Can't get apache access directives working properly

**(-NINJ4-)** · November 25th, 2009

Previously I had been requiring a password from every user, but now I would rather just allow all connections from the local network, and a password from anyone attempting to connect from outside. This is what I put in my httpd.conf:

Code:

<Directory /var/www>
        AuthName ""
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Allow from 10.1.1
        Satisfy Any
</Directory>

This configuration, for whatever reason, is allowing all connections even remotely with no login requirement. This is definitely caused by the "Allow from" and Satisfy lines, as my former httpd.conf works perfectly for requiring passwords from everyone:

Code:

<Directory /var/www>
        AuthName ""
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>

I thought it might be because the webserver is behind a NAT with port forwarding, but the access logs show that the server is receiving the IP address information from the outside world properly. How can I fix this so that only computers on the local network can access the server without needing to log in?

Thanks in advance!

**spikyjt** · November 26th, 2009

I would try adding

Code:

Order deny,allow
Deny all

Above your Allow directive. That should do the trick.

**(-NINJ4-)** · November 26th, 2009

Assuming that you meant "deny from all" (as deny all gave a failure to restart), I was still able to access the server from outside the network without logging in. Thanks for the advice though.

**HighCommander540** · December 1st, 2009

I'm not sure if this will help, but don't you need the Allow from to look like this to work for all your local network:

Allow from 10.1.1.*

**(-NINJ4-)** · December 1st, 2009

Originally Posted by HighCommander540

I'm not sure if this will help, but don't you need the Allow from to look like this to work for all your local network:

Allow from 10.1.1.*

Thanks for the advice, but this gives me the same result as before, any IP address can access the site with no login info. :\

Interestingly, I get this same result even if I take the latter httpd.conf (the one that require passwords and has no other options for authorization) and add "Satisfy Any". This happens even after I add these two lines:

Code:

        Order Allow,Deny
        Deny from all

Even if I alter the httpd.conf to ONLY accept connections from my local network, I can still access it from outside. What is going on here?

Right now my httpd.conf is as follows:

Code:

<Directory /var/www>
        AuthName "home control"
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Order Allow,Deny
        Deny from all
#       Satisfy Any
#       Allow from 10.1.1
</Directory>

If I uncomment both, or even just the Satisfy Any line, the password protection evaporates and anyone can access the site. This happens both with the second line reading 10.1.1 and 10.1.1.*.
Thanks again if anyone can help.

**HighCommander540** · December 2nd, 2009

*edit* So I think I figured out how to fix it. I was having the same problem as you were. For something similar. Please, post your entire configuration. And I might be able to help.

Also, for he OP when you actually manage to make this work. You will need the * (wildcard). Otherwise it won't work properly.

**(-NINJ4-)** · December 2nd, 2009

Originally Posted by HighCommander540

Also, for he OP when you actually manage to make this work. You will need the * (wildcard). Otherwise it won't work properly.

I was doing some searches on the Apache documentation and found this: http://httpd.apache.org/docs/2.2/mod...ost.html#allow
I'll continue to try it with the * as a wildcard, but that page seems to indicate that is not how it is done, unless it is out of date or something?

**(-NINJ4-)** · December 2nd, 2009

Originally Posted by HighCommander540

*edit* So I think I figured out how to fix it. I was having the same problem as you were. For something similar. Please, post your entire configuration. And I might be able to help.

Sorry for the double post, here's my entire config file httpd.conf as I am using it currently, without any IP stipulations:

Code:

<Directory /var/www>
        AuthName "home control"
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>

Here's the httpd.conf I am trying to get to work:

Code:

<Directory /var/www>
        AuthName "home control"
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Allow from 10.1.1
        Satisfy Any
        Order Allow,Deny
</Directory>

**HighCommander540** · December 2nd, 2009

Ok, so that is your entire config?

You don't have an entry like this?:

Code:

<Directory />
       Options FollowSymLinks Multiviews
       AllowOverride None
</Directory>

**(-NINJ4-)** · December 2nd, 2009

I have no such section in my httpd.conf file, no.

Thread: Can't get apache access directives working properly

Thread Tools

Display

Can't get apache access directives working properly

Re: Can't get apache ess directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Re: Can't get apache access directives working properly

Bookmarks

Bookmarks

Posting Permissions