RE: [users@httpd] mod_auth_mysql (Apache Users)

Hi Elaine,

Many thanks for the help, I’ve now got:

AuthName "MailSource UK Intranet Zone, authentication required"

AuthType Basic

AuthMySQLHost localhost

AuthMySQLEnable on

AuthMySQLUser xxxxxxx

AuthMySQLPassword xxxxxxx

AuthMySQLDB auth

AuthMySQLUserTable users

AuthMySQLNameField user_name

AuthMySQLPasswordField user_passwd

AuthMySQLGroupTable groups

AuthMySQLGroupField user_group

# This next line controls which group(s) can access the resource

AllowOverride none

Require group user admin

Order allow,deny

Allow from 10.0.0.72

Satisfy Any

</Directory>

But now anyone can access it, not just the IUP address I’ve specified! I can’t seem to get around this all or nothing problem.

Can you see anything I’ve done wrong?

Regards,

Michael.

From: elaine [mailto:elaine@xxxxxxxxxxxxxxxx]
Sent: 19 July 2006 13:49
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] mod_auth_mysql

Michael,

Try to use the "allow" and "satisfy" directives.
This is an example, that we use to protect our intranet access :
(Note that the IP's and server name were modified, and we use the deny directive
to refuse connections from reception kiosk.)

<Limit GET PUT POST>

           # Allow access only to authenticated users from MySQL
           # or users that are in the intranet
           # (except IP xx.xx.xx.xx : reception kiosk)

           require valid-user
           Order allow,deny
           Deny from xxx.xxx.xx.x

           # Allow access from our internal network without
           # username and password

           Allow from example.com

           Satisfy any
        </Limit>

You can read more details about Satisfy directive :

http://httpd.apache.org/docs/2.2/mod/core.html#satisfy

Regards,
Elaine

Michael Luff wrote:

Hi All,

I’ve got mod_auth_mysql working nicely but I would like the users on my internal network not to have to enter a username and password, just people accessing from outside.

I’ve tried various solutions using Order deny,allow; allow from and so forth but with no luck, I end up with everyone being prompted or no-one.

Here’s my unmodified <Directory> command from my httpd.conf that requires everyone to supply a password, can anyone suggest how I can modify it to allow access from 10.0.0?

AuthName "authentication required"

AuthType Basic

AuthMySQLHost localhost

AuthMySQLEnable on

AuthMySQLUser xxxxxx

AuthMySQLPassword xxxxxxx

AuthMySQLDB auth

AuthMySQLUserTable users

AuthMySQLNameField user_name

AuthMySQLPasswordField user_passwd

AuthMySQLGroupTable groups

AuthMySQLGroupField user_group

# This next line controls which group(s) can access the resource

require group user admin

</Directory>

Regards,

Michael Luff MSc B.Eng (Hons) MIET
Facilities & Systems Manager

T:      +44 (0)20 8614 7604
F:      +44 (0)20 8614 7601
M:     +44 (0)7976 404956
E:      Michael.luff@xxxxxxxxxxxxxxxx

MailSource UK Limited

- Europe's leading specialist in integrated document delivery solutions

- Holders of the RoSPA Health & Safety Gold Medal 2006/2007

Northumberland House

15 Petersham Road

Richmond-upon-Thames

Surrey TW10 6TP

www.mailsource.co.uk