My warehouse management is running on a selfmade XAMP-framework in my intranet.
I'd like to get access from outside as well by forwarding my router's port 80 to the main-server, but of course this is a serious security-hole.
Are there any easy means to configure my apache server in such a way that any request from outside the 192.168.#*$!.#*$!-IP-range will only be served after a login procedure, whereas my employees will get access without it?
If the better VPN router solution isn't feasible, see mod_access "Order Deny, Allow" and "Allow from <IP address range>", and the Apache core "Require" and "Satisfy Any" directives. Using these four pieces, it is possible to construct a situation where users from particular IP address ranges are allowed to access the site directly, while users outside those ranges must use HTTP Authentication/Authorization to log in.
There is a decent "app note" on authentication and authorization on the apache.org Web site.
Minutes after sending my post I found a relatively deep explanation under httpd.apache.org/docs/1.3/howto/auth.html
However, I did not really succeed, yet.
I think I successfully created a user file with htdigest. Access is also blocked from outside,whereas intranet works fine.
But if I try to add lines allowing a password-protected request from external IPs, something goes wrong. This is my syntax for the <directory>-options, which doeas not work (the apache server refuses to start at all):
<Directory "C:/pathto/htdocs"> AuthType Digest AuthName "myrealm" AuthDigestFile /bin/digest Require user root Order deny,allow Deny from all Allow from 192.168 </Directory>
What's wrong with this?
@coopster: I will think about the VPN-tunnel-idea but for the time being I'd just like to refine my understanding of the way apache works.