Htaccess, allow ip, deny ip and prompt for other - apache

I have a list of ip which doesn't require login prompt ... I have a list of banned ip ( no prompt juste deny access ) But i need a prompt for all others ip ...
I tried this :
AuthType Basic
AuthName "Restricted Area"
AuthUserFile .htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Allow from 82.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Satisfy any
But if you come on with a banned ip, you have the prompt ... if you change Satisfy ( "Satisfy all" ) you have the prompt on allowed ip ...

i found a trick for my problem :
Order Allow,Deny
Allow from all
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
Deny from 109.xxx.xxx.xxx
<IfModule mod_rewrite.c>
RewriteEngine On
<If "%{REMOTE_ADDR} != '82.xxx.xxx.xxx'">
AuthType Basic
AuthName "restricted area"
AuthUserFile /var/www/.htpasswd
require valid-user
</If>
</IfModule>
Satisfy All
But this solution work only on apache >= 2.4 because IF statement isn't supported by older version ....
do you have any others solutions for apache 2.2 ??

Related

Allow either users OR ips to access using apache

I have users in .htpasswd and allowed IPs in .htaccess
I want to allow either user/password (for IPs not in .htaccss) OR IPs to access (without auth).
I edited the dir section in httpd with these lines
But its asking for user/password for the allowed IPs and IPs not in the file are not asked to authenticate.
<Directory xxx>
AllowOverride All
Options Indexes FollowSymLinks
AuthName "Authentication required!"
AuthType Basic
AuthUserFile <my path>/.htpasswd
<RequireAny>
Require ip 127.0.0.1
Require valid-user
</RequireAny>
</Directory>
These configs worked for me
AllowOverride All
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/my path/.htpasswd"
Require valid-user
satisfy any
deny from all
allow from x.x.x.x

htaccess restrict authentification but exception on file

I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.

Apache Basic Auth only for Requests with URL Path

I'd like to get Basic Authentication for everything except requests from a certain IP Range and URLs that have a URL Path. (In my scenario these always end with .html)
The IP Range works fine, but I can't get requests to go threw that end with .html. For example:
http://subdomain.domain.com/test.html or http://subdomain.domain.com/test/test.html
should be allowed without authentication, while
http://subdomain.domain.com or http://domain.com
should be denied.
This is the Basic Auth block in my .htaccess:
SetEnvIf Request_URI ".html$" auth=1
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Login"
require valid-user
Allow from 123.456.78 env=auth
Satisfy Any
You need 2 different Allow lines:
SetEnvIf Request_URI "\.html$" NO_AUTH
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Login"
require valid-user
Satisfy Any
Order Deny,Allow
Deny from all
Allow from 123.456.78
Allow from env=NO_AUTH

.htaccess access conditional login based on DOMAIN

I haven't been able to find the right answer for this on StackOverflow, so I figured I would ask and hopefully others are looking for the same:
I am using the same .htacess for local, dev and prod and want to HTTP_AUTH our DEV box. Here is my htaccess:
RewriteEngine On
RewriteBase /
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
Order deny,allow
Satisfy any
Deny from SITE_ENV=DEV
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
This works when I'm my local enviornment, but when I switch the Deny from SITE_ENV=DEV to Deny from SITE_ENV=LOCAL I don't get the authentication requirement anymore, which leads me to believe the code isn't working. I also have changed the AuthUserFile path to point to the local .htpasswd - but I figured this would show up in the logs if it couldn't find the .htpasswd file
Any guidance here?
You can use:
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
Order Allow,Deny
Allow from all
Deny from SITE_ENV=DEV
Satisfy any

different htpasswd files per domain

I've 2 domains e.g. foo.com and bar.com which share the same document root.
The sites are protected by a .htaccess file
AuthUserFile ../.htpasswd
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
how can I set the AuthUserFile depending on the host?
pseudocode:
if (host == foo.com) {
AuthUserFile ../.htpasswd_foo
} else {
AuthUserFile ../.htpasswd_bar
}
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
If this is not possible are there any other ways to get different logins for the 2 domains?
Try setting it up like this:
#site1.com
setenvIfNoCase Host site1\.com pass_1
AuthType Basic
AuthName "Site1.com Login Required"
AuthUserFile "/home/userdir/.htpasswds/site1.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_1
Satisfy any
#site2.com
setenvIfNoCase Host site2\.com pass_2
AuthType Basic
AuthName "Site2.com Login Required"
AuthUserFile "/home/user_dir/.htpasswds/site2.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_2
Satisfy any