I have (maybe silly) question regarding the apache2 webserver and security - I am trying to archieve this: Users connecting from 192.168.1.24 not to be prompted for password and allowed Others asked for username and password if correct then connect. I am trying to do this for the whole directory /var/www
No matter whether I put the code into .htaccess file or in httpd.conf it doesn't work for me.
Order deny,allow Deny from all AuthName "PassRequest" AuthType Basic AuthUserFile /var/.htpasswd Require valid-user Allow from 192.168.1.24 Satisfy Any
If I try to connect to the page I am allowed from both the allowed IP or any other, If I remove the satisfy any line then I am prompted for password, if I remove the password too and try to connect from different IP I am NOT REFUSED ... is there some module that needs to be activated or why is the IP directive skipped ?
It needs to be put in every folder or /var/www/.htaccess is enough ? can I just put it in httpd.conf instead or not ??
I spend last 4 hours trying to google up why it is acting like that, Any help will be highly appreciated :-))
EDIT 1.11.2012: added Allow Override, applied to directory and moved to httpd.conf, no success, checked loaded modules, problem still persists
I added the AllowOverride directive (although there currently was no .htaccess in /var/www) and put everything to httpd.conf with directory of root ...
Here is what I currently have in httpd.conf
<Directory />
AllowOverride None
Order deny,allow
Deny from All
Allow from 195.137.181.24
Options Indexes
AuthType Basic
AuthName "You are accessing outside of our network, Enter password!"
AuthUserFile /var/.htpasswd
Require valid-user
Satisfy Any
</Directory>
the list of loaded modules from apache2ctl -M:
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
mime_module (shared)
negotiation_module (shared)
perl_module (shared)
php5_module (shared)
python_module (shared)
reqtimeout_module (shared)
setenvif_module (shared)
status_module (shared)
Syntax OK
Authz_host module is there, so I don't see where else I could have done mistake. Still the problem is the same: when I access from IP 195.137.181.24 I am allowed and not asked for password, when I try to access from my cell phone through 3G with completely different IP I am still allowed and NOT PROMPTED for password :-(((
What am I doing wrong ? I have no more ideas what to try. Any more help or advices would be gratly appreciated. Mike
I added the AllowOverride directive (although there currently was no .htaccess in /var/www) and put everything to httpd.conf with directory of root ...
Here is what I currently have in httpd.conf
<Directory />
AllowOverride None
Order deny,allow
Deny from All
Allow from 195.137.181.24
Options Indexes
AuthType Basic
AuthName "You are accessing outside of our network, Enter password!"
AuthUserFile /var/.htpasswd
Require valid-user
Satisfy Any
</Directory>
the list of loaded modules from apache2ctl -M:
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
mime_module (shared)
negotiation_module (shared)
perl_module (shared)
php5_module (shared)
python_module (shared)
reqtimeout_module (shared)
setenvif_module (shared)
status_module (shared)
Syntax OK
Authz_host module is there, so I don't see where else I could have done mistake. Still the problem is the same: when I access from IP 195.137.181.24 I am allowed and not asked for password, when I try to access from my cell phone through 3G with completely different IP I am still allowed and NOT PROMPTED for password :-(((
Update 5.11.2012
I found it :-D
In apache2/sites-enabled was a hidden file overriding my directives on /var/www folder ... silly me not to think of it earlier :-)
