On Thu, 7 Dec 2006, Joshua Slive wrote:
On 12/7/06, Ara.T.Howard <ara.t.howard@xxxxxxxx> wrote:does this make sense? i'm sure that is based on a mis-understanding on my part about Order/Allow/Deny, but i'm sure what i'm trying to do should be possiblesolely from this .htaccess file. thoughts?You should include an Order Allow,Deny Directive.
thanks. this is what i've got now: seems to work SetEnvIfNoCase Client-Ip ^123\.456 INTRANET=123.456 Order Deny,Allow Deny from all Allow from env=INTRANET Satisfy Any AuthType Digest AuthName "authname" AuthDigestFile htdigest.txt Require valid-user make sense?
ps. any thoughts on why 'Allow from x.x.x.x' uses REMOTE_ADDR and not HTTP_CLIENT_IP?Because HTTP_CLIENT_IP is completely non-standard and could be trivially manipulated by the client in most circumstances?
hmmm. in this case i'm behind a server iron, so i assume HTTP_CLIENT_IP is actually set via the REMOTE_ADDR on __that__ machine. but the point is well taken. still, i think even REMOTE_ADDR could be spoofed easily couldn't it?
There used to be a module out there that takes the more-standard X-Forwarded-For and shoves it into the internal apache structure that sets REMOTE_ADDR. You could write a module to do the same with Client-IP if you want.
hmmm. unless someone see issues with above i'll avoid doing any work ;-) but i'll file that away. -a -- if you want others to be happy, practice compassion. if you want to be happy, practice compassion. -- the dalai lama --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|