3

I want to restrict the access to my Apache HTTPD using basic auth for all files except those in a certain directory.

The following works fine for setting up basic auth for the whole server:

<Directory /> AuthType Basic AuthName "Private" AuthUserFile /usr/local/apache/passwd/passwords </Directory>

However, I also want to restrict the directory /foo to a single host, regardless of the basic auth:

<Directory /foo> Order Deny,Allow Deny from all Allow from my-host.com </Directory>

Both settings work fine on their own, but I cannot get them to work in combination:

  • By default (or if I use Satisfy all in the /foo clause) users need to come from the right host and have valid credentials to access /foo
  • If I use Satisfy any in the /foo clause then users can have either valid credentials or come from the right host

However, I want only people from my-host.com to have access to /foo without basic auth. Connections from other hosts should not be allowed even with correct credentials. In fact, those connections shouldn't even be prompted for basic auth credentials.

What am I missing?

Improve this question
0

1 Answer 1

Reset to default
1

Can you try it with an empty passwd file for /foo

<Directory /foo> Order Deny,Allow Deny from all Allow from my-host.com AuthType Basic AuthName "my-host only" AuthUserFile /usr/local/apache/passwd/empty Satisfy any </Directory>
Improve this answer
1
  • Thanks for the tip. However, I chose basic auth just as an example. In the real application we're currently using LDAP authentication. Nevertheless I'd like to solve this problem in general, i.e. regardless of the authentication method that is used. Commented May 31, 2012 at 6:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.