Apache 2.4 authenticate anonymous users but allow others by IP
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd
to create a user file at the location /usr/local/apache/passwd
as indicated in the config.
apache-2.4 .htaccess flask
add a comment |
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd
to create a user file at the location /usr/local/apache/passwd
as indicated in the config.
apache-2.4 .htaccess flask
add a comment |
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd
to create a user file at the location /usr/local/apache/passwd
as indicated in the config.
apache-2.4 .htaccess flask
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd
to create a user file at the location /usr/local/apache/passwd
as indicated in the config.
apache-2.4 .htaccess flask
apache-2.4 .htaccess flask
asked 2 days ago
btongeorgebtongeorge
516
516
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You only need the RequireAny
condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948262%2fapache-2-4-authenticate-anonymous-users-but-allow-others-by-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You only need the RequireAny
condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
add a comment |
You only need the RequireAny
condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
add a comment |
You only need the RequireAny
condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
You only need the RequireAny
condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered 2 days ago
Gerald SchneiderGerald Schneider
6,01412345
6,01412345
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
add a comment |
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
2 days ago
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered 2 days ago
LennieyLenniey
2,50121022
2,50121022
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948262%2fapache-2-4-authenticate-anonymous-users-but-allow-others-by-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown