Apache authentication except localhost
You need to look at the order
and satisfy
keywords. Working example from my website is below. First we tell that we accept either the IP or USER. Then we define htpasswd file path and that we accept any valid user from that file. Finally we define which client IP addresses can access our web without auth (we deny all other IPs, so that they must auth via htpasswd).
# permit by USER || IPSatisfy any# USERAuthUserFile /var/www/munin/.htpasswdAuthGroupFile /dev/nullAuthName "Password Protected Area"AuthType Basicrequire valid-user# IPorder deny,allowdeny from allallow from 11.22.33.
In Apache 2.4, allow
, deny
and satisfy
are not used anymore, IP address restriction is also done with require
now:
AuthUserFile /path/to/.htpasswdAuthName "Restricted Access"AuthType BasicRequire ip 127.0.0.1Require valid-user
If any of the "Require" directives are fulfilled, the request is allowed. If you want to require both, group them in a <RequireAll>
block.
For restriction to local access you can use the special syntax Require local
instead of Require ip 127.0.0.1
Read more: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require