Authenticate http requests EXCEPT for from this IP

apache-2.2 authentication httpd
5,558

"satisfy any" is indeed what you need to use. There is a good example on the Apache wiki. To quote directly from that source:

<Directory /home/www/site1/private>
  AuthUserFile /home/www/site1-passwd
  AuthType Basic
  AuthName MySite
  Require valid-user
  Order allow,deny
  Allow from 172.17.10
  Satisfy any
</Directory>
Share:
5,558

Related videos on Youtube

Bill Weiss
Author by

Bill Weiss

Part time sysadmin, part time security person. Sometimes I herd them, sometimes they herd me.

Updated on September 17, 2022

Comments

  • Bill Weiss
    Bill Weiss almost 2 years

    I've got Nagios running on a server here (CentOS 5.3 w/ Apache 2.2.3-22.el5.centos) authenticating to my LDAP server, and all works well. However, I'd like to have some IP able to see the Nagios status page without authenticating. Nagios has this option to assign a user to someone who doesn't auth:

    authorized_for_read_only=guest
default_user_name=guest

    Which sounds right, but that doesn't take care of the Apache authentication. My current apache config looks like:

    <Directory "/usr/lib64/nagios/cgi">
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/misc/htpasswd.users
   Require valid-user

   AuthBasicProvider file ldap
   AuthzLDAPAuthoritative off
   AuthBasicAuthoritative On
   AuthLDAPGroupAttribute LDAPmember
   AuthLDAPURL (my server stuff)
   Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>

    That's working, but I'd like some way to say "this IP over here, he can skip that auth stuff". The Apache Satisfy directive looks like it would work, so I tried this:

    <Directory "/usr/lib64/nagios/cgi">
   AllowOverride None
   Order allow,deny
   Allow from (IP)  <---- changed
   Deny from all    <---- changed
   Satisfy any      <---- changed
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/misc/htpasswd.users
   Require valid-user

   AuthBasicProvider file ldap
   AuthzLDAPAuthoritative off
   AuthBasicAuthoritative On
   AuthLDAPGroupAttribute LDAPmember
   AuthLDAPURL (my server stuff)
   Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>

    But it didn't change the behavior of the site. Thoughts? "Works for me"s? Pointers to appropriate upgrade notes saying that I'd get around this problem if I got around to upgrading my server? :)

    ---- update w/ answer ----

    I took out the file-or-LDAP stuff, and satisfy worked for me. I was probably doing something wrong in there, but whatever, it works now. Here's what my final config looks like:

    <Directory "/usr/lib64/nagios/cgi">
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from 192.168.42.213
   Satisfy any
   AuthName "Nagios Access"
   AuthType Basic

   AuthBasicProvider ldap
   AuthzLDAPAuthoritative off
   AuthBasicAuthoritative On
   AuthLDAPGroupAttribute LDAPmember
   AuthLDAPURL (my server stuff)
   Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
  • Bill Weiss
    Bill Weiss almost 14 years
    I decided to start paring my config down, and it worked! Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to configure basic authentication in Apache httpd virtual hosts?
How can I install httpd 2.2 in /etc/ directory in CentoOS 7
Best Apache & MySQL config for 16GB and 8 Cores
How to add /home/user/public_html as virtual host in apache - centos
Running CGI With Perl under Apache Permission Problem
Apache Reverse Proxy for Sharepoint Remembers Credentials
AH00027: No authentication done error after upgrading from Apache 2.2 to 2.4
High RAM usage by Apache without any visitors
'txn-current-lock': Permission denied [500, #13] - Subversion + Apache Configuration Issue
SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0