0

I want to restrict a staging server with basic auth, except for one special location, which should not have basic auth but be restricted to a client IP block.

My virtual host section looks like this:

DocumentRoot /var/www/vhosts/example/public
ServerName beta.example.com

<Directory /var/www/vhosts/example/public>
    Options FollowSymLinks -MultiViews
    AllowOverride all
    Order allow,deny
    Allow from all
</Directory>

<Location />
    AuthUserFile /var/www/.htpasswd
    AuthType Basic
    AuthName "Secret"
    Require valid-user
</Location>

<Location /payment/ipn>
    # How can I disable basic auth here?

    Order deny,allow
    Deny from all
    Allow from 216.113.191
</Location>

So, nobody should be able to access the site, unless they know the password. But the PayPal Sandbox (216.113.191.xxx) should be able to access http://beta.example.com/payment/ipn to send instant payment notifications.

I'm hosting Rails 3 via Passenger on Apache2.

Jan
  • 145
  • 1
  • 4

2 Answers2

2

Sounds like you want Satisfy.

Satisfy Any
Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
0

By default is set Satisfy All, then all authentication method should be true. Remember, subdirectory or sublocation inherits propertis from his master, and In your needs require should be any. If one requirement is done, other is not checked.

If you want more complicated behavior, you should use directives and . You can nest this directives creating complex cases. This all is described inside official apache docs, example is here: http://httpd.apache.org/docs/current/mod/mod_authz_core.html

Znik
  • 348
  • 1
  • 3
  • 12