apache_auth
Apache Authentication
Apache 2.2.x and 2.4.x differ in their configuration for Basic authentication.
Apache 2.2.x
<Location /administrator/index.php> Order Deny,Allow Deny from all Allow from x.x.x.x x.x.x.x x.x.x.x/24 x.x.x.x/29 AuthType Basic AuthName "Restricted Aria" AuthUserFile "/etc/htpasswd/.goldhillfinance.htpasswd" Require valid-user Satisfy All </Location>
| Directive | Explanation |
|---|---|
| Order Deny, Allow | The deny rules are applied first, THEN the Allow rules are applied. |
| Deny from all | This denies EVEYONE access |
| Allow from | This directive now allows certain IPs |
| Require valid-user | This directive can be changes to a specific user name etc. But valid-user means it must match a user/password combination specified in the htpasswd |
| Satisfy All | This means everything above has to be verified. It MUST have an allowed IP AND a correct user/password combination “Satisfy any” would allow for a match of just 1 of the above security measures (IP or user/password) |
apache_auth.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1