I have a internal website which has a .htaccess login except for the office IP. Which IP is white listed. Now I need a cronjob to get a file but I don't want normal users to access that file directly. An overview:
- public_html/
- index.php
- files.php
- all_folders/
- cronjob_only/dump.sql
So all users can access all, except cronjob_only/dump.sql. If they are inside the office they don't require a login. Outside they need to login.
The cronjob_only/dump.sql always requires a login and a the valid user cron_user
I did get it working without the ip whitelisting. My .htaccess file:
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /home/admin/domains/website.com/.htpasswd-file
AuthName "U shall not pass"
Allow from 94.215.167.79 #office IP
require valid-user
Satisfy Any
<FilesMatch "dump.sql">
Require user cron_user
</FilesMatch>
The above allows people inside the ip to access the dump.sql
If I turn off the Allow from.. the login split works.
What am I missing? I tried a lot. Most of it found here on stackoverflow.
Can anybody help?
Try this:
<FilesMatch "dump.sql">
Order allow,deny
Require user cron_user
Satisfy Any
</FilesMatch>
Please note that I'm not sure of this answer.
Related
I have a site (running on a framework, so folders are virtual) with access blocked via .htaccess/.htpasswd, but I want to permit public access to one folder/file. I've tried all of the solutions suggested elsewhere but so far nothing has worked.
Here's the basic .htaccess contents:
AuthUserFile /var/www/vhosts/mysite.com/.htpasswd
AuthName "MySite Restricted Area"
AuthType Basic
Require valid-user
I want to allow access to the URL /api/user/create. I have tried the following variations, all to no effect:
<Files "create">
Allow from all
</Files>
<FilesMatch create$>
Allow from all
</FilesMatch>
SetEnvIf Request_URI "create" allow
Deny from all
Allow from env=allow
It seems like the filename create isn't recognised as a valid file, but I have no idea why the last one doesn't work. :(
The problem is you are using virtual folders. <Files *> only takes effect for files on the disk. You should use the <Location> directive instead.
https://httpd.apache.org/docs/2.4/en/mod/core.html#location
In htaccess using Apache 2.2.x, is there a way to require a password and a certain IP address, and block outright everyone else?
I've tried all the Allow/Deny/Require/Satisfy combinations I could find or try. Maybe someone here has the answer? I did an extensive search but everyone is looking to allow bypassing a password for certain IP addresses, not demanding an IP and password.
I would suggest setting up your configuration to require just a password first, and once you have that working as intended. Add the correct allow from directive to the htaccess file. For example
Allow from 192.168.0.0
You should not need to add anything else as Satisfy All is the default, but if you are still having problems add this as well.
If you are still having problems show us the htaccess file and check the rest of your config for overriding configuration.
New config based on discussion below:
<Location />
Order allow,deny
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /path/to/htpasswd
Require valid-user
Satisfy all
Allow from 127.0.0.1
</Location>
Additional info, doesn't need the <Location> block if in htaccess
I have a question to a complex apache configuration (apache 2.2). Is the following possible, and if yes, how:
From some IPs access to particular files should be allowed without authentication.
From other IPs access to the same files should be allowed with authentication only.
From all other IPs access should not be allowed.
I've tried with
general:
Order deny,allow
deny from all
Then two blocks for the specified directory:
<Location /testverzeichnis/index.html>
AuthType Basic
AuthName "blabla"
Deny from all
Allow from <IP1>
AuthUserFile /srv/www/apache/.htpasswd
Require user scht
</Location>
This does work! I got a window for user/password, and on the second machine access is not allowed.
Then I tried to get access without password from the second machine:
<Location /testverzeichnis/index.html>
Deny from all
Allow from <IP2>
</Location>
But then I got the authentication box on the second machine!
Is this possible at all?
Thank you in advance!
Regards
Burkhard
"Satisfy any" in a single configuration section.
I have the following, but its not working correctly.
I run this server locally, but have now configured for external access. I want it to work such that if you're not within my internal network, you must authenticate.
Authentication works, however cannot get httpd to accept this code so something must be wrong. Just can't figure out which!
Order Deny, Allow
Deny from all
Satisfy Any
Allow from 127.0.0.1
Allow from 192.168
AuthUserFile "C:/Program Files/wamp/htpasswd.txt"
AuthName "Piss off :-)"
AuthType Basic
Require valid-user
Swap the Order:
Order Allow,Deny
Say I have a htaccess file shared by "dev.server" and "server.site.com".
The first domain should allow all users to access it unchallenged (it only exists on my local development server).
The second domain I want to authenticate users with Apache (NOT by database).
The code to authenticate users is:
AuthType Basic
AuthName "Server Admin"
AuthUserFile "/path/to/passwd"
require valid-user
What I can't do is make those 4 lines only matter if the domain is "server.site.com". How can I do this?
I searched for something like <IfEnv HTTP_HOST "site.server.com"> but had no luck.
This appears to work, still need to do some testing on it though.
Order Deny,Allow
Deny from all
SetEnvIf Host domain.for.no.auth dev
Allow from env=dev
AuthUserFile .pwd
AuthType Basic
AuthName MySite
Require valid-user
Satisfy Any
As far as I know, this can't be done in a .htaccess file. You'd have to put this into a Directory or VirtualHost section, both of which can't be used in a .htaccess file.
You would have to define it in two separate files, or directly in the server's configuration in the VirtualHost section.