I am trying to only allow access to my raspberry pi from my website which is hosted from a provider. I found the following in the internet:
order deny,allow
deny from all
allow from 192.168.0.0/24
allow from ..external ip to pi..
allow from hurl.it
When I want for example hurl.it to get access to my pi, the pi blocks anyway. Do I make mistake handling with domains in htaccess?
Thanks for every response.
UPDATE:
order deny,allow
deny from all
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
allow from localhost
allow from 192.168.1
allow from 127.0.0.1
allow from ..external ip to pi..
Satisfy Any
I tried this one for the basic authorization.
I suggest you look at using Apache basic auth instead of this method you are looking at. Basic auth is simple to set up, and then you just access your Pi as:
http://user:password#123.123.123.123/
Replacing 123.123.123.123 with you external IP at home.
Also look at setting up HTTPS so communication is encrypted.
Update
You don't need the allow directives when using basic auth. Just order allow,deny and allow from all. The basic auth will stop anyone who is not authenticated. So just use:
order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Related
I want to configure universal .htaccess file for my application to protect my testing server. I want to display basic auth for any request that comes from public IP, only if current server is testing.
How to archieve this? I know how to protect domain and exclude some IP:
AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
But how I can let this code run only if server is dev/testing? I can't change env variables. I thought about detecting domain (server that I want to protect is on subdomain), and place code from above in some sort of if block, but I don't know how.
You use mod_setenvif to set an env variable based on current host and use it auth later:
SetEnvIfNoCase Host ^sub\.domain\.com$ SECURED
AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order Allow,Deny
Allow from 127.0.0.1
Deny from env=SECURED
Satisfy any
I know there are many questions about this topic, but i didn't found any solution that works.
I try to protect my web directory with htaccess password protection, but allow my local ip.
Somehow this doesn't work. On my local ip there is still password protection. If i use "Satisfy any" then the protection doesn't work at all and it is fully accessable.
<Directory "/srv/www/*">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.178.0/8
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/srv/www/.htpasswd"
Require valid-user
#Satisfy any
</Directory>
So if i understand documentation correctly:
Order Deny,Allow
First all Deny-rules are applied, and then the Allow-rules.
I have the following, but its not working correctly.
I run this server locally, but have now configured for external access. I want it to work such that if you're not within my internal network, you must authenticate.
Authentication works, however cannot get httpd to accept this code so something must be wrong. Just can't figure out which!
Order Deny, Allow
Deny from all
Satisfy Any
Allow from 127.0.0.1
Allow from 192.168
AuthUserFile "C:/Program Files/wamp/htpasswd.txt"
AuthName "Piss off :-)"
AuthType Basic
Require valid-user
Swap the Order:
Order Allow,Deny
now my apache configuration looks like this:
<Directory /usr/share/myweb/>
AuthType Basic
AuthName "myweb"
AuthUserFile /etc/apache2/.passwords
Require user mw
</Directory>
It allows everyone to web, but require password.
I would like to let some users (from local IP) to be allowed to see the website without a need of authentification. For others it should stay like it is - require password.
How can I do that?
I supposed I could just do it with Allow from xxx.xx., but it still requires the password.
Thanks for help.
Thanks for answer...this made it:
<Directory /path/to/myweb/>
Order allow,deny
AuthType Basic
AuthName "myweb"
AuthUserFile /etc/apache2/.passwd
Order allow,deny
Require user myweb
Allow from your.ip.add
Satisfy Any
</Directory>myweb.com
I've wondered about this before so I had a look round.
http://www.electrictoolbox.com/apache-password-protect-allow-ip/
it suggests you need to add to your config. I suspect it may be the lack of satisfy any that is tripping the login request, but I haven't tried it.
satisfy any
deny from all
allow from 192.168.1.
So you get
<Directory /usr/share/myweb/>
AuthType Basic
AuthName "myweb"
AuthUserFile /etc/apache2/.passwords
Require user mw
satisfy any
deny from all
allow from 192.168.1.
</Directory>
I have set up a site that is currently work in progress. I'm using an external SMS gateway that needs access to a script on my server. However, I have set up a basic username and password authentication for regular users, but the SMS gateway can't get through that.
How can I allow a single IP to pass through the authentication without authenticating itself, and deny all other users that aren't authenticated?
Here's my .htaccess file:
Order allow,deny
Allow from all
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
require user admin
Just found out, with help from JoseK:
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
require valid-user
Allow from 1.2.3.4
Satisfy Any
UPDATE: As of Apache 2.4, Order, Allow, Deny, and Satisfy directives should not be used anymore. So the new syntax is:
AuthType Basic
AuthUserFile /www/.site_htpasswd
AuthName "Protected Area"
<RequireAny>
Require ip 1.2.3.4
Require valid-user
</RequireAny>
Try changing first 2 lines to
Order deny,allow
Deny from all
Allow from 1.2.3.x
Replace your desired IP in the Allow from