0

I run an Apache server on my home system that I've made available over the internet as I'm not always at my home system.

Naturally I don't want all my home server files public, so until now I've simply had:

Order allow, deny
Deny from all
Allow from 127.0.0.1

in my core configuration and just Allow from all in the htaccess of any directories I wanted publicly viewable.

However I've decided a better system would be to centralise all the access control and just require authentication (HTTP basic) for requests not to 127.0.0.1/localhost.

Is this achievable with Apache/modules? If so how would I go about it?

Cheers.

3 Answers3

1

Set up another <VirtualHost> that uses auth instead.

Or just set up a SSH tunnel to the system and connect to that.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
1

The basic password authentication will do what you want. However, the authentication tokens pass in clear text on an http connection. You probably should require https for remote connections. This is also available.

Using an ssh tunnel will also do what you want.

You may find that port 80 is blocked if you are outside your ISPs network.

I generally configure access without a password from the LAN and add security as required outside the LAN.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • Your last point sounds more like what I'm looking for, how have you implemented this? –  May 22 '10 at 14:00
  • The follow lines will do it. I only allow logins on https sessions. Allow from 192.168. /* lan address */ Require valid-user /* Otherwise if logged in */ AuthType Basic /* Enable authorization */ AuthName "My Login Window" /* Name for login */ AuthUserFile /etc/apsche2/userfile /* user database */ – BillThor May 25 '10 at 22:03
  • I have added Order deny,allow Allow from 127.0.0.1 Require valid-user AuthType Basic AuthName "The Name" AuthUserFile "/the_user_file" To my root htdocs folder, but I still need to login when visiting from my local machine, which is what I was hoping to avoid. – Minty Oct 06 '10 at 21:35
  • By the way, this is 'connec' on my new account :) – Minty Oct 06 '10 at 21:36
  • Can't seem to mark answers unfortunately, but SatisfyAny is what I needed! Thanks! – Minty Nov 20 '10 at 04:44
0

I think what you're looking for is Satisfy Any. With this, you should be able to provide both username/password auth + IP-based auth, then have it allow either mode instead of requiring both.

Ezekiel Victor
  • 171
  • 7