Question

У меня есть сервер Debian Stretch под управлением Apache 2.4.Я хочу использовать базовую аутентификацию, чтобы разрешить доступ к обслуживаемому каталогу только нескольким пользователям.

Моя конфигурация:

<Directory "/var/www/html">
    AuthType Basic
    AuthName "VPN Gateway Lpgin"
    AuthBasicProvider file
    AuthUserFile /var/www/.htpasswd
    Options Indexes FollowSymLinks
    AllowOverride None
    <RequireAll>
        Require ip 192.168.2.0/24
        Require valid-user
    </RequireAll>
</Directory>

Это работает, но все запросы теперь выполняются более минуты,Если я закомментирую строку аутентификации Require valid-user, запросы вообще не будут медленными.

[Tue Dec 25 11:29:08.272751 2018] [ssl:info] [pid 17970] [client 192.168.2.16:55447] AH01964: Connection to child 4 established (server localhost:443)
[Tue Dec 25 11:29:08.274989 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(532): AH00835: socache_shmcb_retrieve (0xf3 -> subcache 19)
[Tue Dec 25 11:29:08.275157 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(884): AH00849: match at idx=0, data=0
[Tue Dec 25 11:29:08.275267 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(907): AH00850: shmcb_subcache_retrieve discarding expired entry
[Tue Dec 25 11:29:08.275292 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(542): AH00836: leaving socache_shmcb_retrieve successfully
[Tue Dec 25 11:29:08.275632 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2115): [client 192.168.2.16:55447] AH02043: SSL virtual host for servername localhost found
[Tue Dec 25 11:29:08.275965 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2115): [client 192.168.2.16:55447] AH02043: SSL virtual host for servername localhost found
[Tue Dec 25 11:29:08.276057 2018] [core:debug] [pid 17970] protocol.c(2219): [client 192.168.2.16:55447] AH03155: select protocol from , choices=h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1 for server localhost
[Tue Dec 25 11:29:08.475832 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x0a -> subcache 10)
[Tue Dec 25 11:29:08.475990 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Tue Dec 25 11:29:08.476020 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/198
[Tue Dec 25 11:29:08.476044 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Tue Dec 25 11:29:08.476100 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2042): [client 192.168.2.16:55447] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Tue Dec 25 11:29:08.477457 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(366): [client 192.168.2.16:55447] AH02034: Initial (No.1) HTTPS request received for child 4 (server localhost:443)
[Tue Dec 25 11:29:08.478096 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:08.478225 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:08.478257 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:08.478281 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:29:26.504306 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:26.504552 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:29:26.504589 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:29:26.504620 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:29:26.505318 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:26.505459 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:26.505490 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:26.506120 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:29:44.539755 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:44.539958 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:29:44.539994 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:29:44.540022 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:29:44.541340 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:44.541494 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:44.541583 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:44.541615 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:30:02.576180 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:30:02.576362 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:30:02.576396 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:30:02.576426 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:30:05.134078 2018] [deflate:debug] [pid 17970] mod_deflate.c(853): [client 192.168.2.16:55447] AH01384: Zlib: Compressed 13343 to 2899 : URL /index.php
[Tue Dec 25 11:30:10.141799 2018] [ssl:debug] [pid 17970] ssl_engine_io.c(1044): [client 192.168.2.16:55447] AH02001: Connection closed to child 4 with standard shutdown (server localhost:443)

Кажется, что застревает при аутентификации, но я не знаю почему.Протестированы разные браузеры, и все они отображают медленную загрузку, если включена базовая аутентификация.Как это отладить?

РЕДАКТИРОВАТЬ: я также заметил, что использование процессора Apache проходит 100%, когда аутентификации.

waza123 · Answer 1 · 31 марта 2019

Apache2 медленный базовый auth / slow .htpasswd

это потому, что вы используете медленный алгоритм для пароля, просто используйте md5 простой алгоритм

htpasswd -c -m file login

Jeremiah Stillings · Answer 2 · 25 декабря 2018

Попробуйте переместить пользователя Require Valid за пределы поля Require all

Example

<Location "/secure">
    AuthType basic
    AuthName "private area"
    AuthBasicProvider  dbm
    AuthDBMType        SDBM
    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
    Order Allow,Deny
    Deny from all
    Satisfy Any
</Location>

Источник использованный справочный материал

Апач 2.4 Базовая Аутентификация медленная

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 2 ]

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Апач 2.4 Базовая Аутентификация медленная

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 2 ]

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Нет похожих вопросов