I have asked this question on Apache mailing list but they tell me to ask it here: we know that we can allow some IPS with out authentication using Allow from IP: <Directory /var/www/html/template> Order allow,deny Allow from 192.168.1.5 Satisfy any AuthName "LDAP Authentication" AuthType Basic AuthBasicProvider ldap AuthzLDAPauthoritative off AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*) </Directory> But what if we use proxy (squid) in front, then the source IP will be the proxy IP, How can I make Apache to deal with the client IP not the proxy IP? or How to let squid to request the page using client IP?