edmundli
asked on
Apache access control .htaccess
Five web pages have been set a access control by using .htacess (they are in different directory). Is there any way to let someone e.g helpdesk, administrator to access this five pages (They do not need to login)
.htaccess file for each page
AuthUserFile /usr/local/apache/bin/xxx1 (From xxx1 to xxx5)
AuthName "User name:xx1" (From xxx1 to xxx5)
AuthType Basic
require valid-user
.htaccess file for each page
AuthUserFile /usr/local/apache/bin/xxx1
AuthName "User name:xx1" (From xxx1 to xxx5)
AuthType Basic
require valid-user
ASKER
How can we do this by uing Virtual server ?
Can you use allow ip to pass through instead of user name ?
Can you use allow ip to pass through instead of user name ?
I use Apache and all of my web servers are implemented as Named Virtual hosts, so my example will be done with Virtual Hosts. For the example I'll assume that I've got, say, two workstations that need to be able to get to the data without needing to log in (192.168.1.1 & 192.168.1.2). The ordinary server instance that everyone is allowed to access (and is protected by .htaccess files) gets defined like so:
<VirtualHost 192.168.0.3:80>
ServerName protected.domain.net
ServerAdmin admin@domain.net
DocumentRoot "/opt/Apache/htdocs/atd"
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/opt/Apache/htdocs/atd/ot r">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
To let the specific administrative workstations access the data without needing to use a password I create another server instance that points to the same htdocs area, but is restricted to just those IP's, like so:
<VirtualHost 192.168.0.3:80>
ServerName admin-only.domain.net
ServerAdmin admin@domain.net
DocumentRoot "/opt/Apache/htdocs/atd"
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny, allow
Deny from all
Allow from 192.168.1.1 192.168.1.2
</Directory>
<Directory "/opt/Apache/htdocs/atd/ot r">
Options Indexes FollowSymLinks
AllowOverride None
Order deny, allow
Deny from all
Allow from 192.168.1.1 192.168.1.2
</Directory>
Only those two IP are allowed to access that server instance. It simply won't talk to anybody else. Because I don't invoke the AuthConf directive, the server won't use the .htaccess files.
Using Named Virtual hosts I don't have to multi-home the server, which conserves IP address space and is simpler. I do have to add a CNAME record to the DNS for the second server (the first can be the hostname of the system or it can be a CNAME record also). If you read the Apache docs you'll notice that just about anything you can do in a real server you can also do in a Virtual Host.
Hope this helps...
<VirtualHost 192.168.0.3:80>
ServerName protected.domain.net
ServerAdmin admin@domain.net
DocumentRoot "/opt/Apache/htdocs/atd"
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/opt/Apache/htdocs/atd/ot
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
To let the specific administrative workstations access the data without needing to use a password I create another server instance that points to the same htdocs area, but is restricted to just those IP's, like so:
<VirtualHost 192.168.0.3:80>
ServerName admin-only.domain.net
ServerAdmin admin@domain.net
DocumentRoot "/opt/Apache/htdocs/atd"
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny, allow
Deny from all
Allow from 192.168.1.1 192.168.1.2
</Directory>
<Directory "/opt/Apache/htdocs/atd/ot
Options Indexes FollowSymLinks
AllowOverride None
Order deny, allow
Deny from all
Allow from 192.168.1.1 192.168.1.2
</Directory>
Only those two IP are allowed to access that server instance. It simply won't talk to anybody else. Because I don't invoke the AuthConf directive, the server won't use the .htaccess files.
Using Named Virtual hosts I don't have to multi-home the server, which conserves IP address space and is simpler. I do have to add a CNAME record to the DNS for the second server (the first can be the hostname of the system or it can be a CNAME record also). If you read the Apache docs you'll notice that just about anything you can do in a real server you can also do in a Virtual Host.
Hope this helps...
on your .htaccess file, try to use the "Satisfy Any" directive
deny from all
allow from .yourdomain.com
AuthType Basic
AuthUserFile /usr/local/apache/conf/htp asswd.user s
AuthName "special directory"
require valid-user
satisfy any
deny from all
allow from .yourdomain.com
AuthType Basic
AuthUserFile /usr/local/apache/conf/htp
AuthName "special directory"
require valid-user
satisfy any
ASKER
Dear Jlevie,
I have tried your method, however it has this error
[Tue Mar 28 11:37:26 2000] [warn] VirtualHost 202.65.1.140:80 overlaps with Virt
ualHost 202.65.1.140:80, the first has precedence, perhaps you need a NameVirtua
lHost directive
My virtual conf is
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName netadmin.net.alcatel.com.h k
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
I have tried your method, however it has this error
[Tue Mar 28 11:37:26 2000] [warn] VirtualHost 202.65.1.140:80 overlaps with Virt
ualHost 202.65.1.140:80, the first has precedence, perhaps you need a NameVirtua
lHost directive
My virtual conf is
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName netadmin.net.alcatel.com.h
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
It's telling you what the problem is in the warning.
I just showed the virtual hosts definitions. you must have a "NameVirtualHost 202.65.1.140" directive in the config file to tell Apache that you aren't using IP aliases. This whole subject is covered in the Apache docs which you ought to already have, but they are also on line at http://www.apache.org/docs/ (see the section on Virtual Hosts).
I just showed the virtual hosts definitions. you must have a "NameVirtualHost 202.65.1.140" directive in the config file to tell Apache that you aren't using IP aliases. This whole subject is covered in the Apache docs which you ought to already have, but they are also on line at http://www.apache.org/docs/ (see the section on Virtual Hosts).
ASKER
Hi Jlevie,
There is no error now, but it still ask me to login
When I link to addtional directory.
Remark: I have 5 directory under
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/syndey
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/Austral ia
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/Hongkon g
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/china
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/japan
All of this directories have .htaccess
Is there any thing wrong
My lates files
NameVirtualHost 202.65.1.140
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName netadmin.net.alcatel.com.h k
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
There is no error now, but it still ask me to login
When I link to addtional directory.
Remark: I have 5 directory under
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
All of this directories have .htaccess
Is there any thing wrong
My lates files
NameVirtualHost 202.65.1.140
<VirtualHost 202.65.1.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName netadmin.net.alcatel.com.h
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
Are you saying that http://netadmin.net.alcatel.com.hk allows you in okay, but a followed link to some other area of the htdocs tree requires a password? What does the link look like? Is the link of the form HREF="http://neth17.net.alcatel.com.hk/some-html-file"? For something like this to work, all links within the htdocs tree must be relative to the htdocs root (e.g. HREF="some-html" or HREF="subdir/some-html")
ASKER
Yes, I can get to http://netadmin.net.alcatel.com.hk.
There are five links to five areas in this webpage. When I click one of the e.g. japan, then it will show the auth windows.
This is the same as the http://neth17.net.alcatel.com.hk
The Root directory is
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
Index.html is located there and
All the web pages info were location
in
usr/local/mrtg/mrtg-2.8.12 /stats/mrt g/syndey
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/Austral ia
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/Hongkon g
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/china
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/japan
So when I click link e.g. japan
It point to
http://neth17.net.alcatel.com.hk/japan/japan.html e.g
e.g. hongkong link
it will point
http://neth17.net.alcatel.com.hk/hongkong/hongkong.html
(Remark: In this five directories under mrtg/ .... have five .htaccess which have set own password for users.
Thank You very very much
There are five links to five areas in this webpage. When I click one of the e.g. japan, then it will show the auth windows.
This is the same as the http://neth17.net.alcatel.com.hk
The Root directory is
/usr/local/mrtg/mrtg-2.8.1
Index.html is located there and
All the web pages info were location
in
usr/local/mrtg/mrtg-2.8.12
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
/usr/local/mrtg/mrtg-2.8.1
So when I click link e.g. japan
It point to
http://neth17.net.alcatel.com.hk/japan/japan.html e.g
e.g. hongkong link
it will point
http://neth17.net.alcatel.com.hk/hongkong/hongkong.html
(Remark: In this five directories under mrtg/ .... have five .htaccess which have set own password for users.
Thank You very very much
ASKER
Adjusted points from 40 to 70
That's the problem. By using the server name in the link, you go through the "password protected" server, and it quite correctly requests a password.
What I do with mrtg is to tell it to use a "stats" directory within my htdocs area so that I can use relative links amoung those pages. A typical mrtg installation looks like:
/opt/Apache/htdocs/netmon <common data & index.html here
/opt/Apache/htdocs/netmon/ run <mrtg scripts & config file here
/opt/Apache/htdocs/netmon/ images <mrtg bitmaps here
/opt/Apache/htdocs/netmon/ dc <generated stats for DC office
/opt/Apache/htdocs/netmon/ servers <generated stats for local servers
Now I can use HREF's relative to the htdocs root for links. The index.html file at the top level has HREF's line
HREF="dc/gateway.html"
HREF="servers/email.html"
And inside one of the subdirs (dc for instance)I can refer back to the top level like:
HREF="../network-layout.ht ml"
Okay so now all the links are relative to the root of the htdocs tree for what ever servername that I use to get to the data.
