httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: .htaccess
Date Tue, 09 Nov 1999 15:14:58 GMT
Greg Maxwell wrote:

> I found the following on apache-week:
> "   One feature of the NCSA server is that is allows a request to be
>    allowed if it comes from within a particular domain name, or if not,
>    to ask for a valid username and password (using the satisfy
>    directive). This is a combination of restricting by username and by
>    the user's hostname. Unfortunately Apache currently cannot do this."
> Is there a plan to put this functionality in the next apache, or is there
> a module that already does this.
> This functionality would be very useful for intranet sites.

That sounds horribly insecure. I could just spoof my entry
for my IP address and I'm inside your intranet without a password with
hardly any effort at all.

Or am I missing something?

-----------------------------------------		"There's a moon
					over Bourbon Street

View raw message