Welcome to WebmasterWorld Guest from 54.146.174.220

Forum Moderators: Ocean10000 & incrediBILL & phranque

password protection depending on client IP

free access from the intranet

   
1:46 pm on Dec 7, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My warehouse management is running on a selfmade XAMP-framework in my intranet.

I'd like to get access from outside as well by forwarding my router's port 80 to the main-server, but of course this is a serious security-hole.

Are there any easy means to configure my apache server in such a way that any request from outside the 192.168.#*$!.#*$!-IP-range will only be served after a login procedure, whereas my employees will get access without it?
2:06 pm on Dec 7, 2010 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Have you considered a router with a VPN tunnel instead? They are quite inexpensive and by far a much better solution.
2:44 pm on Dec 7, 2010 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If the better VPN router solution isn't feasible, see mod_access "Order Deny, Allow" and "Allow from <IP address range>", and the Apache core "Require" and "Satisfy Any" directives. Using these four pieces, it is possible to construct a situation where users from particular IP address ranges are allowed to access the site directly, while users outside those ranges must use HTTP Authentication/Authorization to log in.

There is a decent "app note" on authentication and authorization on the apache.org Web site.

Jim
11:37 am on Dec 8, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thx for your help guys, very much appreciated.

Minutes after sending my post I found a relatively deep explanation under httpd.apache.org/docs/1.3/howto/auth.html

However, I did not really succeed, yet.

I think I successfully created a user file with htdigest.
Access is also blocked from outside,whereas intranet works fine.

But if I try to add lines allowing a password-protected request from external IPs, something goes wrong.
This is my syntax for the <directory>-options, which doeas not work (the apache server refuses to start at all):

<Directory "C:/pathto/htdocs">
AuthType Digest
AuthName "myrealm"
AuthDigestFile /bin/digest
Require user root
Order deny,allow
Deny from all
Allow from 192.168
</Directory>

What's wrong with this?

@coopster: I will think about the VPN-tunnel-idea but for the time being I'd just like to refine my understanding of the way apache works.
1:51 pm on Dec 8, 2010 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You missed the "Satisfy" directive that I cited above. It's the key to allowing the IP address range to override the login requirement...

See the "Satisfy" directive in Apache core docs.

Jim
 

Featured Threads

Hot Threads This Week

Hot Threads This Month