Hi William,
Thanks for your help on this one. From what you and Elaine have
written and from what I've read, this really ought to work but I'm still
stuck with the all or nothing problem.
If I modify my file as you suggest, anyone can get access without being
prompted for a password, not just the IP I specify; if I comment out the
'satisfy any' line, I'm back to passwords for all.
As we agree that the approach is valid, can anyone think of any other
commands, directives etc somewhere else that might be having an effect
on this?
Many thanks,
Michael.
-----Original Message-----
From: paredes [mailto:paredes@xxxxxxxxxxxx]
Sent: 19 July 2006 23:52
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] mod_auth_mysql
Greetings Michael!
What should work is the following:
<Directory /var/www/localhost/htdocs>
deny from all
allow from 10.0.0.72
AuthName "MailSource UK Intranet Zone, authentication required"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLEnable on
AuthMySQLUser xxxxxxx
AuthMySQLPassword xxxxxxx
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group
Require group user admin
satisfy any
</directory>
William Paredes
Computer Based education
Albert Einstein College of Medicine
Bronx, New York USA
Michael Luff wrote:
>
> Hi Elaine,
>
> Many thanks for the help, I've now got:
>
> <Directory /var/www/localhost/htdocs>
>
> AuthName "MailSource UK Intranet Zone, authentication required"
>
> AuthType Basic
>
> AuthMySQLHost localhost
>
> AuthMySQLEnable on
>
> AuthMySQLUser xxxxxxx
>
> AuthMySQLPassword xxxxxxx
>
> AuthMySQLDB auth
>
> AuthMySQLUserTable users
>
> AuthMySQLNameField user_name
>
> AuthMySQLPasswordField user_passwd
>
> AuthMySQLGroupTable groups
>
> AuthMySQLGroupField user_group
>
> # This next line controls which group(s) can access the resource
>
> AllowOverride none
>
> Require group user admin
>
> Order allow,deny
>
> Allow from 10.0.0.72
>
> Satisfy Any
>
> </Directory>
>
> But now anyone can access it, not just the IUP address I've specified!
> I can't seem to get around this all or nothing problem.
>
> Can you see anything I've done wrong?
>
> Regards,
>
> Michael.
>
> *From:* elaine [mailto:elaine@xxxxxxxxxxxxxxxx]
> *Sent:* 19 July 2006 13:49
> *To:* users@xxxxxxxxxxxxxxxx
> *Subject:* Re: [users@httpd] mod_auth_mysql
>
> Michael,
>
> Try to use the "allow" and "satisfy" directives.
> This is an example, that we use to protect our intranet access :
> (Note that the IP's and server name were modified, and we use the deny
> directive
> to refuse connections from reception kiosk.)
>
> <Limit GET PUT POST>
>
> # Allow access only to authenticated users from MySQL
> # or users that are in the intranet
> # (except IP xx.xx.xx.xx : reception kiosk)
>
> require valid-user
> Order allow,deny
> Deny from xxx.xxx.xx.x
>
> # Allow access from our internal network without
> # username and password
>
> Allow from example.com
>
> Satisfy any
> </Limit>
>
>
> You can read more details about Satisfy directive :
>
> http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
>
> Regards,
> Elaine
>
> Michael Luff wrote:
>
> Hi All,
>
> I've got mod_auth_mysql working nicely but I would like the users on
> my internal network not to have to enter a username and password, just
> people accessing from outside.
>
> I've tried various solutions using Order deny,allow; allow from and so
> forth but with no luck, I end up with everyone being prompted or
no-one.
>
> Here's my unmodified <Directory> command from my httpd.conf that
> requires everyone to supply a password, can anyone suggest how I can
> modify it to allow access from 10.0.0?
>
> <Directory /var/www/localhost/htdocs>
>
> AuthName "authentication required"
>
> AuthType Basic
>
> AuthMySQLHost localhost
>
> AuthMySQLEnable on
>
> AuthMySQLUser xxxxxx
>
> AuthMySQLPassword xxxxxxx
>
> AuthMySQLDB auth
>
> AuthMySQLUserTable users
>
> AuthMySQLNameField user_name
>
> AuthMySQLPasswordField user_passwd
>
> AuthMySQLGroupTable groups
>
> AuthMySQLGroupField user_group
>
> # This next line controls which group(s) can access the resource
>
> require group user admin
>
> </Directory>
>
> Regards,
>
> *Michael Luff** *MSc B.Eng (Hons) MIET*
> **Facilities & Systems Manager *
>
> T: +44 (0)20 8614 7604
> F: +44 (0)20 8614 7601
> M: +44 (0)7976 404956
> E: Michael.luff@xxxxxxxxxxxxxxxx
<mailto:Michael.luff@xxxxxxxxxxxxxxxx>
>
> *MailSource UK Limited *
>
> - Europe's leading specialist in integrated document delivery
solutions
>
> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>
> Northumberland House
>
> 15 Petersham Road
>
> Richmond-upon-Thames
>
> Surrey TW10 6TP
>
> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>
> *MailSource UK Limited *
>
> - Europe's leading specialist in integrated document delivery
solutions
>
> - Holders of the RoSPA Health & Safety Gold Medal 2006/2007
>
> Northumberland House
>
> 15 Petersham Road
>
> Richmond-upon-Thames
>
> Surrey TW10 6TP
>
> *www.mailsource.co.uk <http://www.mailsource.co.uk/>*
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
MailSource UK Limited
- Europe's leading specialist in integrated document delivery solutions
- Holders of the RoSPA Health & Safety Gold Medal 2006/2007
Northumberland House
15 Petersham Road
Richmond-upon-Thames
Surrey TW10 6TP
www.mailsource.co.uk
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|