Apache 2.4 authenticate anonymous users but allow others by IP
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd to create a user file at the location /usr/local/apache/passwd as indicated in the config.
apache-2.4 .htaccess flask
asked Jan 9 at 14:09
btongeorgebtongeorge
566
add a comment |
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd to create a user file at the location /usr/local/apache/passwd as indicated in the config.
apache-2.4 .htaccess flask
asked Jan 9 at 14:09
btongeorgebtongeorge
566
add a comment |
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd to create a user file at the location /usr/local/apache/passwd as indicated in the config.
apache-2.4 .htaccess flask
asked Jan 9 at 14:09
btongeorgebtongeorge
566
I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.
As things stand I have the following configuration:
<directory /var/www/flaskapp>
WSGIProcessGroup flaskapp
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
WSGIPassAuthorization On
Order deny,allow
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile "/usr/local/apache/passwd"
<RequireAll>
<RequireAny>
Require ip 1.1.1.1
</RequireAny>
Require valid-user
</RequireAll>
</directory>
This isn't working, and is instead prompting all users for authentication.
I should mention that I have used htpasswd to create a user file at the location /usr/local/apache/passwd as indicated in the config.
apache-2.4 .htaccess flask
apache-2.4 .htaccess flask
asked Jan 9 at 14:09
btongeorgebtongeorge
566
asked Jan 9 at 14:09
btongeorgebtongeorge
566
asked Jan 9 at 14:09
btongeorgebtongeorge
566
asked Jan 9 at 14:09
btongeorgebtongeorge
566
asked Jan 9 at 14:09
btongeorgebtongeorge
566
566
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You only need the RequireAny condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948262%2fapache-2-4-authenticate-anonymous-users-but-allow-others-by-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You only need the RequireAny condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
add a comment |
You only need the RequireAny condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
add a comment |
You only need the RequireAny condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
You only need the RequireAny condition:
<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.
<RequireAny>
Require ip 1.1.1.1
Require valid-user
</RequireAny>
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
answered Jan 9 at 14:38
Gerald SchneiderGerald Schneider
6,16312345
6,16312345
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
add a comment |
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
Oh yeah, I missed that..."Cleaner" solution.
– Lenniey
Jan 9 at 15:02
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
add a comment |
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
As you are running Apache 2.4 you can use expressions. In your case that would be:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
CIDR notation is supported, too. E.g.:
<If "%{REMOTE_ADDR} != '192.168.0.0/24'">
AuthType Basic
AuthName "Restricted area - authorised users only"
AuthUserFile usr/local/apache/passwd
require valid-user
</If>
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
answered Jan 9 at 14:29
LennieyLenniey
2,74421023
2,74421023
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f948262%2fapache-2-4-authenticate-anonymous-users-but-allow-others-by-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
