Re: .htaccess mixed access based on client-ip/auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 7 Dec 2006, Joshua Slive wrote:

On 12/7/06, Ara.T.Howard <ara.t.howard@xxxxxxxx> wrote:

does this make sense? i'm sure that is based on a mis-understanding on my part about Order/Allow/Deny, but i'm sure what i'm trying to do should be possible
solely from this .htaccess file.

thoughts?

You should include an
Order Allow,Deny
Directive.

thanks.  this is what i've got now: seems to work

  SetEnvIfNoCase Client-Ip ^123\.456 INTRANET=123.456
  Order Deny,Allow
  Deny from all
  Allow from env=INTRANET
  Satisfy Any

  AuthType Digest
  AuthName "authname"
  AuthDigestFile htdigest.txt
  Require valid-user

make sense?


ps.  any thoughts on why 'Allow from x.x.x.x' uses REMOTE_ADDR and not
HTTP_CLIENT_IP?

Because HTTP_CLIENT_IP is completely non-standard and could be
trivially manipulated by the client in most circumstances?

hmmm.  in this case i'm behind a server iron, so i assume HTTP_CLIENT_IP is
actually set via the REMOTE_ADDR on __that__ machine.  but the point is well
taken.

still, i think even REMOTE_ADDR could be spoofed easily couldn't it?

There used to be a module out there that takes the more-standard
X-Forwarded-For and shoves it into the internal apache structure that
sets REMOTE_ADDR.  You could write a module to do the same with
Client-IP if you want.

hmmm.  unless someone see issues with above i'll avoid doing any work  ;-)  but
i'll file that away.


-a
--
if you want others to be happy, practice compassion.
if you want to be happy, practice compassion.  -- the dalai lama

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux