homepage Welcome to WebmasterWorld Guest from 54.166.228.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Requiring authentication for external IP
chrisguk




msg:4642172
 7:32 pm on Feb 3, 2014 (gmt 0)

Hi,

Is it possible to make a rule in .htaccess with the following conditions:

If the origin IP comes from internal network, pass to home page.

else

if the origin IP is not internal network then direct to login page.

Im unsure of the search term so any help would be great.

 

lucy24




msg:4642177
 8:04 pm on Feb 3, 2014 (gmt 0)

Are you asking about your own internal network, such as an institutional site? Not any old internal network generically, right?

If the network has its own IP address that isn't used by anyone else, all you need is a {REMOTE_ADDR} condition. There are other approaches, but that's the simplest.

chrisguk




msg:4642181
 8:21 pm on Feb 3, 2014 (gmt 0)

Yes you are correct. I have an intranet that users can view a "intranet" website. So what I am attempting to do is state if the request comes from anything other than the 10.0.0.0/8 network then use the .htpasswd file to request authentication or a login page whatever is easier.

phranque




msg:4642190
 8:38 pm on Feb 3, 2014 (gmt 0)

if the origin IP is not internal network then direct to login page.


it depends on what you mean by a "login page".
if HTTP Basic authentication is sufficient, you could do something like this:
<RequireAny>
Require ip 10
Require valid-user
</RequireAny>

and also your AuthType and other required authentication directives.

if you need a login web page then you could use mod_rewrite to redirect the visitor to the login page.

lucy24




msg:4642222
 11:55 pm on Feb 3, 2014 (gmt 0)

<RequireAny>

:: detour to Apache docs ::

Oh, I see. In 2.2 "Require" is only a directive. In 2.4 it's also an envelope, with "RequireAll" and "RequireAny" options. And it's all shifted from core to a named mod. At this point it's probably safe to assume 2.2 though.

http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#logic

(de-linked to preserve fragment) Sometimes you have to wonder if they're intentionally trying to terrorize us.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved