• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Apache Authorization: Valid IP or Password (GET requests only)

I have a list of IP address ranges for people who should be granted access to the website.

Everybody else should be required to enter a password.

However, all requests sent method=post should be allowed.  Only GET requests should require a password or valid IP.

I understand that this is NOT secure however I  don't need this for security reasons.
0
hankknight
Asked:
hankknight
1 Solution
 
Steve BinkCommented:
You need the <Limit> directive:

http://httpd.apache.org/docs/2.2/mod/core.html#limit

>>>  I  don't need this for security reasons.

Hrrmmm...that's what passwords are for, yes?  To protect content from unauthorized access?  Remember, all it takes is one smart idiot.
0
 
hankknightAuthor Commented:
So:
<Limit GET>
AuthName "Authorization Required"  
AuthUserFile "/home/html/.htpasswd"  
AuthType Basic  
Require valid-user  
Order allow,deny 
Allow from 11.22.33  
Allow from 22.22.33.44  
Allow from 55.44.33.22  
Satisfy Any
</Limit>

Open in new window

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now