htaccess - using password OR ip whitelist

Question

So I want to restrict access to a url. Now if they are coming from a given IP address then they shouldn\'t be prompted for a password. If they are not coming from a givin IP a

Answer 1

With Apache 2.4 Satisfy is still available, but deprecated

Note

The directives provided by mod_access_compat have been deprecated by mod_authz_host. Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. This module was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the upgrading guide for more information.

---

In your case Allow from 1.2.3.4 is replaced by Require ip 1.2.3.4

Combining several Requires (like Require valid-user and Require ip) can be done by Authorization Containers. So saying the client must either provide a password or come from a specific IP address, would be done by surrounding the directives with RequireAny, e.g.

    Require valid-user
    Require ip 1.2.3.4

Although, this is a special case as described at the end of Require

When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like , they are implicitly contained within a directive. Thus the first one to authorize a user authorizes the entire request, and subsequent Require directives are ignored.

In other words, RequireAny is optional here, and you can just list

Require valid-user
Require ip 1.2.3.4