Does that help?
What I do with mrtg is to tell it to use a "stats" directory within my htdocs area so that I can use relative links amoung those pages. A typical mrtg installation looks like:
/opt/Apache/htdocs/netmon <common data & index.html here
/opt/Apache/htdocs/netmon/
/opt/Apache/htdocs/netmon/
/opt/Apache/htdocs/netmon/
/opt/Apache/htdocs/netmon/
Now I can use HREF's relative to the htdocs root for links. The index.html file at the top level has HREF's line
HREF="dc/gateway.html"
HREF="servers/email.html"
And inside one of the subdirs (dc for instance)I can refer back to the top level like:
HREF="../network-layout.ht
Okay so now all the links are relative to the root of the htdocs tree for what ever servername that I use to get to the data.
Does that help?
ASKER
Dear Jlevie,
I did the root directory of mrtg
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
This is my neth137.net,alcatel.com.hk web site.
Since I also do set mrtg will put all the html files under this directory.
Furthermore, I have five connections
Hongkong, japan, korea, france, china
And they are
For Hongkong: /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/hongkon g
For China: /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/china
For Korea: /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/korea
For France: /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/france
For Japan : /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/japan
One the link to http://neth137.net.alcatel.com.hk/hongkong, it will ask for user name and password etc.
I do mak a virtual host with ip allows
which is
http://netadmin.net.alcatel.com.hk
(Same root directory as above)
Once I go
http://netadmin.net.alcatel.com.hk
It is the root page and when I click the hongkong link, it requires user and password ....
I can I do ? We would like to allow helpdesk to access directly without entering password...
Edmund
I did the root directory of mrtg
/usr/local/mrtg/mrtg-2.8.1
This is my neth137.net,alcatel.com.hk
Since I also do set mrtg will put all the html files under this directory.
Furthermore, I have five connections
Hongkong, japan, korea, france, china
And they are
For Hongkong: /usr/local/mrtg/mrtg-2.8.1
For China: /usr/local/mrtg/mrtg-2.8.1
For Korea: /usr/local/mrtg/mrtg-2.8.1
For France: /usr/local/mrtg/mrtg-2.8.1
For Japan : /usr/local/mrtg/mrtg-2.8.1
One the link to http://neth137.net.alcatel.com.hk/hongkong, it will ask for user name and password etc.
I do mak a virtual host with ip allows
which is
http://netadmin.net.alcatel.com.hk
(Same root directory as above)
Once I go
http://netadmin.net.alcatel.com.hk
It is the root page and when I click the hongkong link, it requires user and password ....
I can I do ? We would like to allow helpdesk to access directly without entering password...
Edmund
ASKER
here is my last part of httpd.conf
NameVirtualHost 202.65.7.140
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName netadmin.net.alcatel.com.h k
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
NameVirtualHost 202.65.7.140
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName neth17.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName netadmin.net.alcatel.com.h
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
Well, naturally if you use the link " http://neth137.net.alcatel.com.hk/hongkong" it should ask for a password. That say to use the server instance "neth137.net.alcatel.com.h k" which is password protected. That's what I've been trying to say about re-arrainging the html pages and their HREF's so that there won't be any of those kinds of links. Could I see the link definitions on the "root page"?
ASKER
root page of http://neth137.net.alcatel.com.hk/hongkong is
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/hongkon g
It has .htaccess
also it apples to the rest of the case.
e.g japan
/usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg/japan
it also has .htaccess
I try your virtualhost method, it seems that it is the same, although it use " AllowOverride None" function, I do not understand as i have limited skill on apache
VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName netadmin.net.alcatel.com.h k
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
Edmund
/usr/local/mrtg/mrtg-2.8.1
It has .htaccess
also it apples to the rest of the case.
e.g japan
/usr/local/mrtg/mrtg-2.8.1
it also has .htaccess
I try your virtualhost method, it seems that it is the same, although it use " AllowOverride None" function, I do not understand as i have limited skill on apache
VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName netadmin.net.alcatel.com.h
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
Edmund
The difference between the two virtual hosts is in the "AllowOverride" directives. They both use the same htdocs definitions, so the both see the same data.
