1

In Ubuntu 11.04, I'm trying to Allow from IP without password prompt, and also allow from any address with password prompt. But it isn't working. Everyone from the Internet can access the page without the password. If I set simple password authentication (without conditions), it works.

Help!

Chetan Crasta
  • 11
  • 1
  • 2
  • Some more info: Since .htaccess files are deprecated I edited the /etc/apache2/apache2.conf file – Chetan Crasta Aug 01 '12 at 08:41
  • Post the relevant bits of your Apache config, please. – nickgrim Aug 01 '12 at 09:01
  • `` `Order deny,allow` `Deny from all` `AuthName "htaccess password prompt"` `AuthUserFile /var/www/.htpasswd` `AuthType Basic` `Require user xxxxx` `Allow from 1xx.xx.xx.120` `Satisfy Any` `` – Chetan Crasta Aug 01 '12 at 09:35
  • Sorry for the missing line breaks. I tried four-space indentation but it didn't work. – Chetan Crasta Aug 01 '12 at 09:42
  • what issues are you facing exactly? You state, ""If I set simple password authentication (without conditions), it works.". If it works -what are you trying to resolve? To do what you are looking for, you have to use htaccess and htpasswd files. – JM4 Aug 13 '12 at 20:39
  • I need password authentication *with* conditions. Users whose IP address is *not* a specific one need to enter a password. Follow the link in my original post. The technique described there doesn't work for me. – Chetan Crasta Aug 14 '12 at 08:16

1 Answers1

2

If you want to block requests completely from other IP's you can do:

<Directory /var/www/sub/payroll/>
Order deny,allow
deny from all
Allow from 192.168.1.1
</Directory>

It blocks requests from all IP's except the one you specified.

If you want to password promt using .htaccess try this link: http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/

Kao
  • 197
  • 1
  • 13
  • No I don't want to block requests from other IPs completely. They should have access after entering a password. I'd rather not use .htaccess files. – Chetan Crasta Aug 01 '12 at 08:43
  • I think you can put it in the apache2 configuration aswell, if you'd rather want that. – Kao Aug 01 '12 at 08:46
  • I tried it using .htaccess — still no luck. – Chetan Crasta Aug 01 '12 at 09:52
  • Are you getting any errors, or is it just not working? – Kao Aug 01 '12 at 10:19
  • It is not working — Internet users are supposed to get a password prompt. Instead they can view the page without entering the username/password. Form the allowed IP address, access is OK. – Chetan Crasta Aug 01 '12 at 10:37
  • The link only restricts access to an actual folder. If you need to password protect an URL, that has nothing to do with a folder, you're probably going to have to make it in the software layer ie. using PHP or ASP – Kao Aug 01 '12 at 10:56
  • I want to restrict access to all files in the folder. BTW, Apache can also protect a single file with this syntax Require valid-user If I don't find a solution to this I'm going to use PHP. But it is a pain to do this for each HTML file and for binary files. – Chetan Crasta Aug 01 '12 at 12:01
  • You could just include a simple php file that makes the check on all pages, or use a framework or page loader CMS, with a specific rule to request log in, if not from xxx.xxx.xxx.xxx IP. – Kao Aug 01 '12 at 12:08