Discussion:
access local / remote
(too old to reply)
Jan Novak
2014-11-11 15:52:27 UTC
Permalink
Hi,

how can i configure my website, that addresses from intranet
(192.168.0.n) are allowed without authentification and all other will be
authentificated throught an .htaccess file (or whatever)

Jan
Kees Nuyt
2014-11-12 12:25:01 UTC
Permalink
Post by Jan Novak
Hi,
how can i configure my website, that addresses from intranet
(192.168.0.n) are allowed without authentification and all other will be
authentificated throught an .htaccess file (or whatever)
What did you already try?
What worked like expected and what not?
--
Kees Nuyt
Jan Novak
2014-11-13 15:13:19 UTC
Permalink
Post by Kees Nuyt
Post by Jan Novak
Hi,
how can i configure my website, that addresses from intranet
(192.168.0.n) are allowed without authentification and all other will be
authentificated throught an .htaccess file (or whatever)
What did you already try?
What worked like expected and what not?
I have a Web service, what will be visible to everybody (also in the
internet) and for my local users in my intranet also.
This local intranet users (everyone comes with an ip like 192.168.0.n.)
shoud see the page without prompting for user/password.
All others - from the internet, shoud see a user/password prompt, before
the can see the page.

Jan
Kees Nuyt
2014-11-13 15:42:29 UTC
Permalink
Post by Jan Novak
Post by Kees Nuyt
Post by Jan Novak
Hi,
how can i configure my website, that addresses from intranet
(192.168.0.n) are allowed without authentification and all other will be
authentificated throught an .htaccess file (or whatever)
What did you already try?
What worked like expected and what not?
I have a Web service, what will be visible to everybody (also in the
internet) and for my local users in my intranet also.
This local intranet users (everyone comes with an ip like 192.168.0.n.)
shoud see the page without prompting for user/password.
All others - from the internet, shoud see a user/password prompt, before
the can see the page.
Jan
Yes, your question is clear, but what directives did you already
try in httpd.conf (and any .conf files included) ?

You could try something like this :
(in the <directory> block of documentroot):

# Auth directives for .htaccess here

Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from valid user


That's from the top of my head, the exact syntax can be found in
the manual.
Hope this helps you get started.
--
Kees Nuyt
Jan Novak
2014-11-18 12:04:55 UTC
Permalink
Post by Kees Nuyt
# Auth directives for .htaccess here
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from valid user
I try this out, it looks like that, what i'm searcheing for.

jan
Jan Novak
2014-11-20 09:27:58 UTC
Permalink
Post by Kees Nuyt
# Auth directives for .htaccess here
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from valid user
... but how will be then asked the user for his credentials ?
My apache conf is like this:


<VirtualHost *>
ServerName ...
ServerAdmin ...
DocumentRoot "/srv/www/..."
ErrorLog /var/log/apache2/...-error.log
TransferLog /var/log/apache2/...-access.log
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
Options +FollowSymLinks

<Directory "/srv/www/...">
AllowOverride all
Options FollowSymLinks Indexes
</Directory>
</virtualhost>

an in the web directory i have this .htaccess file :
Order deny,allow
Deny from all
Allow from 192.168.0.0/24
Allow from valid user



Jan
Kees Nuyt
2014-11-20 15:13:31 UTC
Permalink
Post by Jan Novak
Post by Kees Nuyt
# Auth directives for .htaccess here
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from valid user
... but how will be then asked the user for his credentials ?
<VirtualHost *>
ServerName ...
ServerAdmin ...
DocumentRoot "/srv/www/..."
ErrorLog /var/log/apache2/...-error.log
TransferLog /var/log/apache2/...-access.log
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
Options +FollowSymLinks
<Directory "/srv/www/...">
AllowOverride all
Options FollowSymLinks Indexes
</Directory>
</virtualhost>
Order deny,allow
Deny from all
Allow from 192.168.0.0/24
Allow from valid user
I think I misguided you, my apologies.
Actually, "Allow from valid user" should be
"Require valid user", plus the necessary Authentication
directives.

I have no idea how to except local users from the authentication
rules. Perhaps it is easier to require them to authenticate as
well. Making exceptions is a security risk.
--
Kees Nuyt
Jan Novak
2014-11-20 15:19:36 UTC
Permalink
Post by Kees Nuyt
I think I misguided you, my apologies.
Actually, "Allow from valid user" should be
"Require valid user", plus the necessary Authentication
directives.
I have no idea how to except local users from the authentication
rules. Perhaps it is easier to require them to authenticate as
well.
yes, but this is exactly, what i not want.
Post by Kees Nuyt
Making exceptions is a security risk.
Thats another topic ...

Jan

Loading...