You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Horne <J....@plymouth.ac.uk> on 2002/06/07 16:12:50 UTC
Multiple authentication test?
Hello,
Using apache 2.0.36 I am trying to allow access to specific pages based on
the user conforming to one of two authentication tests:
Satisfy any
Order deny,allow
Deny from all
Allow from 141.163.66.136 141.163.60.
AuthType Basic
AuthName "Big Brother"
AuthUserFile /home/bb/bb-access
require valid-user
The first test is simply IP based - i.e. are they in a specific IP address
range. The second test currently prompts the user for a username/password,
and this all works fine. However I would like to combine the second test
with the fact that the user must be from a specific IP address as well (but
that address is different from the 66.136 and 60 subnet addresses). Can I do
something like:
Allow from 141.163.66.136 141.163.60.
AuthType Basic
AuthName "Big Brother"
AuthUserFile /home/bb/bb-access
require valid-user
Allow from 141.163.88.100
In the second test the user must provide a username/password *and* be from
IP address 88.100. Is this possible?
Thanks,
John.
------------------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: jhorne@plymouth.ac.uk
PGP key available from public key servers
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Multiple authentication test?
Posted by John Horne <J....@plymouth.ac.uk>.
On 07-Jun-2002 at 14:20:15 Joshua Slive wrote:
> On Fri, 7 Jun 2002, John Horne wrote:
>> and this all works fine. However I would like to combine the second test
>> with the fact that the user must be from a specific IP address as well
>> (but that address is different from the 66.136 and 60 subnet
>> addresses). Can I do something like:
>>
>> Allow from 141.163.66.136 141.163.60.
>> AuthType Basic
>> AuthName "Big Brother"
>> AuthUserFile /home/bb/bb-access
>> require valid-user
>> Allow from 141.163.88.100
>>
> No. But you can get that effect using mod_rewrite in combination with
> your first configuration.
> Here's an example to get you started:
>
> RewriteEngine On
> RewriteCond %{REMOTE_ADDR} !^141\.163\.88\.100$
> RewiteCond %{LA-U:REMOTE_USER} .+
> RewriteRule .* - [F]
>
Yup, this works fine :-) Many thanks. Of course, I had to RTFM to understand
what on earth the rewrite conditions and rule were doing! :-)
Regards,
John.
------------------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: jhorne@plymouth.ac.uk
PGP key available from public key servers
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Multiple authentication test?
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 7 Jun 2002, John Horne wrote:
> and this all works fine. However I would like to combine the second test
> with the fact that the user must be from a specific IP address as well (but
> that address is different from the 66.136 and 60 subnet addresses). Can I do
> something like:
>
> Allow from 141.163.66.136 141.163.60.
> AuthType Basic
> AuthName "Big Brother"
> AuthUserFile /home/bb/bb-access
> require valid-user
> Allow from 141.163.88.100
>
> In the second test the user must provide a username/password *and* be from
> IP address 88.100. Is this possible?
No. But you can get that effect using mod_rewrite in combination with
your first configuration.
Here's an example to get you started:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^141\.163\.88\.100$
RewiteCond %{LA-U:REMOTE_USER} .+
RewriteRule .* - [F]
This says "If the user is NOT coming from 141.163.88.100 AND the user is
authenticated using basic auth (the REMOTE_USER variable is at least one
character long), then deny access."
I have not tested this, so please use it with care.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org