发表新帖
发表新帖

Apache basic authentication except for those Allowed

前端 未结
关注
5 782
一个人的身影
一个人的身影 2020-12-13 19:59

Problem: I have some files under /var/www/files/ that I want them to be accessed from specific IP addresses WITHOUT requiring user/password. However, I would like that any o

相关标签:
5条回答
  • 心在旅途
    2020-12-13 20:28

    If your server is behind a proxy, you can't rely on the Require ip directly. However, you can use the Require env:

    <Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    SetEnvIF X-Forwarded-For "22.33.44.55" AllowIP

    <RequireAny>
      Require env AllowIP
      Require valid-user
    </RequireAny>

</Directory>

    The source of the idea

    0 讨论(0)
  • 我在风中等你
    2020-12-13 20:38

    At Apache 2.4+, if you also like to set a fixed username based on the IP block you could use AuthBasicFake directive together with runtime If directive.

    This example with grant direct access to 22.33.44.55/32 and 66.77.88.99/32 and sets username demouser, all others must login.

    <Location>
    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <If "-R '22.33.44.55/32' || -R '66.77.88.99/32'">
        AuthBasicFake demouser
        Require all granted
    </If>
    <Else>
        Require valid-user
    </Else>
</Location>
    0 讨论(0)
  • 不思量自难忘°
    2020-12-13 20:41 
    SetEnvIF X-Forwarded-For "192.168.135.159" AllowIP
SetEnvIF X-Forwarded-For "192.168.135.135" AllowIP

AuthType Basic
AuthName "admin"
AuthUserFile "/var/www/domain.com/cms/.htpasswd"

<RequireAll>
Require env AllowIP
require valid-user
</RequireAll>

    İ also checked many variants. this code üorks with 2.4 version of apache 100%

    0 讨论(0)
  • 野性不改
    2020-12-13 20:44

    edit: this may be accepted answer, but old. For new Apache installs, use Brians answer here

    Add this: Satisfy Any (which means either of those 2 should be passed).

    And the syntax is either:

    Require valid-user

    Or:

    Require user <userid>
    0 讨论(0)
  • 醉梦人生
    2020-12-13 20:48

    This is how it's done for Apache 2.4+ (since Satisfy Any is no longer supported).

    <Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <RequireAny>
      Require ip 22.33.44.55
      Require valid-user
    </RequireAny>

</Directory>

    If you want to require both IP address -and- Login/Password, change <RequireAny> to <RequireAll>

    I hope this helps someone - as it took me a while to figure it out.

    0 讨论(0)
 看不清?
提交回复
热议问题