SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict
    Join Date
    Mar 2005
    Location
    California, US
    Posts
    259
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    allow IP and make everyon else enter username

    In the .htaccess is there a way I can force everyone to enter a username and password except those from a specific IP?

    I'm looking for a combination of the below code but allowing the "allow from" IP to not have to enter a username and password and forcing everyone else to enter the username and password.

    Code:
    order deny,allow
    deny from all
    allow from XX.XXX.X.XXX
    
    AuthName "Restricted Area" 
    AuthType Basic 
    AuthUserFile /home/mysite/.htpasswd 
    AuthGroupFile /dev/null
    require valid-user

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Gib,

    Not to my knowledge! Personally, I'd make that either-or decision using PHP upon entry to that directory (and run all scripts through that decision process).

    Remember, Apache is NOT an advanced (or even basic) computer language but it IS a file server and it does that job very well.

    I occasionally lament the inability of the ADD-ON mod_rewrite module to allow grouping of conditions and rules so I share your frustration.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Guru LinhGB's Avatar
    Join Date
    Apr 2004
    Location
    Melbourne, Australia
    Posts
    902
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes it can be done. to DK

    Gibberish, your mod_access config (the order deny,allow part) is a result of a bad tutorial floating around the Net a while ago, and everyone copied it instead of going to the Apache documentation site... Sorry, pet peeve of mine.

    On to the question:

    http://httpd.apache.org/docs/2.2/mod/core.html#satisfy

    Example:

    # mod-access section - this is how you do white-listing.
    Order allow,deny
    # the above order will deny access by default except from the allowed IPs
    Allow from {allowed ip ranges}


    # mod-auth section
    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile /home/mysite/.htpasswd
    Require valid-user

    Satisfy Any
    # the above means that if either mod-auth or mod-access is satisfied, the visitor is allowed in.
    "I disapprove of what I say,
    but I will defend to the death my right to say it."

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Thanks, Linh! I knew you'd keep me honest!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Addict
    Join Date
    Mar 2005
    Location
    California, US
    Posts
    259
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    LinhGB,

    That solution worked beautifully.

    I try to use the best syntax possible but I am no apache expert and would be lost without people like you and dklynn constantly helping me out.

    Quick question though, just for my education, what was the difference between the mod_access config that I had vs the one you supplied above? Or did you just provide the solution using my current config?

    Thanks guys!

  6. #6
    SitePoint Guru LinhGB's Avatar
    Join Date
    Apr 2004
    Location
    Melbourne, Australia
    Posts
    902
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No worries, David.

    Quick question though, just for my education, what was the difference between the mod_access config that I had vs the one you supplied above? Or did you just provide the solution using my current config?
    Mainly a matter of good practice, and also, using the correct directive makes the config shorter. You're familiar with white-listing and black-listing when doing access restriction? Taken straight from Apache doc (btw in v2.2 mod_access is now called mod_authz_host):

    http://httpd.apache.org/docs/2.2/mod...uthz_host.html

    See the table under the Order directive.

    Order allow,deny: white-listing (default denied)
    Order deny,allow: black-listing (default allowed)

    What people often screw up is to use Order deny,allow for white-listing and vice versa. When you're meant to do white-listing but use the black-listing directive, a small screw-up will lead to the protected site being exposed.

    The following two are equivalent:

    # white-listing
    Order allow,deny
    Allow from foo.example.com

    and

    # black-listing being used as white-listing
    Order deny,allow
    Deny from all
    Allow from foo.example.com
    "I disapprove of what I say,
    but I will defend to the death my right to say it."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •