debug] [pid 15959] util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Sat Jan 09 23:23:07.539806 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539845 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539850 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539963 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] strip per-dir prefix: /var/www/html/logouttest/logout/ -> logout/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.539990 2016] [rewrite:trace3] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] applying pattern '.' to uri 'logout/', referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540109 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540118 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540138 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540145 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540159 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540165 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540169 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540232 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb4a1770/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/var, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540313 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] lookahead: path=/var/www/html/logouttest/logout/ var=REMOTE_USER -> val=myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540348 2016] [rewrite:trace4] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] RewriteCond: input='myuname' pattern='(.+)' => matched, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540356 2016] [rewrite:trace5] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] setting env variable 'RU' to 'myuname', referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540363 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb49d770/initial] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540441 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540450 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540469 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540476 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540489 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540495 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540499 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540548 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb493720/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.html, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540624 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540632 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540641 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(501): [client 000.00.0.00:62284] AH01691: auth_ldap authenticate: using URL ldap://xxxx.us/OU=xxxx/OU=kjkjkj/, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540647 2016] [authnz_ldap:trace1] [pid 15959] mod_authnz_ldap.c(522): [client 000.00.0.00:62284] auth_ldap authenticate: final authn filter is (&(objectclass=*)(sAMAccountName=myuname)), referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540659 2016] [authnz_ldap:debug] [pid 15959] mod_authnz_ldap.c(593): [client 000.00.0.00:62284] AH01697: auth_ldap authenticate: accepting myuname, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540665 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of Require valid-user : granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540669 2016] [authz_core:debug] [pid 15959] mod_authz_core.c(809): [client 000.00.0.00:62284] AH01626: authorization result of <RequireAny>: granted, referer: http://000.00.0.000/logouttest/
[Sat Jan 09 23:23:07.540702 2016] [rewrite:trace1] [pid 15959] mod_rewrite.c(468): [client 000.00.0.00:62284] 000.00.0.00 - myuname [000.00.0.000/sid#7f00bae5d258][rid#7f00bb497740/subreq] [perdir /var/www/html/logouttest/] pass through /var/www/html/logouttest/logout/index.php, referer: http://000.00.0.000/logouttest/
到目前为止我没有机会显示退出页面。 谢谢你的帮助。
答案 0 :(得分:0)
这是我的良好工作配置。
httpd.conf中的配置部分
------8<----8<------
<Location /logout>
SetHandler form-logout-handler
AuthFormLogoutLocation "/login_logout/logout.html"
Session On
# Session laeuft in einer Sekunde ab
SessionMaxAge 1
SessionCookieName form_auth_session path=/
SessionCryptoPassphrase "<CryptoPassPhrase>"
</Location>
<Location />
AuthFormProvider ldap file
AuthLDAPURL "ldap://<LDAP-DN-URI>"
AuthUserFile <save_pfad>/.htpasswd
AuthName "authenticationform"
AuthType form
ErrorDocument 401 /login_logout/do_login.php
AuthFormFakeBasicAuth on
Session On
# Anmeldung 3Monate = 31+30+31= 92 Tage * 24h * 3600 Sekunden = 7948800 Sekunden gültig
SessionMaxAge 7948800
SessionCookieName form_auth_session path=/
SessionCryptoPassphrase "<CryptoPassPhrase>"
</Location>
------8<----8<------
您应该使用Module&#34; session_crypto_module&#34;。 原因:您可以在session-cookie中看到ClearCredential的明文=: - /
LoadModule session_crypto_module modules/mod_session_crypto.so
有些人在apache-configuration virtualhosts .htacces或其他地方
------8<----8<------
<Location /secure/>
Require valid-user
</Location>
------8<----8<------
PHP-Script do_login.php 可以切换到Secure-URL(使用stackoverflow.com帮助创建;-))
<?php
// Source: [http://stackoverflow.com/questions/6768793/get-the-full-url-in-php][1]
function url_origin( $s, $use_forwarded_host = false )
{
$ssl = ( ! empty( $s['HTTPS'] ) && $s['HTTPS'] == 'on' );
$sp = strtolower( $s['SERVER_PROTOCOL'] );
$protocol = substr( $sp, 0, strpos( $sp, '/' ) ) . ( ( $ssl ) ? 's' : '' );
$port = $s['SERVER_PORT'];
$port = ( ( ! $ssl && $port=='80' ) || ( $ssl && $port=='443' ) ) ? '' : ':'.$port;
$host = ( $use_forwarded_host && isset( $s['HTTP_X_FORWARDED_HOST'] ) ) ? $s['HTTP_X_FORWARDED_HOST'] : ( isset( $s['HTTP_HOST'] ) ? $s['HTTP_HOST'] : null );
$host = isset( $host ) ? $host : $s['SERVER_NAME'] . $port;
return $protocol . '://' . $host;
}
function full_url( $s, $use_forwarded_host = false )
{
return url_origin( $s, $use_forwarded_host ) . $s['REQUEST_URI'];
}
$absolute_url = full_url( $_SERVER );
?>
<html>
<head>
<title>Form-Auth: <?php echo $absolute_url?></title>
</head>
<body>
<center>
<table style="margin-top:2em;" border=1 cellspacing=0>
<tr><th nowrap bgcolor=skyblue><?php echo $absolute_url ?></th></tr>
<?php
if (preg_match("/^http:/", $absolute_url))
{
$save_absolute_url=preg_replace("/^http:/", "https:", $absolute_url);
?>
<tr>
<th nowrap align=middle style="padding:2em; background:#ff0000;color:yellow;">
KEINE sichere Verbindung !!!<br> Passwort wird in Klartext über das Netz übertragen !!! <br><br>
Weiterleitung: [<a href="<?php echo $save_absolute_url?>"><?php echo $save_absolute_url?></a>]
</th>
</tr>
<?php
} // end if (! preg_match("/^https:", $absolute_url))
?>
<tr><td nowrap align=middle style="border-bottom:0;">WIN2003-Anmeldung erforderlich ...</td></tr>
<tr>
<td nowrap align=middle style="border-top:0; padding-top:1em;padding-left:2em;padding-right:2em;padding-bottom:0;">
<form method="POST" action="">
User: <input type="text" name="httpd_username" value="" placeholder="Benutzername" />
Password: <input type="password" name="httpd_password" value="" placeholder="Password" />
<input type="submit" name="login" value="Login" />
</form>
</td>
</tr>
</table>
</center>
</body>
</html>
这些配置非常可靠和舒适。 我希望这能解决你的问题。
许多Greatings: - )