httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <dan...@rawbyte.com>
Subject Re: Authentification by password & IP
Date Mon, 15 Jul 2002 16:37:05 GMT
Ok, add

Order deny,allow
Allow from my.trusted.ip.1 my.trusted.ip.2
Deny from all
require valid-user
satisfy any

I taht what you need? Everybody would be denied unless they provide a
password. If you do not want people even the possibility of entering the
password then why do not block this at the firewall/ipfilter level?

> It is not so easy because i don't want everybody can see my server. And with 
> your solution, my server is seen (but can't be used without password) by 
> everybody...For security, I don't want everybody can enter a password...
> 
> 
> 
> > On Mon, Jul 15, 2002 at 04:59:55PM +0200, Boyle Owen wrote:
> > > >From: Daniel Lopez [mailto:daniel@rawbyte.com]
> > > >
> > > >> > I want to authorize the access to a directory by :
> > > >> >  - IP adresses (NO login/password)
> > > >> >  - IP adresses AND login/password
> > > >> > and this for the SAME directory.
> > > >> > 
> > > >> > ex.  GROUP 1 : By IP
> > > >> >      GROUP 2 : By IP and password
> > > >> > 
> > > >> > I know :
> > > >> >  - allow from aaa.bbb.ccc.ddd
> > > >> >  - require user xxxx
> > > >> >  - satisfy any/all
> > > >> > 
> > > >> > Is it possible ? How ? 
> > > >
> > > >
> > > >I am confused, how can you distinguish GROUP 1 and GROUP 2 
> > > >of users without actually asking for a password?
> > > 
> > > I think the original poster wants to allow direct access for one set
> > of IP
> > addresses (e.g. a.b.c.xxx) but login access for another, looser set
> > (e.g.
> > a.b.xxx.xxx). Naively, you might think you could do:    
> > 
> > Oh, then it is fairly easy. 
> > 
> > Allow from my.trusted.ip.1 my.trusted.ip.2
> > require valid-user
> > satisfy any
> > 
> > 
> > > 
> > > <Directory /path/to/dir>
> > >   Allow from a.b.c
> > > </Directory>
> > > 
> > > <Directory /path/to/dir>
> > >   Allow from a.b
> > >   Satify all	 
> > >   Require valid-user
> > >   AuthUserFile...
> > > </Directory>
> > > 
> > > But this won't work - the directives will be merged since they refer
> > to the same directory and the "Allow from a.b.c" will be superseded,
> > i.e. everyone will have to login... Using <Location> or <Files> or
> > SetEnvIf suffers the same fate...
> > > 
> > > Mark proposed mod_rewrite which would be quite clever... I guess
> > you'd
> > need a conditional rule to select each set of users and then two routes
> > into
> > the directory (i.e. two copies or symlinks) each protected by a
> > different
> > directory container.   
> > 
> > 
> > -- 
> > Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

-- 
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message