exclude IP address from authentication in Apache

SiemensSEN
SiemensSEN used Ask the Experts™
on
Hello,
  I have a web site that is protected by radius. When the user tried to access a page they are prompted to enter the ID and pass. The webserver is Apache.

I would link to exclude the authentication for an IP address/range (172.xx). How would I do this.

<Location /mwiki>
  DirectoryIndex index.php
  AllowOverride AuthConfig
  AuthType Basic
  AuthName "ESYPass authorization credentials"
  AuthAuthoritative off
  AuthRadiusAuthoritative on
  AuthRadiusCookieValid 720
  AuthRadiusActive On
  require valid-user
 ErrorDocument 401 /esypass/helpme.html
</Location>

Thanks for your help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I'm not sure you can combine authentication methods, but you can certainly try.

Add the line:

  Allow from 172

before your 'AuthType Basic' line and restart the web server for it to take effect. Then give it a try.

 -- http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html --

Author

Commented:
Thanks but it did not work. So, there is no method to exclude an ip addess from the authentication
I don't know anything about the Radius authentication system, but perhaps there is a way to configure it to achieve what you want.

Another possibility is to set up a VirtualHost using the same DocumentRoot and only allowing your designated IP addresses access to it.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
I think the second option is what I wanted. is it possible to provide some hints on how to set up the virtual host and should it be inserted in the conf file before the location block.

Thanks for your help
You would probably use something like what I have below. Note that the ServerName will have to be different from your real hostname, So the sample is using www2 instead of www as an example. You will have to restart the httpd service after making the changes.

<VirtualHost *:80>
    DocumentRoot same_path_as_your_normal_server
    ServerName www2.your_domain.com

  <Directory /mwiki>
     Order allow,deny
     Allow from 172
     Deny from all
  </Directory>

</VirtualHost>
Top Expert 2010
Commented:
Hi, "TRW-Consulting" was half way there in addition to the Allow you also require a Satisfy Any directive e.g.

...
  Require valid-user
  Allow from 172
  Satisfy Any
  ErrorDocument 401 /esypass/helpme.html
</Location>

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial