You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Emmanuel Franquemagne <em...@kelkoo.com> on 2005/05/27 10:55:14 UTC

[users@httpd] Selective authentication

Hello,
I use an apache web server, and I'd like to do the following on a 
subtree (let's assume it's /testaccess for the website):
All users that come from a particular domain, no authentication is 
asked, they are automatically allowed
For the rest of the world, an authentication has to be asked.

I do the following:
In .htaccess file, I have:
#
AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist
AuthType basic
AuthName "Restricted"
Allow from mydomain.com
Require valid-user
Satisfy any
#

In /opt/public/apache/htdocs/testaccess/userlist/userlist, I have:
#
guest1:qwerty
guest2:asdfgh
#

I made several tests for .htaccess directives, but I always get the same 
result: either everyone can access without any authentication, or 
everyone is asked for authentication.
I have no right on the basic apache configuration (httpd.conf), and I 
wonder if the basic apache configuration can prevent .htaccess behave as 
I'd like

Can somebody help me?
Thanks,
Emmanuel


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Selective authentication

Posted by Ivan idris <iv...@gmail.com>.

The configuration file httpd.conf can be set to disallow .htacces use with:
AllowOverride None

Also you can check your error log for errors concerning the htacces
files. On my installation it is on /var/log/apache

Regards,

Ivan Idris

On 5/27/05, Emmanuel Franquemagne <em...@kelkoo.com> wrote:
> Hello,
> I use an apache web server, and I'd like to do the following on a
> subtree (let's assume it's /testaccess for the website):
> All users that come from a particular domain, no authentication is
> asked, they are automatically allowed
> For the rest of the world, an authentication has to be asked.
> 
> I do the following:
> In .htaccess file, I have:
> #
> AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist
> AuthType basic
> AuthName "Restricted"
> Allow from mydomain.com
> Require valid-user
> Satisfy any
> #
> 
> In /opt/public/apache/htdocs/testaccess/userlist/userlist, I have:
> #
> guest1:qwerty
> guest2:asdfgh
> #
> 
> I made several tests for .htaccess directives, but I always get the same
> result: either everyone can access without any authentication, or
> everyone is asked for authentication.
> I have no right on the basic apache configuration (httpd.conf), and I
> wonder if the basic apache configuration can prevent .htaccess behave as
> I'd like
> 
> Can somebody help me?
> Thanks,
> Emmanuel
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Selective authentication

Posted by Joshua Slive <js...@gmail.com>.

On 5/27/05, Emmanuel Franquemagne <em...@kelkoo.com> wrote:
> Hello,
> I use an apache web server, and I'd like to do the following on a
> subtree (let's assume it's /testaccess for the website):
> All users that come from a particular domain, no authentication is
> asked, they are automatically allowed
> For the rest of the world, an authentication has to be asked.
> 
> I do the following:
> In .htaccess file, I have:
> #
> AuthUserFile /opt/public/apache/htdocs/testaccess/userlist/userlist

Don't put your password file in the webspace.

> AuthType basic
> AuthName "Restricted"
> Allow from mydomain.com
> Require valid-user
> Satisfy any

You appear to be missing an "Order allow,deny" directive.  Other than
that, it appears correct.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org