homepage Welcome to WebmasterWorld Guest from 54.205.122.62
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Requiring authentication for external IP
chrisguk



 
Msg#: 4642170 posted 7:32 pm on Feb 3, 2014 (gmt 0)

Hi,

Is it possible to make a rule in .htaccess with the following conditions:

If the origin IP comes from internal network, pass to home page.

else

if the origin IP is not internal network then direct to login page.

Im unsure of the search term so any help would be great.

 

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4642170 posted 8:04 pm on Feb 3, 2014 (gmt 0)

Are you asking about your own internal network, such as an institutional site? Not any old internal network generically, right?

If the network has its own IP address that isn't used by anyone else, all you need is a {REMOTE_ADDR} condition. There are other approaches, but that's the simplest.

chrisguk



 
Msg#: 4642170 posted 8:21 pm on Feb 3, 2014 (gmt 0)

Yes you are correct. I have an intranet that users can view a "intranet" website. So what I am attempting to do is state if the request comes from anything other than the 10.0.0.0/8 network then use the .htpasswd file to request authentication or a login page whatever is easier.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4642170 posted 8:38 pm on Feb 3, 2014 (gmt 0)

if the origin IP is not internal network then direct to login page.


it depends on what you mean by a "login page".
if HTTP Basic authentication is sufficient, you could do something like this:
<RequireAny>
Require ip 10
Require valid-user
</RequireAny>

and also your AuthType and other required authentication directives.

if you need a login web page then you could use mod_rewrite to redirect the visitor to the login page.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4642170 posted 11:55 pm on Feb 3, 2014 (gmt 0)

<RequireAny>

:: detour to Apache docs ::

Oh, I see. In 2.2 "Require" is only a directive. In 2.4 it's also an envelope, with "RequireAll" and "RequireAny" options. And it's all shifted from core to a named mod. At this point it's probably safe to assume 2.2 though.

http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#logic

(de-linked to preserve fragment) Sometimes you have to wonder if they're intentionally trying to terrorize us.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved