Apache basic authentication except for those Allowed

If your server is behind a proxy, you can't rely on the Require ip directly. However, you can use the Require env:

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    SetEnvIF X-Forwarded-For "22.33.44.55" AllowIP

    <RequireAny>
      Require env AllowIP
      Require valid-user
    </RequireAny>

</Directory>

The source of the idea

This is how it's done for Apache 2.4+ (since Satisfy Any is no longer supported).

<Directory /var/www/files/>

    AuthType Basic
    AuthName "Please enter your username and password"
    AuthUserFile /var/www/files/.htpasswd

    <RequireAny>
      Require ip 22.33.44.55
      Require valid-user
    </RequireAny>

</Directory>

If you want to require both IP address -and- Login/Password, change <RequireAny> to <RequireAll>

I hope this helps someone - as it took me a while to figure it out.

edit: this may be accepted answer, but old. For new Apache installs, use Brians answer here

Add this: Satisfy Any (which means either of those 2 should be passed).

And the syntax is either:

Require valid-user

Or:

Require user <userid>

Apache basic authentication except for those Allowed

Tags:

Apache

Authentication

Basic Authentication

Related

Recent Posts