The one that you reach by the link "http://neth137.net.alcatel.com.hk/hongkong" has "AllowOverride Authconfig". That's what causes that server to request a username/passord for any directories protected by an .htaccess file. The "AuthConfig" option enables the use of .htaccess files.
The other server instance "netadmin.net.alcatel.com. hk " has "AllowOverride None" which disables the use of .htaccess files. Since the htdocs definitions are the same for both servers, if you go to the link "http://netadmin.net.alcatel.com.hk/hongkong" you'll find that it doesn't require authentication.
The one that you reach by the link "http://neth137.net.alcatel.com.hk/hongkong" has "AllowOverride Authconfig". That's what causes that server to request a username/passord for any directories protected by an .htaccess file. The "AuthConfig" option enables the use of .htaccess files.
The other server instance "netadmin.net.alcatel.com.
ASKER
No, it does require username and password
ASKER
If this is the thing that we discuss, i think we have the solution .. but it still ask for password, ... any idea ?
I want to make sure that we are on the same track. If you enter http://netadmin.net.alcatel.com.hk/hongkong into your browser as the URL you are getting a prompt for the password?
If that's what's happening, are you sure that your DNS is correct? I can successfully find the nameservers for alcatel.com.hk, but attempting to resolve either of the two virtual hosts (neth137.net.alcatel.com.h k or netadmin.net.alcatel.com.h k) results in a "Non-existent host/domain" error. My guess is that neth137.net.alcatel.com.hk should be an "A" record in the DNS as the hostname of the system. And netadmin.net.alcatel.com.h k should be a CNAME record pointing to neth137.net.alcatel.com.hk .
Check the dns by doing "nslookup neth137.net.alcatel.com.hk " and "nslookup netadmin.net.alcatel.com.h k" on a Unix system. Both should return 202.65.7.140 as the IP address.
If that's what's happening, are you sure that your DNS is correct? I can successfully find the nameservers for alcatel.com.hk, but attempting to resolve either of the two virtual hosts (neth137.net.alcatel.com.h
Check the dns by doing "nslookup neth137.net.alcatel.com.hk
ASKER
Yes they are return the as ip address, otherwise it will not show the webpage at all.
Both of them are internal machine.
Both of them are internal machine.
ASKER
Does it relate to my vitrual host config ?
or .htaccess
AuthUserFile /usr/local/apache/bin/hong
AuthName "Alcanet User name:hongkong"
AuthType Basic
require valid-user
ASKER
Hi Jlevie
I found something, when I disable the first set of virual host, and use
http://netadmin.net.alcatel.com.hk
It works without having username and password
###############Remark the following#########
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName neth137.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
############end #############
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1 2/stats/mr tg
ServerName netadmin.net.alcatel.com.h k
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8. 12/stats/m rtg">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
One more thing that I do not understand is :
when I clieck http://neth137.net.alcatel.com.hk
I still work without having username and password
Edmund
I found something, when I disable the first set of virual host, and use
http://netadmin.net.alcatel.com.hk
It works without having username and password
###############Remark the following#########
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName neth137.net.alcatel.com.hk
<Directory />
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
############end #############
<VirtualHost 202.65.7.140>
DocumentRoot /usr/local/mrtg/mrtg-2.8.1
ServerName netadmin.net.alcatel.com.h
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
<Directory "/usr/local/mrtg/mrtg-2.8.
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 202.65.1.238
</Directory>
</VirtualHost>
One more thing that I do not understand is :
when I clieck http://neth137.net.alcatel.com.hk
I still work without having username and password
Edmund
ASKER
I do check with dns, they can show the same ip address and when I nslookup, it shows they are A type
Uh, are you sure that they are both A records in the DNS? That will appear to work, but it's actually illegal. There can only be one A record for a hostname/IP address. DNS aliases, which is what you need in this case, are created by a CNAME record. Typically the DNS zone file would contain a pair of records something like:
$ORIGIN net.alcatel.com.hk.
....
neth137 IN A 202.65.7.140
netadmin IN CNAME neth137.net.alcatel.com.hk .
That assumes that the "official name" of the machine is neth137.net.alcatel.com.hk .
$ORIGIN net.alcatel.com.hk.
....
neth137 IN A 202.65.7.140
netadmin IN CNAME neth137.net.alcatel.com.hk
That assumes that the "official name" of the machine is neth137.net.alcatel.com.hk
ASKER
Dear jlevie,
I found the error now.
