1

CONTEXT

I am running an Apache/2.4.38 (Debian) Server. Here are my

/var/www/html/.htaccess

AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user

and my /etc/apache2/apache2.conf

<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory>

When using this, users have to enter a login and password to access the website. All fine !

And when I use AllowOverride None, nobody has to enter anything.

<Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>

QUESTION

How can I allow access from a certain IP (or domain name) such that users do not have to enter login/pass ? Ideally, I would like to allow access from a certain domain (https://mxtoolbox.com/SuperTool.aspx?action=a%3abiosoft-ipcms.fr&run=toolpage) only.

Improve this question

1 Answer 1

Reset to default
1

Instead of splitting your configuration between the server config and a .htaccess file, it would be easier to maintain and faster to execute if you kept it all in the server config. Then you could put the following in your server config:

<Directory /var/www> Require all granted </Directory> <Directory /var/www/html> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd <RequireAny> Require valid-user Require ip ... </RequireAny> </Directory>

where you would insert the IP address of the source host you want to allow. If you want to allow requests from just a certain referrer URL, you could also add something like

Require expr "%{HTTP_REFERER} == ..."

But realize that the requestor can set the Referer header to any value they want, so this is insecure.

See the docs for Require, RequireAny, and Expressions.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.