Menu
Problem: I have some files under /var/www/files/ that I want them to be accessed from specific IP addresses WITHOUT requiring user/password. However, I would like that any other IP address SHOULD require login to gain access.
This is in my httpd.conf:
<Directory /var/www/files/> Order deny,allow Deny from all Allow from 192.168 AuthUserFile /etc/apache2/basic.pwd AuthName "Please enter username and password" AuthType Basic Require user valid-user </Directory> But, if I understood correctly, this means that any client coming from 192.168.* will have access to that directory BUT will require a valid-user to view its content. And any other IP address will be denied. right?
Thank you in advance.
947
It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl . Apache supports one other authentication method: AuthType Digest .
This is how it's done for Apache 2.4+ (since Satisfy Any is no longer supported).
<Directory /var/www/files/> AuthType Basic AuthName "Please enter your username and password" AuthUserFile /var/www/files/.htpasswd <RequireAny> Require ip 22.33.44.55 Require valid-user </RequireAny> </Directory> If you want to require both IP address -and- Login/Password, change <RequireAny> to <RequireAll>
I hope this helps someone - as it took me a while to figure it out.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
