How to allow wildcard domains in apache

Question

I have configured apache authentication for one of my domain. I want that apache should not prompt for password for local ips and for *.myexternaldomain.com. Currently with the following configuration it is working fine for only myexternaldomain.com.

    Order deny,allow
    Deny from all
    AllowOverride All
    AuthType Basic
    AuthName "Webyog Gateway Authentication"
    AuthUserFile /etc/httpd/httpdpasswd
    Require user webyog
    Allow from myexternaldomain.com 192.168.1.0/24
    Satisfy Any

How can I allow wild card domains like *.myexternaldomain.com in the above configuration ?

Warm Regards

Supratik

Answer 1

Have a look at this link. This configuration should work! See the example below:

A (partial) domain-name
    Example:

    Allow from apache.org
    Allow from .net example.edu

    Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.apache.org but it will not match fooapache.org. 

Answer 2

This configuration already allows *.myexternaldomain.com, but as the apache docs say:

This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.

I guess, your reverse DNS Lookup for the subdomains of myexternaldomain.com is not working as expected.

Answer 3

You should write 2 Allow directives:

Allow from myexternaldomain.com 
Allow from 192.168.1.0/24

But, as heiko wrote, to use a domanin name is not a good practice.