My devsite is running with other production sites. I need to deny the dev sites, but allow one url of dev sites to be accessible.
AuthType Basic
AuthName "My Development Site"
AuthUserFile /path_to/.htpasswd
Require valid-user
# Need to deny devsite, and working!
SetEnvIf Host .*\.dev\.site\.com$ DEV_SITE
# But allow x.dev.site.com/xml/, I think the idea is to unset DEV_SITE,
# but not working!
SetEnvIf Request_URI ^/xml/ !DEV_SITE
Order Allow,Deny
Allow from all
Deny from env=DEV_SITE
Satisfy any
Related
I have users in .htpasswd and allowed IPs in .htaccess
I want to allow either user/password (for IPs not in .htaccss) OR IPs to access (without auth).
I edited the dir section in httpd with these lines
But its asking for user/password for the allowed IPs and IPs not in the file are not asked to authenticate.
<Directory xxx>
AllowOverride All
Options Indexes FollowSymLinks
AuthName "Authentication required!"
AuthType Basic
AuthUserFile <my path>/.htpasswd
<RequireAny>
Require ip 127.0.0.1
Require valid-user
</RequireAny>
</Directory>
These configs worked for me
AllowOverride All
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/my path/.htpasswd"
Require valid-user
satisfy any
deny from all
allow from x.x.x.x
I'd like to get Basic Authentication for everything except requests from a certain IP Range and URLs that have a URL Path. (In my scenario these always end with .html)
The IP Range works fine, but I can't get requests to go threw that end with .html. For example:
http://subdomain.domain.com/test.html or http://subdomain.domain.com/test/test.html
should be allowed without authentication, while
http://subdomain.domain.com or http://domain.com
should be denied.
This is the Basic Auth block in my .htaccess:
SetEnvIf Request_URI ".html$" auth=1
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Login"
require valid-user
Allow from 123.456.78 env=auth
Satisfy Any
You need 2 different Allow lines:
SetEnvIf Request_URI "\.html$" NO_AUTH
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Login"
require valid-user
Satisfy Any
Order Deny,Allow
Deny from all
Allow from 123.456.78
Allow from env=NO_AUTH
I have problem figuring out how create right configuration for apache 2.4 with mod_authz_core specifically with combination of RequireAny/All and Require valid-user.
I need this configuration: web has blocked access from specified countries, but I have list of specific ip address, that have to be whitelisted and have access to web (even from blocked country)
And there is a part of website which require AuthBasic authentication from .htaccess file
First of all, I am trying to migrate old apache configuration from 2.2 to apache 2.4.
Old configuration:
#blocation for specified countries
SetEnvIf GEOIP_COUNTRY_CODE AB BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE AC BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE AD BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE AE BlockCountry
<LocationMatch "/*">
Order deny,allow
deny from .zx
deny from env=BlockCountry
allow from 127.0.0.1
Include "/etc/httpd/conf/permited-xx-ip.include.old"
</LocationMatch>
This work absolutely fine on apache 2.2.
I changed it to this to match new apache 2.4
<LocationMatch "/.*">
<RequireAny>
<RequireAll>
Require all granted
Require not host .xx
Require not env BlockCountry
</RequireAll>
<RequireAny>
Require local
Include "/etc/httpd/conf/permited-xx-ip.include"
</RequireAny>
</RequireAny>
</LocationMatch>
file /etc/httpd/conf/permited-xx-ip.include contains lines:
Require ip x.x.x.x
And this works fine, but problem is when I have directory which has .htaccess with AuthBasic directive, it will not prompt for username/password.
I was checking logs and it seems that the RequireAny/All allow acces without prompting for password.
.htacces file:
AuthName "members"
AuthType Basic
AuthUserFile ./data/.htpasswd
AuthBasicProvider file
Require valid-user
If i comment Require section in apache conf file, it will prompt for user/password.
I also tried old configuration with mod_compat, but the configuration does not work as intended(it will not consider whitelisted ips).
Thanks for reading long post.
Any suggestion ?
I think i figured it out,
The right configuration should look like this:
<Directory /var/www/www-root>
<RequireAny>
<RequireAll>
Require all granted
Require not host .xx
Require not env BlockCountry
</RequireAll>
<RequireAny>
Require local
Include "/etc/httpd/conf/permited-ip.include"
</RequireAny>
</RequireAny>
</Directory>
Plus the configuration for the directory with AuthBasic .htaccess:
<Directory /var/www/www-root/dirwithauthbasic>
<RequireAll>
<RequireAny>
<RequireAll>
Require all granted
Require not host .xx
Require not env BlockCountry
</RequireAll>
<RequireAny>
Require local
Include "/etc/httpd/conf/permited-ip.include"
</RequireAny>
</RequireAny>
Require valid-user
</RequireAll>
</Directory>
sorry for messed format
I haven't been able to find the right answer for this on StackOverflow, so I figured I would ask and hopefully others are looking for the same:
I am using the same .htacess for local, dev and prod and want to HTTP_AUTH our DEV box. Here is my htaccess:
RewriteEngine On
RewriteBase /
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
Order deny,allow
Satisfy any
Deny from SITE_ENV=DEV
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
This works when I'm my local enviornment, but when I switch the Deny from SITE_ENV=DEV to Deny from SITE_ENV=LOCAL I don't get the authentication requirement anymore, which leads me to believe the code isn't working. I also have changed the AuthUserFile path to point to the local .htpasswd - but I figured this would show up in the logs if it couldn't find the .htpasswd file
Any guidance here?
You can use:
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
Order Allow,Deny
Allow from all
Deny from SITE_ENV=DEV
Satisfy any
I am trying to allow Amazon CDN to access the resources on my password-protected staging site (HTTP Basic Authentication).
This is the code I have in the httpd.conf file for it:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName staging.domain.com
DocumentRoot /var/www/html
<Directory "/var/www/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride all
AuthName "Development Access"
AuthType Basic
AuthUserFile /path/to/password.htpasswd
Require valid-user
SetEnvIf User-Agent "^Amazon.*" cdn
Order allow,deny
Allow from env=cdn
</Directory>
</Virtualhost>
I'm using SetEnvIf to assign a variable if the user agent is Amazon and then just allowing it, but this is not working. Can somebody please help me out with this one?
the problem is that a valid user is required to get to the content, indifferent of the user agent used.
Give this article in the Apache Manual a read, specifically take a look at the RequireAny bit. That allows you to setup the rules with the complexity you require. Your config code would look something like this.
SetEnvIf User-Agent "^Amazon.*" cdn
<RequireAny>
Require valid-user
Require cdn
</RequireAny>
This only works on Apache 2.4 upwards. On 2.2 you can look at this article in the Apache Wiki and specially to the Satisfy Any directive. Hope this helps.
If you have Apache 2 and possibly the requirement to access the resources with HTTP Auth, this has worked for me:
<Directory /var/www/yourwebdirectory>
SetEnvIf User-Agent "^Amazon.*" cdn
AuthUserFile /etc/apache2/.htpasswd.forthissite
AuthType Basic
AuthName "My Files"
Require valid-user
Order allow,deny
Allow from env=cdn
Satisfy Any
</Directory>