httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Spidaman The Defenestrator <spida...@salon.com>
Subject Re: .htaccess
Date Tue, 09 Nov 1999 15:54:55 GMT

Did you try this?

deny from all
allow from 192.168.16.
authuserfile /foo/passwd
authname "phooph"
authtype basic
require valid-user
satisfy any

Meanwhile, back at the ranch...

> On Tue, 9 Nov 1999, Graham Leggett wrote:
> 
> > That sounds horribly insecure. I could just spoof my in-addr.arpa entry
> > for my IP address and I'm inside your intranet without a password with
> > hardly any effort at all.
> 
> No, I'd check on IP address.. That is:
> 
> allow from 192.168.16.0/24
> allow authusers
> deny all
> 
> or the like.
> If you can spoof traffic from my intranet, then I've got bigger problems.
> 
> 
> 
> 

--
Salon Internet 				http://www.salon.com/
  HTTP mechanic, Perl diver, Mebwaster, Some of the above
Ian Kallen <idk@salon.com> / AIM: iankallen / Fax: (415) 354-3326 



Mime
View raw message