Apache 2.2.x and 2.4.x differ in their configuration for Basic authentication.
1 2 3 4 5 6 7 8 9 10 11 12 |
<Location /administrator/index.php> Order Deny,Allow Deny from all Allow from x.x.x.x x.x.x.x x.x.x.x/24 x.x.x.x/29 AuthType Basic AuthName "Restricted Aria" AuthUserFile "/etc/htpasswd/.goldhillfinance.htpasswd" Require valid-user Satisfy All</Location> |
| Directive | Explanation |
|---|---|
| Order Deny, Allow | The deny rules are applied first, THEN the Allow rules are applied. |
| Deny from all | This denies EVEYONE access |
| Allow from | This directive now allows certain IPs |
| Require valid-user | This directive can be changes to a specific user name etc. But valid-user means it must match a user/password combination specified in the htpasswd |
| Satisfy All | This means everything above has to be verified. It MUST have an allowed IP AND a correct user/password combination “Satisfy any” would allow for a match of just 1 of the above security measures (IP or user/password) |