httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] Trouble Securing a directory correctly
Date Wed, 01 Feb 2017 09:10:15 GMT
Hi!

2017-01-31 16:56 GMT+01:00 Darryl Philip Baker <
darryl.baker@northwestern.edu>:

> I have a directory defined inside a virtual host I want to only be
> accessible from inside our networks. What is happening is that the rules
> don’t seem to be working as I expect browser that do not match the criteria
> are getting access. One complexity is that the parent path is secured by
> our SSO solution using AM Agent. The browser is prompting for the SSO
> credentials. Here is my directory definition:
>
>
>
>     <Directory "/nuinfo/httpd/htdocs/it-virtual-v2/admin-systems/secure">
>
>         Require all denied
>
>         <RequireAny>
>
>             Require host northwestern.edu
>
>             Require host wireless.northwestern.private
>
>             Require ip 129.105.0.0/16
>
>             Require ip 165.124.0.0/16
>
>             Require ip 165.20.108.150
>
>             Require ip 165.20.104.30
>
>             Require ip 38.124.31.0/24
>
>             Require ip 10.101.0.0/16
>
>             Require ip 10.102.0.0/15
>
>             Require ip 10.105.0.0/16
>
>         </RequireAny>
>
>     </Directory>
>

So as far as I can read in [1] you could simply list the "Require"s
specified in the RequireAny block and remove the "Require all denied" on
the top to achieve what you need to do. Also be aware that Require host
triggers DNS lookups for each request that wants to access the content of
the directory [2].

Hope that helps! Let me know if anything changes..

Luca


[1]: https://httpd.apache.org/docs/2.4/howto/auth.html#beyond
"By default all Require directives are handled as though contained within a
<RequireAny> container directive. In other words, if any of the specified
authorization methods succeed, then authorization is granted."

[2]:
http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html#requiredirectives

Mime
View raw message