Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 12788 invoked from network); 19 Jul 2006 14:15:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 19 Jul 2006 14:15:49 -0000 Received: (qmail 25217 invoked by uid 500); 19 Jul 2006 14:15:38 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 25202 invoked by uid 500); 19 Jul 2006 14:15:38 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 25171 invoked by uid 99); 19 Jul 2006 14:15:38 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jul 2006 07:15:37 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [193.195.114.218] (HELO mail06.mailsource.co.uk) (193.195.114.218) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jul 2006 07:15:36 -0700 Received: from mail03.mailsource.co.uk (Not Verified[10.0.0.3]) by mail06.mailsource.co.uk with NetIQ MailMarshal 6.0 Service Pack 1a (v6,0,3,33) id ; Wed, 19 Jul 2006 15:15:14 +0100 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6AB3E.39DD064A" X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Date: Wed, 19 Jul 2006 15:18:37 +0100 Message-ID: <11BBAD2D3ADA85418C9E424CE164B29F029EDE5D@mail03.mailsource.co.uk> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] mod_auth_mysql Thread-Index: AcarMduUGCUyQHzjT9C+6SYmh3RIrgAC5SZA From: "Michael Luff" To: X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] mod_auth_mysql X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C6AB3E.39DD064A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Elaine, =20 Many thanks for the help, I've now got: =20 =20 AuthName "MailSource UK Intranet Zone, authentication required"= =20 AuthType Basic =20 =20 AuthMySQLHost localhost =20 AuthMySQLEnable on =20 AuthMySQLUser xxxxxxx =20 AuthMySQLPassword xxxxxxx =20 AuthMySQLDB auth =20 AuthMySQLUserTable users =20 AuthMySQLNameField user_name =20 AuthMySQLPasswordField user_passwd =20 AuthMySQLGroupTable groups =20 AuthMySQLGroupField user_group # This next line controls which group(s) can access the resource =20 AllowOverride none =20 Require group user admin =20 Order allow,deny =20 Allow from 10.0.0.72 =20 Satisfy Any =20 But now anyone can access it, not just the IUP address I've specified! I can't seem to get around this all or nothing problem. =20 Can you see anything I've done wrong? =20 Regards, Michael. =20 From: elaine [mailto:elaine@ccuec.unicamp.br]=20 Sent: 19 July 2006 13:49 To: users@httpd.apache.org Subject: Re: [users@httpd] mod_auth_mysql =20 Michael, Try to use the "allow" and "satisfy" directives.=20 This is an example, that we use to protect our intranet access : (Note that the IP's and server name were modified, and we use the deny directive=20 to refuse connections from reception kiosk.) =20 =20 =20 =20 # Allow access only to authenticated users from MySQL =20 # or users that are in the intranet =20 =20 # (except IP xx.xx.xx.xx : reception kiosk) =20 require valid-user =20 Order allow,deny =20 Deny from xxx.xxx.xx.x =20 # Allow access from our internal network without=20 =20 # username and password =20 Allow from example.com =20 Satisfy any =20 You can read more details about Satisfy directive : http://httpd.apache.org/docs/2.2/mod/core.html#satisfy Regards, Elaine Michael Luff wrote: Hi All, =20 I've got mod_auth_mysql working nicely but I would like= the users on my internal network not to have to enter a username and password, just people accessing from outside. =20 I've tried various solutions using Order deny,allow; allow from and so forth but with no luck, I end up with everyone being prompted or no-one. =20 Here's my unmodified command from my httpd.conf that requires everyone to supply a password, can anyone suggest how I can modify it to allow access from 10.0.0? =20 =20 AuthName "authentication required" =20 AuthType Basic =20 =20 AuthMySQLHost localhost =20 AuthMySQLEnable on =20 AuthMySQLUser xxxxxx =20 AuthMySQLPassword xxxxxxx =20 AuthMySQLDB auth =20 AuthMySQLUserTable users =20 AuthMySQLNameField user_name =20 AuthMySQLPasswordField user_passwd =20 AuthMySQLGroupTable groups =20 AuthMySQLGroupField user_group # This next line controls which group(s) can access the resource =20 require group user admin =20 Regards, =20 Michael Luff MSc B.Eng (Hons) MIET Facilities & Systems Manager=20 =20 T: +44 (0)20 8614 7604=20 F: +44 (0)20 8614 7601=20 M: +44 (0)7976 404956=20 E: Michael.luff@mailsource.co.uk=20 =20 MailSource UK Limited =20 =20 - Europe's leading specialist in integrated document delivery solutions - Holders of the RoSPA Health & Safety Gold Medal 2006/2007 =20 Northumberland House =20 15 Petersham Road =20 Richmond-upon-Thames =20 Surrey TW10 6TP =20 =20 =20 =20 www.mailsource.co.uk =20 =20 MailSource UK Limited =20 - Europe's leading specialist in integrated document delivery solutions - Holders of the RoSPA Health & Safety Gold Medal 2006/2007 =20 Northumberland House =20 15 Petersham Road =20 Richmond-upon-Thames =20 Surrey TW10 6TP =20 =20 =20 =20 www.mailsource.co.uk ------_=_NextPart_001_01C6AB3E.39DD064A Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Elaine,<= /span>

