You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Terri Eads <ea...@rap.ucar.edu> on 2002/04/25 21:34:44 UTC
using .htaccess
Is is possible to use two methods of authentication
within a .htaccess file? For example, let in certain
IP addresses, but if a connection is attempted from
a different IP address, then prompt for a password?
Thanks,
--
Terri Eads Systems Administrator
eads@ucar.edu Research Applications Program
(303) 497-8425 National Center for Atmospheric Research
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: using .htaccess
Posted by Jason <jt...@cartmanager.net>.
I know if you use mod_perl you can do this with
PerlAuthenHandler
Directive.
Try http://perl.apache.org/guide/security.html
Basically it allows you to write your own authentication routines.
Here is a snip of my httpd.conf file that i use to do this on a single file.
<Directory /home/stuff/public_html/cgi-bin/>
<Files view.cgi>
PerlAccessHandler ApacheAuthentication
PerlAuthenHandler ApacheAuthentication
AuthName "Order Reports"
AuthType Basic
Require valid-user
AllowOverride None
Options +ExecCGI
SetHandler perl-script
PerlHandler Apache::Registry
# PerlModule Apache::DBI
PerlSendHeader Off
</Files>
</Directory>
Here is a BASIC version if my authentication module
package ApacheAuthentication;
#use strict;
use Apache::Constants qw(:common);
use Apache::URI;
use Apache::File;
sub handler {
my $r = shift;
# get user's authentication credentials
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
# authenticate through DBI
my $reason = ''; # if you have a reason it will fail, if you dont, it allows them access
if ($reason) {
$r->note_basic_auth_failure;
$r->log_reason($reason, $r->uri);
return AUTH_REQUIRED;
}
return OK;
}
1;
----- Original Message -----
From: "Terri Eads" <ea...@rap.ucar.edu>
To: <us...@httpd.apache.org>
Sent: Thursday, April 25, 2002 1:34 PM
Subject: using .htaccess
>
> Is is possible to use two methods of authentication
> within a .htaccess file? For example, let in certain
> IP addresses, but if a connection is attempted from
> a different IP address, then prompt for a password?
>
> Thanks,
> --
> Terri Eads Systems Administrator
> eads@ucar.edu Research Applications Program
> (303) 497-8425 National Center for Atmospheric Research
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: using .htaccess
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 25 Apr 2002, Terri Eads wrote:
>
> Is is possible to use two methods of authentication
> within a .htaccess file? For example, let in certain
> IP addresses, but if a connection is attempted from
> a different IP address, then prompt for a password?
Yes. See the Satisfy directive, as in
Order deny,allow
deny from all
all from yournetwork.example.com
require valid-user
Satisfy any
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org