You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Liz Kim <li...@gmail.com> on 2007/02/06 19:35:54 UTC
[users@httpd] Defining IPs in one place
I am allowing over 30 IP's & domain names into certain protected areas..
Is there a way to define these at one place and call them from the
<directory> instead of repeating the long list over and over again??
Thank you!
Re: [users@httpd] Defining IPs in one place
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> It would be ideal to keep the protections on /A/* as they are, while
> updating the protection on /A.
> However, it seems that adding "Satisfy any" on /A is disabling the
> protections on directories under /A.
> For example, /A/B now needs to satisfy any of /A's list of IP's, /A's
> password or /A/B's password.
No, /A/B will not be affected at all by /A's password if you define a
new set of auth directives for /A/B. The Allow/Deny/Satisfy
directive, however, will carry over unless you override them in /A/B.
>
> The only solution I see is to define independent protections on /A and /A/*
> For example, /A would "Satisfy any" with a list of IP's and a password.
> /A/B would "Satisfy all" with the list of the same IP's a different
> password.
You should not need to relist the Allow/Deny directives in /A/B. The
will be inherited from /A. Just put "Satisfy All" in /A/B along with
whatever new password you want.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Defining IPs in one place
Posted by Liz Kim <li...@gmail.com>.
You're right. I did not even state the problem clearly. Here I go again:
There is a directory /A which includes all our private data. /A is
protected by allow/deny.
We want to add the option to access /A with a login/password when they are
not on one of the allowed IP's.
This requires "Satisfy any".
Under /A, there are various directories with all sorts of different
protections.
For example, there is /A/B which has a password protection.
Currently, a user has to be on a apporved domain (defined by the allow/deny
protection on /A) to even get to the login/password prompt.
It would be ideal to keep the protections on /A/* as they are, while
updating the protection on /A.
However, it seems that adding "Satisfy any" on /A is disabling the
protections on directories under /A.
For example, /A/B now needs to satisfy any of /A's list of IP's, /A's
password or /A/B's password.
The only solution I see is to define independent protections on /A and /A/*
For example, /A would "Satisfy any" with a list of IP's and a password.
/A/B would "Satisfy all" with the list of the same IP's a different
password.
Is there an easier solution anyone can think of??
Thanks!
On 2/6/07, Joshua Slive <jo...@slive.ca> wrote:
>
> On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> > Thanks Joshua..
> > I think the solution to my prob might be:
> > Define the list of IP's/hostname I want to allowed into /A
> > Then to a satisfy any on /A - define allowed IP's and the password A
> > a satisfy all on /B - define the IP's again here and the password B
> > It seems like this would be the only way to solve this problem..
>
> To be frank, you've never properly identified the problem. The above
> description is full of typos and lacks any significant punctuation,
> making it impossible to interpret. So I have no idea what you want or
> how you plan on implementing it.
>
> Good luck anyway.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Defining IPs in one place
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> Thanks Joshua..
> I think the solution to my prob might be:
> Define the list of IP's/hostname I want to allowed into /A
> Then to a satisfy any on /A - define allowed IP's and the password A
> a satisfy all on /B - define the IP's again here and the password B
> It seems like this would be the only way to solve this problem..
To be frank, you've never properly identified the problem. The above
description is full of typos and lacks any significant punctuation,
making it impossible to interpret. So I have no idea what you want or
how you plan on implementing it.
Good luck anyway.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Defining IPs in one place
Posted by Liz Kim <li...@gmail.com>.
Thanks Joshua..
I think the solution to my prob might be:
Define the list of IP's/hostname I want to allowed into /A
Then to a satisfy any on /A - define allowed IP's and the password A
a satisfy all on /B - define the IP's again here and the password B
It seems like this would be the only way to solve this problem..
On 2/6/07, Joshua Slive <jo...@slive.ca> wrote:
>
> On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> > I am allowing over 30 IP's & domain names into certain protected areas..
> > Is there a way to define these at one place and call them from the
> > <directory> instead of repeating the long list over and over again??
>
> The Include directive lets you include one config file inside another.
> So create a protected.conf that lists all your Allow/Deny directives,
> and then Include it wherever you'd like.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Defining IPs in one place
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> I am allowing over 30 IP's & domain names into certain protected areas..
> Is there a way to define these at one place and call them from the
> <directory> instead of repeating the long list over and over again??
The Include directive lets you include one config file inside another.
So create a protected.conf that lists all your Allow/Deny directives,
and then Include it wherever you'd like.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org