Menu
Is it possible to have an .htaccess/.htpasswd access control setup for a given directory, but if they are from a specific IP address, bypass the login/password authentication?
I know you can do something like this in the .htaccess file:
order deny,allow deny from all allow from 000.000.000.000 But if you add something along these lines:
AuthType Basic AuthName "restricted area" AuthUserFile /path/to/.htpasswd require valid-user Then it prompts for the password. Is there any way to do an if/else type setup, or some other solution so that users as a given IP (or set of IPs) don't get prompted for a password, but everyone else does?
447
Now you can get through the htaccess and authenticate your Api route with the bearer token. Show activity on this post. If you use postman basic authentication with username add password it will bypass the htaccess.
htpasswd within our /etc/apache2 configuration directory. The first time we use this utility, we need to add the -c option to create the specified file. We specify a username ( sammy in this example) at the end of the command to create a new entry within the file: sudo htpasswd -c /etc/apache2/.
For versions 2.2.X you can use the following...
AuthUserFile /var/www/mysite/.htpasswd AuthName "Please Log In" AuthType Basic require valid-user Order allow,deny Allow from xxx.xxx.xxx.xxx satisfy any Obviously replace the path to your usersfile and the ip address which you would like to bypass the authentication.
Further explanation of the specifics, can be found at: http://httpd.apache.org/docs/2.2/howto/auth.html
52
If you use apache >=2.4, it would be something like this:
<If "%{REMOTE_ADDR} != '127.0.0.1'"> AuthType Basic AuthName "restricted area" AuthUserFile /path/to/.htpasswd require valid-user </If> For more info take a look at the docs.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
