homepage Welcome to WebmasterWorld Guest from 54.237.98.229
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
password protection depending on client IP
free access from the intranet
Oliver Henniges

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4239676 posted 1:46 pm on Dec 7, 2010 (gmt 0)

My warehouse management is running on a selfmade XAMP-framework in my intranet.

I'd like to get access from outside as well by forwarding my router's port 80 to the main-server, but of course this is a serious security-hole.

Are there any easy means to configure my apache server in such a way that any request from outside the 192.168.#*$!.#*$!-IP-range will only be served after a login procedure, whereas my employees will get access without it?

 

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4239676 posted 2:06 pm on Dec 7, 2010 (gmt 0)

Have you considered a router with a VPN tunnel instead? They are quite inexpensive and by far a much better solution.

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4239676 posted 2:44 pm on Dec 7, 2010 (gmt 0)

If the better VPN router solution isn't feasible, see mod_access "Order Deny, Allow" and "Allow from <IP address range>", and the Apache core "Require" and "Satisfy Any" directives. Using these four pieces, it is possible to construct a situation where users from particular IP address ranges are allowed to access the site directly, while users outside those ranges must use HTTP Authentication/Authorization to log in.

There is a decent "app note" on authentication and authorization on the apache.org Web site.

Jim

Oliver Henniges

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4239676 posted 11:37 am on Dec 8, 2010 (gmt 0)

Thx for your help guys, very much appreciated.

Minutes after sending my post I found a relatively deep explanation under httpd.apache.org/docs/1.3/howto/auth.html

However, I did not really succeed, yet.

I think I successfully created a user file with htdigest.
Access is also blocked from outside,whereas intranet works fine.

But if I try to add lines allowing a password-protected request from external IPs, something goes wrong.
This is my syntax for the <directory>-options, which doeas not work (the apache server refuses to start at all):

<Directory "C:/pathto/htdocs">
AuthType Digest
AuthName "myrealm"
AuthDigestFile /bin/digest
Require user root
Order deny,allow
Deny from all
Allow from 192.168
</Directory>

What's wrong with this?

@coopster: I will think about the VPN-tunnel-idea but for the time being I'd just like to refine my understanding of the way apache works.

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4239676 posted 1:51 pm on Dec 8, 2010 (gmt 0)

You missed the "Satisfy" directive that I cited above. It's the key to allowing the IP address range to override the login requirement...

See the "Satisfy" directive in Apache core docs.

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved