Apache authentication from WAN only

O

oobayly

I'm setting up a (basic) intranet site on our Apache webserver (v.2.2.14), what I'd like to have is certain pages accessible from the LAN, but requests from the WAN need to be authenticated.

I've got directories that are restricted to the LAN by using the Allow directive, and I've got directories that require authentication from all locations, but can't seem to work out how to combine them.

Is this actually possible?

Many thanks,
John
 
Is that the only way it can be done? If the virtual host declaration is in way complicated, it requires a great deal of duplication. If for example, there are only one or two locations that need to be authenticated when connecting from the WAN it would seem over the top to have two virtual hosts & have to edit both whenever a change is made.

Also, correct me if I'm wrong, but I'd need to have two different hostnames.
 
Run the sites on different IP addresses. Resolve the internal one to IP1, resolve the external one to IP2. Make use of include statements for the common bits. It's just a solution, it might not fit your needs ;)
 
Ok thanks, this may take a bit more planning than I'd first thought. Seeing as all external traffic is forwarded to this machine, I should be able to run the sites on a single IP, but on different ports. There may also be some heavy use of includes too!
 
oobayly said:
I've got directories that are restricted to the LAN by using the Allow directive, and I've got directories that require authentication from all locations, but can't seem to work out how to combine them.
Click to expand...

You can also use something like:
Code: 
<Directory /var/www/foo>

  Order deny, allow
  Deny from all
  Allow from 10.0.50.

  AuthType Basic
  AuthName "My Foo"
  AuthUserFile /usr/local/etc/auth/myusers
  Require valid-user

  Satisfy Any

</Directory>

This should allow access if the client system is on 10.0.50/24, or if the client authenticates.
 
anomie said:
You can also use something like:
Code: 
<Directory /var/www/foo>

  Order deny, allow
  Deny from all
  Allow from 10.0.50.

  AuthType Basic
  AuthName "My Foo"
  AuthUserFile /usr/local/etc/auth/myusers
  Require valid-user

  Satisfy Any

</Directory>

This should allow access if the client system is on 10.0.50/24, or if the client authenticates.
Click to expand...

This is great!
 
You must log in or register to reply here.
Back
Top