Hi,
Configuration question.
Apache version 2.4.23
What I am trying to do is have users authenticate but only allow access
to that authentication method from known IP ranges. To this effect I
have a config file that sets:
<Directory "some_path>
Options +Indexes +FollowSymLinks
IndexOptions +NameWidth=*
PerlAuthenHandler THE::PERL::MODULE
AuthName MODULE
AuthType Basic
Require valid-user
Require expr %{REQUEST_URI} =~ m#^/SOME_EXCEPTION/.*#
Require ip A_VERY_LONG_LIST_OF_IP_RANGES
Require ip ANOTHER_VERY_LONG_LIST_OF_IP_RANGES
</Directory>
The observed behavior is what could be described as "or" behavior.
Meaning even traffic from outside the specified IP ranges is allowed to
hit the auth handler, i.e. the user gets a username/password request
when accessing a path that is not in the "SOME_EXCEPTION" path.
What I am trying to achieve is that Apache blocks any access if the
traffic originates from outside the specified IP ranges.
Is there a potential that I am hitting some limit of the number of IP
ranges specified and thus the whole mechanism of limiting by IP is ignored?
Am I simply mis-interpreting the documentation and I need to structure
the restrictions differently?
Is there some "and" directive to tie the requires together in an "and"
fashion to ensure all "Require" directives are considered?
Should the ip address restriction move to a different config file? At
present this is included for a given path, but the server really only
serves this specific path and thus traffic could be declined on a more
general level.
Help is much appreciated.
Thanks,
Robert
--
Robert Schweikert MAY THE SOURCE BE WITH YOU
Distinguished Architect LINUX
Team Lead Public Cloud
rjschwei@xxxxxxxx
IRC: robjo
Attachment:
signature.asc
Description: OpenPGP digital signature
|