You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Emmanuel Franquemagne <em...@kelkoo.com> on 2005/05/27 10:55:14 UTC
[users@httpd] Selective authentication
Hello,
I use an apache web server, and I'd like to do the following on a
subtree (let's assume it's /testaccess for the website):
All users that come from a particular domain, no authentication is
asked, they are automatically allowed
For the rest of the world, an authentication has to be asked.
I do the following:
In .htaccess file, I have:
#
AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist
AuthType basic
AuthName "Restricted"
Allow from mydomain.com
Require valid-user
Satisfy any
#
In /opt/public/apache/htdocs/testaccess/userlist/userlist, I have:
#
guest1:qwerty
guest2:asdfgh
#
I made several tests for .htaccess directives, but I always get the same
result: either everyone can access without any authentication, or
everyone is asked for authentication.
I have no right on the basic apache configuration (httpd.conf), and I
wonder if the basic apache configuration can prevent .htaccess behave as
I'd like
Can somebody help me?
Thanks,
Emmanuel
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Selective authentication
Posted by Ivan idris <iv...@gmail.com>.
The configuration file httpd.conf can be set to disallow .htacces use with:
AllowOverride None
Also you can check your error log for errors concerning the htacces
files. On my installation it is on /var/log/apache
Regards,
Ivan Idris
On 5/27/05, Emmanuel Franquemagne <em...@kelkoo.com> wrote:
> Hello,
> I use an apache web server, and I'd like to do the following on a
> subtree (let's assume it's /testaccess for the website):
> All users that come from a particular domain, no authentication is
> asked, they are automatically allowed
> For the rest of the world, an authentication has to be asked.
>
> I do the following:
> In .htaccess file, I have:
> #
> AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist
> AuthType basic
> AuthName "Restricted"
> Allow from mydomain.com
> Require valid-user
> Satisfy any
> #
>
> In /opt/public/apache/htdocs/testaccess/userlist/userlist, I have:
> #
> guest1:qwerty
> guest2:asdfgh
> #
>
> I made several tests for .htaccess directives, but I always get the same
> result: either everyone can access without any authentication, or
> everyone is asked for authentication.
> I have no right on the basic apache configuration (httpd.conf), and I
> wonder if the basic apache configuration can prevent .htaccess behave as
> I'd like
>
> Can somebody help me?
> Thanks,
> Emmanuel
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Selective authentication
Posted by Joshua Slive <js...@gmail.com>.
On 5/27/05, Emmanuel Franquemagne <em...@kelkoo.com> wrote:
> Hello,
> I use an apache web server, and I'd like to do the following on a
> subtree (let's assume it's /testaccess for the website):
> All users that come from a particular domain, no authentication is
> asked, they are automatically allowed
> For the rest of the world, an authentication has to be asked.
>
> I do the following:
> In .htaccess file, I have:
> #
> AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist
Don't put your password file in the webspace.
> AuthType basic
> AuthName "Restricted"
> Allow from mydomain.com
> Require valid-user
> Satisfy any
You appear to be missing an "Order allow,deny" directive. Other than
that, it appears correct.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org