You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by John Horne <J....@plymouth.ac.uk> on 2002/06/07 16:12:50 UTC

Multiple authentication test?

Hello,

Using apache 2.0.36 I am trying to allow access to specific pages based on
the user conforming to one of two authentication tests:

    Satisfy any
    Order deny,allow
    Deny from all
    Allow from 141.163.66.136 141.163.60.
    AuthType Basic
    AuthName "Big Brother"
    AuthUserFile /home/bb/bb-access
    require valid-user

The first test is simply IP based - i.e. are they in a specific IP address
range. The second test currently prompts the user for a username/password,
and this all works fine. However I would like to combine the second test
with the fact that the user must be from a specific IP address as well (but
that address is different from the 66.136 and 60 subnet addresses). Can I do
something like:

    Allow from 141.163.66.136 141.163.60.
    AuthType Basic
    AuthName "Big Brother"
    AuthUserFile /home/bb/bb-access
    require valid-user
    Allow from 141.163.88.100

In the second test the user must provide a username/password *and* be from
IP address 88.100. Is this possible?



Thanks,

John.

------------------------------------------------------------------------
John Horne, University of Plymouth, UK           Tel: +44 (0)1752 233914
E-mail: jhorne@plymouth.ac.uk
PGP key available from public key servers

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Multiple authentication test?

Posted by John Horne <J....@plymouth.ac.uk>.

On 07-Jun-2002 at 14:20:15 Joshua Slive wrote:
> On Fri, 7 Jun 2002, John Horne wrote:
>> and this all works fine. However I would like to combine the second test
>> with the fact that the user must be from a specific IP address as well
>> (but that address is different from the 66.136 and 60 subnet
>> addresses). Can I do something like:
>>
>>     Allow from 141.163.66.136 141.163.60.
>>     AuthType Basic
>>     AuthName "Big Brother"
>>     AuthUserFile /home/bb/bb-access
>>     require valid-user
>>     Allow from 141.163.88.100
>>
> No.  But you can get that effect using mod_rewrite in combination with
> your first configuration.
> Here's an example to get you started:
> 
> RewriteEngine On
> RewriteCond %{REMOTE_ADDR} !^141\.163\.88\.100$
> RewiteCond %{LA-U:REMOTE_USER} .+
> RewriteRule .* - [F]
> 
Yup, this works fine :-) Many thanks. Of course, I had to RTFM to understand
what on earth the rewrite conditions and rule were doing! :-)



Regards,

John.

------------------------------------------------------------------------
John Horne, University of Plymouth, UK           Tel: +44 (0)1752 233914
E-mail: jhorne@plymouth.ac.uk
PGP key available from public key servers

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Multiple authentication test?

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 7 Jun 2002, John Horne wrote:
> and this all works fine. However I would like to combine the second test
> with the fact that the user must be from a specific IP address as well (but
> that address is different from the 66.136 and 60 subnet addresses). Can I do
> something like:
>
>     Allow from 141.163.66.136 141.163.60.
>     AuthType Basic
>     AuthName "Big Brother"
>     AuthUserFile /home/bb/bb-access
>     require valid-user
>     Allow from 141.163.88.100
>
> In the second test the user must provide a username/password *and* be from
> IP address 88.100. Is this possible?

No.  But you can get that effect using mod_rewrite in combination with
your first configuration.
Here's an example to get you started:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^141\.163\.88\.100$
RewiteCond %{LA-U:REMOTE_USER} .+
RewriteRule .* - [F]

This says "If the user is NOT coming from 141.163.88.100 AND the user is
authenticated using basic auth (the REMOTE_USER variable is at least one
character long), then deny access."

I have not tested this, so please use it with care.

Joshua.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org