   &nbs= p;            Many= thanks for the help, I’ve now got:

 

<Directory /var/www/localhost/htdocs>

   &nbs= p;    AuthName "MailSource UK Intranet Zone, authentication required"=

   &nbs= p;    AuthType Basic

 

   &nbs= p;    AuthMySQLHost          = localhost

   &nbs= p;    AuthMySQLEnable         on

   &nbs= p;    AuthMySQLUser         =   xxxxxxx

   &nbs= p;    AuthMySQLPassword       xxxxxxx<= /span>

   &nbs= p;    AuthMySQLDB          &n= bsp;  auth

   &nbs= p;    AuthMySQLUserTable      users<= /p>

   &nbs= p;    AuthMySQLNameField      user_name

   &nbs= p;    AuthMySQLPasswordField  user_passwd

   &nbs= p;    AuthMySQLGroupTable     groups

   &nbs= p;    AuthMySQLGroupField     user_group<= /p>

# This next line contr= ols which group(s) can access the resource

   &nbs= p;    AllowOverride none

   &nbs= p;    Require group user admin

   &nbs= p;    Order allow,deny

   &nbs= p;    Allow from 10.0.0.72

   &nbs= p;    Satisfy Any

</Directory>

 

But now anyone can acc= ess it, not just the IUP address I’ve specified!  I can’t seem t= o get around this all or nothing problem.

 

Can you see anything I= ’ve done wrong?

 

Regards,

Michael.

 

From: elaine [mailto:elaine@ccuec.unicamp.br]
Sent: 19 July 2006 13:49
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_auth_mysql

 

Michael,

Try to use the "allow" and "satisfy" directives.
= This is an example, that we use to protect our intranet access :
(Note that the IP's and server name were modified, and we use the deny directive
to refuse connections from reception kiosk.)

  <Limit GET PUT POST>
          
           # Allow acce= ss only to authenticated users from MySQL
           # or users t= hat are in the intranet 
           # (except IP= xx.xx.xx.xx : reception kiosk)

           require vali= d-user
           Order allow,= deny
           Deny from xxx.xxx.xx.x

           # Allow acce= ss from our internal network  without
           # username a= nd password

           Allow from example.com

           Satisfy any<= br>         </Limit>


You can read more details about Satisfy directive :

http:/= /httpd.apache.org/docs/2.2/mod/core.html#satisfy

Regards,
Elaine

Michael Luff wrote:

Hi All,

        &nbs= p;       I’ve got mod_auth_mysql working nicely but I would like the users o= n my internal network not to have to enter a username and password, just peopl= e accessing from outside.

 

I’ve tried various solutions using Order deny,= allow; allow from and so forth but with no luck, I end up with everyone being pr= ompted or no-one.

 

Here’s my unmodified <Directory> command= =20from my httpd.conf that requires everyone to supply a password, can anyone sugges= t how I can modify it to allow access from 10.0.0?

 

<Directory /var/www/localhost/htdocs>

        AuthName "authentication required"

        AuthType = Basic

 

        AuthMySQLHost          = localhost

        AuthMySQLEnable         on<= o:p>

        AuthMySQL= User           xxxxxx

        AuthMySQLPassword       xxxxxxx<= /p>

        AuthMySQLDB          &n= bsp;  auth

        AuthMySQLUserTable      users

        AuthMySQLNameField      user_name

=

        AuthMySQLPasswordField  user_passwd

        AuthMySQL= GroupTable     groups

        AuthMySQLGroupField     user_group

# This next line controls which group(s) can access = the resource

        require g= roup user admin

</Directory>

 

Regards,

 

Michael Luff MSc B.Eng (Hons) MIET
Facilities & Systems Manager

 

T:      +44 (0= )20 8614 7604
F:      +44 (0)20 8614 7601
M:     +44 (0)7976 404956
E:      Michael.luff@mailsource.co.uk

 

MailSource UK Limited    

 

- Europe's leading specialist in integrated document delivery solutions

- Holders of the RoSPA Health & Safety Gold Medal 2006/2007=

 

Northumberland House           =

15 Petersham Road           &nb= sp;   

Richmond-upon-Thames      &nbs= p; 

Surrey    TW10 6TP           &nbs= p;   

          =             &= nbsp;           &n= bsp;           

 

ww= w.mailsource.co.uk

 

MailSourc= e UK=20 Limited    

 

- Europe'= s leading=20 specialist in integrated document delivery solutions

- Holders= =20of the=20 RoSPA Health & Safety Gold Medal 2006/2007

 

Northumbe= rland=20 House           =

15 Peters= ham=20 Road           &nb= sp;   =20

Richmond-= upon-Thames        =20

Surrey&nb= sp;  =20 TW10=20 6TP           &nbs= p;   =20

 &nb= sp;           &nbs= p;            = ;            =         =20

 

www.mailsource.co.uk

 

------_=_NextPart_001_01C6AB3E.39DD064A--