httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Mentovai <mark-l...@mentovai.com>
Subject RE: Authentification by password & IP
Date Tue, 16 Jul 2002 13:37:55 GMT
Rich Bowen wrote:
> OK, here's what I came up with. I suppose it might be wrong, but it's an
> interesting challenge. Tell me where I screwed up.
[...]
> <Directory /something>
>     Order Deny,Allow
>     Deny From env=NotAllowed
>     Allow From env=Group1
>     Require User Foo
>     Satisfy Any
> </Directory>
[...]
> We then do a deny,allow, denying everyone in the NotAllowed group, and
> then allowing either those folks in group1, or those folks with a
> password.

That doesn't meet the requirements.  The goal is to allow access without a 
password to some clients, access with a password to other clients, and no 
access to everyone else.  Because of the "Satisfy Any", your solution allows 
access without a password to some clients, and access with a password to 
everyone else.  "Satisfy Any" means to use mod_access -or- authentication.

This is no different than using the equivalent, non-mod_setenvif typical 
solution:

<Directory /something>
  Order Allow,Deny
  Allow from 192.0.2.1
  Require user Foo
  Satisfy Any
</Directory>  

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message