1. 技术文章
  2. Apache basic authentication except for those Allowed

Apache basic authentication except for those Allowed

醉酒当歌 提交于 2019-12-04 07:58:21

问题


Problem: I have some files under /var/www/files/ that I want them to be accessed from specific IP addresses WITHOUT requiring user/password. However, I would like that any other IP address SHOULD require login to gain access.

This is in my httpd.conf:

<Directory /var/www/files/>
        Order deny,allow
        Deny from all
        Allow from 192.168 
        AuthUserFile /etc/apache2/basic.pwd 
        AuthName "Please enter username and password" 
        AuthType Basic 
        Require user valid-user 
</Directory>

But, if I understood correctly, this means that any client coming from 192.168.* will have access to that directory BUT will require a valid-user to view its content. And any other IP address will be denied. right?

Thank you in advance.


回答1:


edit: this may be accepted answer, but old. For new Apache installs, use Brians answer here

Add this: Satisfy Any (which means either of those 2 should be passed).

And the syntax is either:

Require valid-user

Or:

Require user <userid>



回答2:


This is how it's done for Apache 2.4+ (since Satisfy Any is no longer supported).

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <RequireAny>
      Require ip 22.33.44.55
      Require valid-user
    </RequireAny>

</Directory>

If you want to require both IP address -and- Login/Password, change <RequireAny> to <RequireAll>

I hope this helps someone - as it took me a while to figure it out.




回答3:


If your server is behind a proxy, you can't rely on the Require ip directly. However, you can use the Require env:

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    SetEnvIF X-Forwarded-For "22.33.44.55" AllowIP

    <RequireAny>
      Require env AllowIP
      Require valid-user
    </RequireAny>

</Directory>

The source of the idea




回答4:


SetEnvIF X-Forwarded-For "192.168.135.159" AllowIP
SetEnvIF X-Forwarded-For "192.168.135.135" AllowIP

AuthType Basic
AuthName "admin"
AuthUserFile "/var/www/domain.com/cms/.htpasswd"

<RequireAll>
Require env AllowIP
require valid-user
</RequireAll>

İ also checked many variants. this code üorks with 2.4 version of apache 100%



来源:https://stackoverflow.com/questions/4102763/apache-basic-authentication-except-for-those-allowed

标签
apache
authentication
basic-authentication
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!