Allow either users OR ips to access using apache - apache

I have users in .htpasswd and allowed IPs in .htaccess
I want to allow either user/password (for IPs not in .htaccss) OR IPs to access (without auth).
I edited the dir section in httpd with these lines
But its asking for user/password for the allowed IPs and IPs not in the file are not asked to authenticate.
<Directory xxx>
AllowOverride All
Options Indexes FollowSymLinks
AuthName "Authentication required!"
AuthType Basic
AuthUserFile <my path>/.htpasswd
<RequireAny>
Require ip 127.0.0.1
Require valid-user
</RequireAny>
</Directory>

These configs worked for me
AllowOverride All
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/my path/.htpasswd"
Require valid-user
satisfy any
deny from all
allow from x.x.x.x

Related

Apache2.2 Url whitelisting from basic auth

I have a virtualhost configured with basic auth, but I want to whitelist only one url, because it will be called from a 3rd party API where I can't configure authentication. I read the other questions here but I couldn't get it work, this is how it looks like now:
<Location "^/this/url">
AuthType None
Order Allow,Deny
Allow from all
Satisfy any
</Location>
<Location />
AuthUserFile "/srv/.htpasswd"
AuthName authorization
AuthType Basic
require valid-user
Order Allow,Deny
Deny from all
Satisfy any
</Location>
So I want http://www.example.com to have authentication but http://www.example.com/this/url don't.

Htaccess, allow ip, deny ip and prompt for other

I have a list of ip which doesn't require login prompt ... I have a list of banned ip ( no prompt juste deny access ) But i need a prompt for all others ip ...
I tried this :
AuthType Basic
AuthName "Restricted Area"
AuthUserFile .htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Allow from 82.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Satisfy any
But if you come on with a banned ip, you have the prompt ... if you change Satisfy ( "Satisfy all" ) you have the prompt on allowed ip ...
i found a trick for my problem :
Order Allow,Deny
Allow from all
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
<IfModule mod_rewrite.c>
RewriteEngine On
<If "%{REMOTE_ADDR} != '82.xxx.xxx.xxx'">
AuthType Basic
AuthName "restricted area"
AuthUserFile /var/www/.htpasswd
require valid-user
</If>
</IfModule>
Satisfy All
But this solution work only on apache >= 2.4 because IF statement isn't supported by older version ....
do you have any others solutions for apache 2.2 ??

Restrictions in apache

I need to configure access to some different method, and to add more different users (admin, user1 ....)
<Location /webdav>
DAV On
#Require valid-user
AuthType Digest
AuthName "webdav"
AuthUserFile /etc/apache2/webdav.password
Require user admin
OPTIONS none
<LimitExcept PUT DELETE GET>
Require user admin
</LimitExcept>
</Location>
I cant use Require valid-user , because not all users need to have same access

different htpasswd files per domain

I've 2 domains e.g. foo.com and bar.com which share the same document root.
The sites are protected by a .htaccess file
AuthUserFile ../.htpasswd
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
how can I set the AuthUserFile depending on the host?
pseudocode:
if (host == foo.com) {
AuthUserFile ../.htpasswd_foo
} else {
AuthUserFile ../.htpasswd_bar
}
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
If this is not possible are there any other ways to get different logins for the 2 domains?
Try setting it up like this:
#site1.com
setenvIfNoCase Host site1\.com pass_1
AuthType Basic
AuthName "Site1.com Login Required"
AuthUserFile "/home/userdir/.htpasswds/site1.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_1
Satisfy any
#site2.com
setenvIfNoCase Host site2\.com pass_2
AuthType Basic
AuthName "Site2.com Login Required"
AuthUserFile "/home/user_dir/.htpasswds/site2.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_2
Satisfy any

Apache restrict access unless from localhost

The below code is in .htaccess file in /home/cuddle/test/
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
This works fine, it will prompt for username & password, however when I add another rule to allow internal requests:
Allow from 127.0.0.1
Satisfy Any
It no longer prompts for password for outside users (non localhost) and seems to let all users through, no matter if they validate or what IP they are from. There are no other permissions/allow/deny present within .htaccess
Try this:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Satisfy Any
I just signed up to StackOverflow because I stumbled to same problem, and after trial-and-error, the config above worked for me.
Simpler solution:
AuthUserFile "/home/cuddle/.htpasswds/test/passwd"
AuthType Basic
AuthName "Secure Area"
Require valid-user
Require local
Satisfy Any