It is because of the webpage, My index page was pointing to neth137.net.alcatel.com.hk , so I did modify to point to netadmin.......
it works now,
But One more thing
How can I set two range of ip in the allow list ?
allow 202.65.7.2 /255.255.255.0 202.65.9.3 /255.255.255.0
I am correct, it looks the first set is working but the second is not
I found the error now.
It is because of the webpage, My index page was pointing to neth137.net.alcatel.com.hk
it works now,
But One more thing
How can I set two range of ip in the allow list ?
allow 202.65.7.2 /255.255.255.0 202.65.9.3 /255.255.255.0
I am correct, it looks the first set is working but the second is not
The index page problem is what I've been trying to get across in my discussions about making the HREF's (links) within a page be relative to the htdocs root rather than relative to the network. My guess is that you had something like:
<A HREF="neth137.net.alcatel. com.hk/usr /local/mrt g/stats/ho nkong.html ">Honkong< /A>
in one of the pages. That naturally takes you to the password protected server. Now you don't want to change the link to netadmin.net.alcatel.com.h k because that will let those who should get a password prompt get to the page without authenticating.
The solution is to make all of the data and mrtg stats areas as sub-dirs of the htdocs directory. Then the link would look like:
<A HREF="stats/honkong.html"> Honkong</A >
Note that there's no server name in the link. What happens in this case is that a user that gets to the site via neth137 will be prompted for a password, but a user who goes to the site via netadmin won't be asked for a password. It works that way because the browser actually asks for the page with the site name as a part of the URL, so Apache sees either neth137.net.alcatel.com.hk /stats/hon kong.html or netadmin.net.alcatel.com.h k/stats/ho nkong.html , depending on which site they first went to.
If you want to allow two IP's access the netadmin site use:
AllowFrom 202.65.7.2 202.65.9.3
If you wanted anyone in each of those networks to access the site you'd use:
AllowFrom 202.65.7 202.65.9
--or--
AllowFrom 202.65.7.0/255.255.255.0 202.65.9.0/255.255.255.0
<A HREF="neth137.net.alcatel.
in one of the pages. That naturally takes you to the password protected server. Now you don't want to change the link to netadmin.net.alcatel.com.h
The solution is to make all of the data and mrtg stats areas as sub-dirs of the htdocs directory. Then the link would look like:
<A HREF="stats/honkong.html">
Note that there's no server name in the link. What happens in this case is that a user that gets to the site via neth137 will be prompted for a password, but a user who goes to the site via netadmin won't be asked for a password. It works that way because the browser actually asks for the page with the site name as a part of the URL, so Apache sees either neth137.net.alcatel.com.hk
If you want to allow two IP's access the netadmin site use:
AllowFrom 202.65.7.2 202.65.9.3
If you wanted anyone in each of those networks to access the site you'd use:
AllowFrom 202.65.7 202.65.9
--or--
AllowFrom 202.65.7.0/255.255.255.0 202.65.9.0/255.255.255.0
ASKER
Yes it works this way,
but one thing that I do not understand is :
when I click
http://neth37.net.alcatel.com.hk
I will show me the web. ( It is with proxy setting under ie/ netscape)
However, when I click
http://netadmin.net.alcatel.com.hk/netadmin.html
(With proxy setting under ie/netscape)
It will show
You don't have permission to access /netadmin.html on this server.
Apache/1.3.9 Server at netadmin.net.alcatel.com.h k Port 80
However if I disable the proxy, it works again !!!!!
How come ?
neth137.net.alcatel.com.hk is ok for prxoy/without proxy. but netadmin does not ....
but one thing that I do not understand is :
when I click
http://neth37.net.alcatel.com.hk
I will show me the web. ( It is with proxy setting under ie/ netscape)
However, when I click
http://netadmin.net.alcatel.com.hk/netadmin.html
(With proxy setting under ie/netscape)
It will show
You don't have permission to access /netadmin.html on this server.
Apache/1.3.9 Server at netadmin.net.alcatel.com.h
However if I disable the proxy, it works again !!!!!
How come ?
neth137.net.alcatel.com.hk
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got it ..
Thank you very very much
May be we can keep in touch each other..
my email is : edmund.li@alcatel.com.hk
Edmund
Thank you very very much
May be we can keep in touch each other..
my email is : edmund.li@alcatel.com.hk
Edmund
ASKER
A lot of afford has been put in from Jlevie
Thanks
Thanks
Tho only way that occurs to me to bypass the authentication requirement would be to create a virtual server, restricted to just the machine(s) that the help desk/administator uses, that doesn't apply the .htaccess files.