.htaccess - Allow IP range with authentication & bypass for one page

Asked Mar 27 '20 at 13:45

Active Mar 27 '20 at 14:05

Viewed 314 times

I'm struggling with a .htaccess file to accomplish the following:

I have a subdomain with our admin console in

Grant access to /pagecheck/ from any IP without authentication (health check script)
Block access to all other resources from any IP that is not on our list of approved IPs
Request HTTP authentication popup for any allowed IPs

I'm struggling to block access from "outside" IPs as I can't seem to get the reordering right.

This is the code that works for /pagecheck/ and authentication:

SetEnvIfNoCase Request_URI "^/pagecheck/" noauth

AuthName "Admin Area"
AuthType Basic
AuthUserFile /home/production/.htpasswd
require valid-user

Order Deny,Allow
Deny from all
Allow from env=noauth
Satisfy any
DirectoryIndex index.cgi
Options -Indexes

However, I'm struggling to get the logic in the right place to only allow access from our office IP address range. I think it is conflicting with the different Orders and the authentication.

Could anyone help? Thanks

edited Mar 27 '20 at 14:05

asked Mar 27 '20 at 13:45

Andrew

Add another `ALLOW` directive for your IP range, and switch `SATISFY` from `ANY` to `ALL`? – CBroe Mar 27 '20 at 14:12
(Or, the Apache 2.4+ way - https://stackoverflow.com/a/27209938/1427878) – CBroe Mar 27 '20 at 14:15

.htaccess - Allow IP range with authentication & bypass for one page

0 Answers0