• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Apache Authorization: Valid IP or Password (GET requests only)

I have a list of IP address ranges for people who should be granted access to the website.

Everybody else should be required to enter a password.

However, all requests sent method=post should be allowed.  Only GET requests should require a password or valid IP.

I understand that this is NOT secure however I  don't need this for security reasons.
1 Solution
Steve BinkCommented:
You need the <Limit> directive:


>>>  I  don't need this for security reasons.

Hrrmmm...that's what passwords are for, yes?  To protect content from unauthorized access?  Remember, all it takes is one smart idiot.
hankknightAuthor Commented:
<Limit GET>
AuthName "Authorization Required"  
AuthUserFile "/home/html/.htpasswd"  
AuthType Basic  
Require valid-user  
Order allow,deny 
Allow from 11.22.33  
Allow from  
Allow from  
Satisfy Any

Open in new window


Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now