httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Un <...@free.fr>
Subject Re: Authentification by password & IP
Date Mon, 15 Jul 2002 15:22:37 GMT
En réponse à Daniel Lopez <daniel@rawbyte.com>:

It is not so easy because i don't want everybody can see my server. And with 
your solution, my server is seen (but can't be used without password) by 
everybody...For security, I don't want everybody can enter a password...



> On Mon, Jul 15, 2002 at 04:59:55PM +0200, Boyle Owen wrote:
> > >From: Daniel Lopez [mailto:daniel@rawbyte.com]
> > >
> > >> > I want to authorize the access to a directory by :
> > >> >  - IP adresses (NO login/password)
> > >> >  - IP adresses AND login/password
> > >> > and this for the SAME directory.
> > >> > 
> > >> > ex.  GROUP 1 : By IP
> > >> >      GROUP 2 : By IP and password
> > >> > 
> > >> > I know :
> > >> >  - allow from aaa.bbb.ccc.ddd
> > >> >  - require user xxxx
> > >> >  - satisfy any/all
> > >> > 
> > >> > Is it possible ? How ? 
> > >
> > >
> > >I am confused, how can you distinguish GROUP 1 and GROUP 2 
> > >of users without actually asking for a password?
> > 
> > I think the original poster wants to allow direct access for one set
> of IP
> addresses (e.g. a.b.c.xxx) but login access for another, looser set
> (e.g.
> a.b.xxx.xxx). Naively, you might think you could do:    
> 
> Oh, then it is fairly easy. 
> 
> Allow from my.trusted.ip.1 my.trusted.ip.2
> require valid-user
> satisfy any
> 
> 
> > 
> > <Directory /path/to/dir>
> >   Allow from a.b.c
> > </Directory>
> > 
> > <Directory /path/to/dir>
> >   Allow from a.b
> >   Satify all	 
> >   Require valid-user
> >   AuthUserFile...
> > </Directory>
> > 
> > But this won't work - the directives will be merged since they refer
> to the same directory and the "Allow from a.b.c" will be superseded,
> i.e. everyone will have to login... Using <Location> or <Files> or
> SetEnvIf suffers the same fate...
> > 
> > Mark proposed mod_rewrite which would be quite clever... I guess
> you'd
> need a conditional rule to select each set of users and then two routes
> into
> the directory (i.e. two copies or symlinks) each protected by a
> different
> directory container.   
> 
> 
> -- 
> Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message