htaccess - using password OR ip whitelist
So I want to restrict access to a url. Now if they are coming from a given IP address then they shouldn't be prompted for a passw开发者_运维百科ord. If they are not coming from a givin IP address then they should be prompted for a password.
so a either or of:
AuthUserFile /some/path/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
and:
order deny,allow
deny from all
allow from x.x.x.x
You can use the Apache "Satisfy" directive.
Here is an example of using it :
AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
Access without password is only allowed from 127.0.0.1.
Hope this helps.
With Apache 2.4 Satisfy
is still available, but deprecated
Note
The directives provided by mod_access_compat have been deprecated by mod_authz_host. Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. This module was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the upgrading guide for more information.
In your case Allow from 1.2.3.4
is replaced by Require ip 1.2.3.4
Combining several Require
s (like Require valid-user
and Require ip
) can be done by Authorization Containers. So saying the client must either provide a password or come from a specific IP address, would be done by surrounding the directives with RequireAny
, e.g.
<RequireAny>
Require valid-user
Require ip 1.2.3.4
</RequireAny>
Although, this is a special case as described at the end of Require
When multiple Require directives are used in a single configuration section and are not contained in another authorization directive like
<RequireAll>
, they are implicitly contained within a<RequireAny>
directive. Thus the first one to authorize a user authorizes the entire request, and subsequent Require directives are ignored.
In other words, RequireAny
is optional here, and you can just list
Require valid-user
Require ip 1.2.3.4
This workes perfect for me:
AuthType Basic
AuthName "myserver publicname"
AuthUserFile "/myserverpath/.htpasswds/public/passwd"
require ip 100.12.255.233
require valid-user
Note: Just placed 'require ip' with 'my example ip' before 'require valid-user' and it does the trick. I can log in from my ip without password requested, but if I access from other locations or my mobile devices I need the password.
To set 'Satisfy any' was NOT GOOD FOR ME (!), because it disabled other .htaccess settings in lower hierarchy of my app and made my site insecure.
精彩评论