User Tools

Site Tools

Trace: apache_auth
apache_auth

Apache Authentication

Apache 2.2.x and 2.4.x differ in their configuration for Basic authentication.

Apache 2.2.x

<Location /administrator/index.php>
	Order Deny,Allow
	Deny from all
	Allow from x.x.x.x x.x.x.x x.x.x.x/24 x.x.x.x/29

	AuthType Basic
	AuthName "Restricted Aria"
	AuthUserFile "/etc/htpasswd/.goldhillfinance.htpasswd"
	Require valid-user

	Satisfy All
</Location>

Directive Explanation
Order Deny, Allow The deny rules are applied first, THEN the Allow rules are applied.
Deny from all This denies EVEYONE access
Allow from This directive now allows certain IPs
Require valid-user This directive can be changes to a specific user name etc. But valid-user means it must match a user/password combination specified in the htpasswd
Satisfy All This means everything above has to be verified. It MUST have an allowed IP AND a correct user/password combination
“Satisfy any” would allow for a match of just 1 of the above security measures (IP or user/password)
apache_auth.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki